However what if your security group has nested groups and users. Then those nested groups may also have additional nested groups and users. What does that query look like? How do you find all the members?
Suppose I have the following Example
•TopLevelGroup -- Global Security Group
◦TopLevel -- User
◦TopLevel2 - User2
◦Nested1 - Global Security Group
Nested1 Members
■Nested User
■Nested User 2
■InsideNested - Global Security Group
InsideNested Members
■InsideNested1
There are several ways to do this, I'm not saying these are the only methods but these are three examples that work.
The first method is to use the PowerShell. For this example you will need the Quest AD Cmdlets. Thanks to MVP Dmitry Sotnikov for the Quest cmdlets.
Get-QADGroupMember "Group Name" -indirect
The second method is using ADFIND by MVP Joe Richards
adfind -default -bit -f "memberof:1.2.840.113556.1.4.1941:=DN of Group" samaccountname -nodn
More on that query here
Now on to method three. Some people (especially in classified networks) can't install the Quest cmdlets or adfind (or any third party tool)
The Microsoft DStools can be used. For this example I'll use dsquery and dsget
dsquery group -samid "group name" | dsget group -members -expand
موضوعات مشابه: