How can I pull non-default properties from active directory using get-adgroupmember
7,922
Solution 1
If you really like one-liners:
Get-ADGroup -Filter {displayName -eq 'groupName'} | Get-ADGroupMember |Foreach-Object {Get-ADUser -Identity $($_.SID) -Properties name,sn,givenName,otherTelephone} | Format-Table name,sn,givenName,otherTelephone
If you want to manipulate the User objects further, you might want to store them in an array:
$Group = Get-ADGroup -Filter {displayName -eq 'groupName'}
$Members = Get-ADGroupMember -Identity $Group
$Users = @()
Foreach-Object -InputObject $Members -Process {$Users += (Get-ADUser -Identity $_.SID -Properties *)}
$Users | Format-Table name,sn,givenName,otherTelephone
Solution 2
There is a Properties parameter you can specify to retrieve extended properties. Here's some examples from the TechNet documentation:
# Retrieve and display the list of all the properties for an ADGroup object
Get-ADGroup -Identity Administrators -Properties *| Get-Member
# To retrieve the extended properties "OfficePhone" and "Organization" and
# the default properties of an ADUser object named "SaraDavis"
GetADUser -Identity SaraDavis -Properties OfficePhone,Organization
# To retrieve the properties with LDAP display names of "otherTelephone" and
# "otherMobile", in addition to the default properties for the same user
GetADUser -Identity SaraDavis -Properties otherTelephone,otherMobile | Get-Member
Author by
Madhu Cheluvaraju
I put this in here to get the autobiographer badge. I'm sure you understand, and am technically not cheating as you now know what kind of person I am.
Updated on September 18, 2022Comments
-
Madhu Cheluvaraju over 1 year
When I run:
get-adgroup -filter {displayname -eq 'groupname'} | get-adgroupmember | format-table name, surname, givenname, officephone
The only field that returns is a default property "name". The rest show blank.
-
kralyk over 10 yearsI know you said Powershell, but does it need to be PS? Would a gui tool suffice?
-
Madhu Cheluvaraju over 10 yearsTheCleaner - There's a lot of red tape with getting software approved for use.
-
-
Madhu Cheluvaraju over 10 yearsI don't mind doing it in two commands. Currently, I can store the list of users with: get-adgroup -f {displayname -eq 'groupname'} | get-adgroupmember | select-object samaccountname
-
user596502 over 10 yearsMathias, I replaced the foreach alias (%) with the actual CmdLet. We want to make code as readable as possible, also for PowerShell beginners.
-
Mathias R. Jessen over 10 years@Trondh Great idea! -
Madhu Cheluvaraju over 10 yearsSorry, I didn't understand your answer. Makes sense now.
