none
AD Group Member Issue RRS feed

  • Question

  • Hello every one. I have a requirement to get the members list from a group, where the group consist local users and foreign users i.e users of other domain. But when I try using 

    Get AD-Groupmember -identity "samplegroup"

    I am getting the following error:-

    Get-ADGroupMember : An unspecified error has occurred
    At line:1 char:1
    + Get-ADGroupMember -Identity "samplegroup"
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (samplegroup)  
       [Get-ADGroupMember], ADException
        + FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.M 
       anagement.Commands.GetADGroupMember

    I tried searching in forums for a resolution i found some but i didn't get the required output:

    for eg:- 

     

    Get-ADGroup -Identity samplegroup -Properties Members | Select-Object -ExpandProperty Members | Get-ADObject

    But the output i got is 

    CN=S-1-5-21-18635... S-1-5-21-18635631... foreignSecurityPr... aec92f47-19e0-4d...

    and i got some errors including the above output which is showing me the user names(The output which i need are visible in the errors):-

     
    Get-ADObject : Cannot find an object with identity: 'CN=abhi/79,CN=Users,DC=micro,DC=ps' under: 'DC=auto,DC=i'.
    At line:1 char:112
    + ... erty Members | Get-ADObject
    +                    ~~~~~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (CN=abhi/79...micro,DC=i: 
       ADObject) [Get-ADObject], ADIdentityNotFoundException
        + FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Man 
       agement.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Comm  
      ands.GetADObject 

    Monday, July 23, 2018 10:28 AM

Answers

All replies

  • This gets you the name of each member of the group "samplegroup". Is this what you require?
    Get-ADGroupMember -Identity "samplegroup" | Select -ExpandProperty Name

    Monday, July 23, 2018 10:54 AM
  • Hello,

    I tried the above command and it throws me the following error.

    Get-ADGroupMember : An unspecified error has occurred
    At line:1 char:1
    + Get-ADGroupMember -Identity "sample" | Select 
    -ExpandPropert ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (FG_BIOSAS_GR_BO25380-Write:ADGroup)  
       [Get-ADGroupMember], ADException
        + FullyQualifiedErrorId : ActiveDirectoryServer:0,Microsoft.ActiveDirectory.M 
       anagement.Commands.GetADGroupMember

    As i have mentioned the issue above that the group have both foreign and Local users So when i use get-adgroupmember command i am getting the above mentioned error.

    Note: I have changed the group name as per my AD inventory.


    • Edited by Abhi79 Monday, July 23, 2018 11:08 AM
    Monday, July 23, 2018 11:07 AM
  • Hi Abhi,

    This issue might occur, because the accounts of the foreign users in that group have been removed from the other domain.

    Please refer to Get-ADGroupMember returns error for domain local group to members from remote forests for details and a resolution.

    • Marked as answer by Abhi79 Monday, July 23, 2018 1:24 PM
    Monday, July 23, 2018 11:29 AM
  • Thanks John Seerden. I addition to your answer i have one more method where we can execute a cmd command on DC which gives you list of users(including foreign users) in a group.

    Command :- 

    net localgroup "Groupname"

    This command only works when you execute on DC 

    • Marked as answer by Abhi79 Monday, July 23, 2018 1:24 PM
    Monday, July 23, 2018 1:24 PM