Listing users in ad group recursively with powershell script without CmdLets

Question

I\'m trying to list everyone in a security group in an active directory without using CmdLets in PowerShell. The weird thing with my script is that it works if I list the en

Answer 1

Here is something working in an Active-Directory 2003 SP2 and 2008 R2. I use ADSI and Microsoft LDAP_MATCHING_RULE_IN_CHAIN. It Search recursively (but in one query) all the users from a group (be careful it return users from security and distributions group)

Clear-Host
$dn = New-Object System.DirectoryServices.DirectoryEntry ("LDAP://WM2008R2ENT:389/dc=dom,dc=fr","jpb@dom.fr","PWD")

# To find all the users member of groups "MonGrpPlusSec"  : 
# Set the base to the groups container DN; for example root DN (dc=societe,dc=fr)  
# Set the scope to subtree 
# Use the following filter : 
# (member:1.2.840.113556.1.4.1941:=CN=MonGrpPlusSec,OU=ForUser1,DC=dom,DC=fr) 

$dsLookFor = new-object System.DirectoryServices.DirectorySearcher($dn)
$dsLookFor.Filter = "(&(memberof:1.2.840.113556.1.4.1941:=CN=MonGrpPlusSec,OU=ForUser1,DC=dom,DC=fr)(objectCategory=user))"; 
$dsLookFor.SearchScope = "subtree"; 
$n = $dsLookFor.PropertiesToLoad.Add("cn"); 
$n = $dsLookFor.PropertiesToLoad.Add("distinguishedName");
$n = $dsLookFor.PropertiesToLoad.Add("sAMAccountName");

$lstUsr = $dsLookFor.findall()
foreach ($usrTmp in $lstUsr) 
{
  Write-Host $usrTmp.Properties["samaccountname"]
}