This forum has migrated to Microsoft Q&A. Visit Microsoft Q&A to post new questions.

Remove From My Forums

Export groups from ntds database mounted with dsmain

Question
0

Sign in to vote

Hi I have this script i use to export groupmembers from groups before i empty them.

$groups = Get-Content c:\temp\grouplist.txt

$resultsarray =@()

foreach ($group in $groups) {
$resultsarray += Get-ADGroupMember -Id $group -server "127.0.0.1:11389" | select samaccountname,distinguishedname,memberof,@{Expression={$group};Label="Group Name"}

}

$resultsarray| Export-csv -path c:\temp\grouplistresult.txt -notypeinformation

I have tried to ad -server "127.0.0.1:11389" or "Localhost:11389" so i can export groupmembers from snapshot and backups but it dont work

I hope some one can help me

/Peter :-)

Friday, June 2, 2017 9:58 AM

All replies

0

Sign in to vote
Hi Peter,

>>I have tried to ad -server "127.0.0.1:11389" or "Localhost:11389" so i can export groupmembers from snapshot and backups but it dont work

What error did you get?

Try this:

get-adgroup -server localhost:11389-filter {GroupScope -eq "DomainLocal"} -SearchBase "DC=AppNC" | get-adgroupmember
https://technet.microsoft.com/en-us/library/ee617193.aspx

Best regards,

Andy
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
Monday, June 5, 2017 10:06 AM
0

Sign in to vote

Hi Andy

First thank you for you reply

The original error message was

Get-ADGroupMember : One or more properties are invalid.
At line:2 char:37
+   $resultsarray += Get-ADGroupMember <<<< -Id $group -server "127.0.0.1:11389" | select samaccountname,distinguished
name,memberof,@{Expression={$group};Label="Group Name"}
    + CategoryInfo          : InvalidArgument: (Remote Assistance Helpers:ADGroup) [Get-ADGroupMember], ArgumentException
    + FullyQualifiedErrorId : One or more properties are invalid.,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember

The command you posted works fine if i don't ad get-adgroupmember

If i do i get the following error message

Get-ADGroupMember : One or more properties are invalid.
At line:1 char:139
+ get-adgroup -server localhost:11389 -filter {GroupScope -eq "Domainlocal"} -SearchBase "OU=groups,DC=xxxxx,DC=kom
" | get-adgroupmember <<<<
    + CategoryInfo          : InvalidArgument: (CN=SEC_Team_Tra...xxxx,DC=com:ADGroup) [Get-ADGroupMember], ArgumentException
    + FullyQualifiedErrorId : One or more properties are invalid.,Microsoft.ActiveDirectory.Management.Commands.GetADGroupMember

I'm running AD forest level 2003 on Windows 2008 R2.

Best Regards,

Peter

Tuesday, June 6, 2017 9:56 AM
0

Sign in to vote
Hi,

>>The command you posted works fine if i don't ad get-adgroupmember

Leave Get-adgroupmember alone.

Try this:

$groups = get-adgroup -server localhost:11389-filter {GroupScope -eq "DomainLocal"} -SearchBase "DC=AppNC" foreach($group in $groups) { Get-ADGroupMember -LDAPFilter "(name=xxx*)" -SearchScope Subtree -SearchBase "DC=NA,DC=fabrikam,DC=com" }

Best regards,

Andy
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
Tuesday, June 6, 2017 10:06 AM
0

Sign in to vote

Hi,

Tried to upgrade to management pack 5.1 but still got this error.

PS C:\Users\Administrator> $groups = get-adgroup -server localhost:11389 -SearchBase "DC=mydomain,DC=com"

cmdlet Get-ADGroup at command pipeline position 1
Supply values for the following parameters:
(Type !? for Help.)
Filter: foreach($group in $groups)
get-adgroup : Error parsing query: 'foreach($group in $groups)' Error Message: 'syntax error' at position: '8'.
At line:1 char:11
+ $groups = get-adgroup -server localhost:11389 -SearchBase "DC=mydomain ...
+           ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : ParserError: (:) [Get-ADGroup], ADFilterParsingException
    + FullyQualifiedErrorId : Error parsing query: 'foreach($group in $groups)' Error Message: 'syntax error' at posit
   ion: '8'.,Microsoft.ActiveDirectory.Management.Commands.GetADGroup

PS C:\Users\Administrator> {
>>   Get-ADGroupMember -LDAPFilter "(name=administrators)" -SearchScope Subtree -SearchBase "DC=mydomain,DC=com"
>> }
>>

Best regards,

Peter

Wednesday, June 7, 2017 6:00 AM
0

Sign in to vote

What is management pack 5.1?

Get-AdGroup requires an identity or a filter parameter. That is what the error is trying to tell you.

Start by reviewing the help for the CmdLets you are using:

help Get-AdGroup -full

\_(ツ)_/

Wednesday, June 7, 2017 6:06 AM
0

Sign in to vote
Get-AdGroup -filter "GroupScope -eq 'DomainLocal'" -server localhost:11389| Get-ADGroupMember

Too many filters a searchbases.

\_(ツ)_/
- Proposed as answer by Hello_2018 Tuesday, June 13, 2017 4:30 AM
Wednesday, June 7, 2017 6:09 AM
0

Sign in to vote

The patch you aply to upgrade powershell from a provenus version to powershell 5.0 eg. on Windows 2008 R2

Thursday, June 8, 2017 5:55 AM
0

Sign in to vote

Do you mean WMF 5.1? It is an update and not a patch.

What does that to have with AD?

You seem to getting numerous "syntax" errors so their appears to be a basic problem with your computer. Perhaps try you code on a different machine.
\_(ツ)_/

Thursday, June 8, 2017 6:36 AM
0

Sign in to vote
Hi Pesko69,

>>The patch you aply to upgrade powershell from a provenus version to powershell 5.0 eg. on Windows 2008 R2

Jrv's codes should work.

Besides, i also suggest you could try using: csvde.exe or ldifde.exe commands to export data from snapshots:

Detailed usage, please refer to links below:

https://technet.microsoft.com/en-us/library/cc732101(v=ws.11).aspx

https://technet.microsoft.com/en-us/library/cc731033(v=ws.11).aspx

Best regards,

Andy
Please remember to mark the replies as answers if they help.
If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
- Proposed as answer by Hello_2018 Thursday, June 22, 2017 7:00 AM
Thursday, June 8, 2017 6:37 AM