New group membership cmdlets

One of the most exciting set of features in our AD cmdlets 1.2 is the one related to various group membership operations. (See full what’s new in AD cmdlets 1.2 by the way.)

This includes both the new Get-QADMemberOf cmdlet, and a few membership-related parameters in other cmdlets. Let me give you a few examples of how they work.

Get-QADMemberOf cmdlet lets you find groups to which a particular object (user, group, computer) belongs. For example:

# Find all my direct group membership
Get-QADMemberOf 'Dmitry Sotnikov'

# Find all groups including indirect membership
Get-QADMemberOf 'Dmitry Sotnikov' -Indirect

# Count my groups
(Get-QADMemberOf 'Dmitry Sotnikov').Count

# Change my groups
Get-QADMemberOf 'Dmitry Sotnikov' -Indirect |
  Set-QADGroup -Description 'Dmitry was here'

MemberOf, IndirectMemberOf, NotMemberOf, NotIndirectMemberOf parameters of Get-QADComputer, Get-QADGroup, Get-QADObject, and Get-QADUser

# Find all users in London from Managers groups
Get-QADUser -City 'London' -IndirectMemberOf 'Managers'

# Find all users in an OU who do not belong to a specific group
Get-QADUser -SearchRoot 'mydomain.local/users/berlin' -NotMemberOf 'ToBeMigrated'

# And so on...

And, finally:

ContainsMember, ContainsIndirectMember, NotContainsMember, NotContainsIndirectMember parameters for Get-QADGroup

# Find all groups to which I do not belong and add me to them
Get-QADGroup -NotContainsIndirectMember 'Dmitry Sotnikov' |
  Add-QADGroupMember -Member 'Dmitry Sotnikov'

# Find all groups which contain myself but not Andrei
Get-QADGroup -ContainsMember 'Dmitry Sotnikov' -NotContainsMember 'Andrei Polevoi'

I am sure there are a lot of other interesting scenarios which these new features open. Find them and blog them! 🙂

Tags: , , , , , ,

4 Responses to “New group membership cmdlets”

  1. 1 Kevin June 24, 2009 at 8:40 pm

    Does the Memberof cmdlet take into account SID-history?

  2. 2 Dmitry Sotnikov June 25, 2009 at 6:50 am


    If I remember right, SIDHistory does not affect group membership. It’s only for access to ACLed resources such as files, etc.


  1. 1 Powershell: Add User to a lot of Groups « Trackback on April 15, 2009 at 2:25 pm
  2. 2 PowerShell script to select email recipients « Dmitry’s PowerBlog: PowerShell and beyond Trackback on April 24, 2009 at 9:01 am

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

My Recent Tweets


The posts on this blog are provided “as is” with no warranties and confer no rights. The opinions expressed on this site are mine and mine alone, and do not necessarily represent those of my employer - WSO2 or anyone else for that matter. All trademarks acknowledged.

© 2007-2014 Dmitry Sotnikov

April 2009

%d bloggers like this: