Get-adgroupmember FSP accounts issue

All replies

• 

  

  0

  Sign in to vote

  Do you guys know any alternative solution for the issue with get-adgroupmember when trying to get deleted FSP objects without removing its membership from the group?

  I have just found solutions suggesting to delete the objects but I am trying to avoid that. 

  Same issue seen here: 

  https://social.technet.microsoft.com/Forums/windowsserver/en-US/02d25a30-4126-49c4-a672-5f48655a4f12/getadgroupmember-and-foreign-security-principal?forum=winserverpowershell

  Hi,

  If the workaround in this thread is not work for you:

  Advice with get-adgroupmember

  https://social.technet.microsoft.com/Forums/scriptcenter/en-US/07e7595a-9e7d-43ed-a147-c8591adb1fb2/advice-with-getadgroupmember?forum=ITCG

  I think delete the old object is the last thing we can do.

  ---

  Best Regards
  Cartman
  Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

  Monday, June 26, 2017 6:34 AM
• 

  

  0

  Sign in to vote

  Hi Cartman, that´s the workaroud I ended up having to do:

  $s = [adsisearcher]'(&(objectCategory=group)(cn=GroupCN))'
  $r = $s.findone()
  
  $r.properties.member

  Running that command it brings me all the members, and the external with their SSID. I translate the SSID to SamaccountName and then the ones that fail to translate, they would be the orphan ones... I can just ignore them then... Thanks for the help

  • Marked as answer by tiago_me Monday, June 26, 2017 10:44 AM

  Monday, June 26, 2017 10:44 AM