Hi Cartman, that´s the workaroud I ended up having to do:
$s = [adsisearcher]'(&(objectCategory=group)(cn=GroupCN))'
$r = $s.findone()
$r.properties.member
Running that command it brings me all the members, and the external with their SSID. I translate the SSID to SamaccountName and then the ones that fail to
translate, they would be the orphan ones... I can just ignore them then... Thanks for the help