The code below is being used in a script to fetch AD group members to fill a CSV file. This code is not recursive and doesn't fetch group members that are member of nested security groups. Does anyone know how to make this code recursive?
My code is as follows:
function getGroupMembers($groupName){
#get the group
$group = [adsi]$("LDAP://$($groupName)")
#set the initial from value
$from = 0
#escape trigger when the $ds.findall() errors
$all = $false
#array for the members of the group
$members = @()
while (! $all) {
#catch an error and set all to $true to escape
trap{$script:all = $True;continue}
#top end of the range so initally 0-999. a Range of 1000 is used to make sure it works on all versions of AD
$to = $from + 999
#Query the group object for members using "member;range=$from-$to" to just return the range of objects for this pass.
#This will generate an error with an invalid range
$DS = New-Object DirectoryServices.DirectorySearcher($Group,"(objectClass=*)","member;range=$from-$to",'Base')
$allResult = $ds.findOne()
#as the variable name for the group name is not member, but member;range=0-999 etc, the $_.PropertyNames -like 'member;*' catches all instances
$members += $allResult.properties | foreach {$_.item($_.PropertyNames -like 'member;*')}
$all = $allResult.properties["member;range=$from-*"].Count -gt 0
#set up the next search range
$from += 1000
}
$members
}