Powershell offers a number of Active Directory (AD for short) commandlets to make an AD admin’s life a little easier. For example, if you need to get a list of members from an AD group, you can use something like:
Get-ADGroupMember -Identity 'Enterprise Admins' -Recursive
The problem is that this doesn’t work everywhere. The ActiveDirectory module is not a “normal” one you can install with Install-Module; instead, you need to install a Windows feature, either from Control Panel or by using the Add-WindowsCapability commandlet.
But you don’t have to use this module. You can use something that’s available everywhere, the adsiSearcher type accelerator.
So here are a couple of scripts I came up with (credits where they’re due). The first searches through all groups, finds all the ones that match a string and lists all their members.
## Source: DotJim blog (https://dandraka.com)# Jim Andrakakis, January 2024# Updated April 2026 to add regex# Thanks to Diego for the inspiration!# # ===== Parameters ===== param( # use either a substring or a regex # e.g. AccountingGroup\d\d would match # AccountingGroup01, AccountingGroup02 etc [string]$searchString = 'accounting', # if true, lists all group members [bool]$listMembers = $true, # if true, regards the searchString as regex # if false, does a simple substring match [bool]$useRegEx = $false) # ======================Clear-Host$ErrorActionPreference = 'Stop'# === Get all groups ===$objSearcher = [adsisearcher]'(&(objectCategory=group))'$objSearcher.PageSize = 20000 # may need to adjust, though should be enough for most cases# specify properties to include$colProplist = "name"foreach ($i in $colPropList) { $objSearcher.PropertiesToLoad.Add($i) | out-null } $colResults = $objSearcher.FindAll()foreach ($objResult in $colResults) { #group name $group = $objResult $groupname = ($objResult.Properties).name if ($useRegEx) { if (-not ($groupname[0] -match $searchString)) { continue } } else { if (-not ($groupname[0].ToLower().Contains($searchString.ToLower()))) { continue } } Write-Host "* $groupname [$($group.Path)]" if ($listMembers) { $Group = [ADSI]$group.Path $groupMembers = $Group.Member if ($groupMembers.Count -eq 0) { Write-Host "`t(No members)" continue } $groupMembers | ForEach-Object { $Searcher = [adsisearcher]"(distinguishedname=$_)" $member = $searcher.FindOne() $userName = $member.Properties.samaccountname $name = $member.Properties.displayname Write-Host "`t[$userName]`t$name" } }}
The second displays all details of all users whose name matches a substring.
## Source: DotJim blog (https://dandraka.com)# Jim Andrakakis, January 2024# # ===== Parameters ===== param( [string]$searchString = 'Papadomanolakis') # ====================== Clear-Host$ErrorActionPreference='Stop' # === Get all groups ===$objSearcher=[adsisearcher]"(&(objectClass=user)(displayname=*$($searchString)*))"$objSearcher.PageSize = 20000 # may need to adjust, though should be enough for most cases#$objSearcher.FindOne().Properties.Keys$objSearcher.FindAll() | % { $_.Properties }
And the third one is a brilliant one-liner by Jos Lieben that lists all groups of a user.
$userName = $env:USERNAME # change if different user needed([ADSISEARCHER]"(member:1.2.840.113556.1.4.1941:=$(([ADSISEARCHER]"samaccountname=$userName").FindOne().Properties.distinguishedname))").FindAll().Properties.distinguishedname -replace '^CN=([^,]+).+$','$1'
Hope that helps. Enjoy! 😊
Dot Jim 