Search AD with PowerShell without using AD module (RSAT)

3
votes

ActiveDirectory module comes with Remote Server Administration Tools (RSAT). I would like to avoid the installation of RSAT on PC client. Is there a way to retrieve members of AD group without using Active Directory module?

1
powershellactive-directory
Active Directory is actually just LDAP + Kerberos under the hood. You can use any standard LDAP tool to query the directory. - Jonathon Reinhart
I need to use PowerShell for that (without any other additional libraries/modules). - Sharpowski

1 Answers

7
votes

You could use [ADSI] to do an LDAP lookup:

$Group = [ADSI]"LDAP://CN=DistinguishedNameofGroup,DC=Example,DC=com"
$Group.Member

Alternatively you could use the DirectoryServices.DirectorySearcher class:

$Search = New-Object DirectoryServices.DirectorySearcher("(&(objectCategory=group)(name=ExampleGroupName))")
$Results = $Search.FindAll()
$Results.Properties["Member"]

#As a one liner
([System.DirectoryServices.DirectorySearcher]"(&(objectCategory=group)(name=ExampleGroupName))").FindAll().Properties["Member"]