locked
Get-adgroupmember FSP accounts issue RRS feed

  • Question

  • Do you guys know any alternative solution for the issue with get-adgroupmember when trying to get deleted FSP objects without removing its membership from the group?

    I have just found solutions suggesting to delete the objects but I am trying to avoid that. 

    Same issue seen here: 

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/02d25a30-4126-49c4-a672-5f48655a4f12/getadgroupmember-and-foreign-security-principal?forum=winserverpowershell

    • Edited by tiago_me Friday, June 23, 2017 2:50 PM
    Friday, June 23, 2017 2:44 PM

Answers

  • Hi Cartman, that´s the workaroud I ended up having to do:

    $s = [adsisearcher]'(&(objectCategory=group)(cn=GroupCN))'
    $r = $s.findone()
    
    $r.properties.member

    Running that command it brings me all the members, and the external with their SSID. I translate the SSID to SamaccountName and then the ones that fail to translate, they would be the orphan ones... I can just ignore them then... Thanks for the help

    • Marked as answer by tiago_me Monday, June 26, 2017 10:44 AM
    Monday, June 26, 2017 10:44 AM

All replies

  • Do you guys know any alternative solution for the issue with get-adgroupmember when trying to get deleted FSP objects without removing its membership from the group?

    I have just found solutions suggesting to delete the objects but I am trying to avoid that. 

    Same issue seen here: 

    https://social.technet.microsoft.com/Forums/windowsserver/en-US/02d25a30-4126-49c4-a672-5f48655a4f12/getadgroupmember-and-foreign-security-principal?forum=winserverpowershell

    Hi,

    If the workaround in this thread is not work for you:

    Advice with get-adgroupmember

    https://social.technet.microsoft.com/Forums/scriptcenter/en-US/07e7595a-9e7d-43ed-a147-c8591adb1fb2/advice-with-getadgroupmember?forum=ITCG

    I think delete the old object is the last thing we can do.


    Best Regards
    Cartman
    Please remember to mark the replies as an answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com

    Monday, June 26, 2017 6:34 AM
  • Hi Cartman, that´s the workaroud I ended up having to do:

    $s = [adsisearcher]'(&(objectCategory=group)(cn=GroupCN))'
    $r = $s.findone()
    
    $r.properties.member

    Running that command it brings me all the members, and the external with their SSID. I translate the SSID to SamaccountName and then the ones that fail to translate, they would be the orphan ones... I can just ignore them then... Thanks for the help

    • Marked as answer by tiago_me Monday, June 26, 2017 10:44 AM
    Monday, June 26, 2017 10:44 AM