Possible to filter dsquery group?

Question

I am trying to output the members of an AD group in an easy to read format with the following:

dsquery group -name "<AD GROUP NAME>" | dsget group -members -expand | dsget user -samid -fn -ln

If I just do dsquery group -name "<AD GROUP NAME>" | dsget group -members -expand I can see some of the accounts have CN=ForeignSecurityPrincipals - how do I exclude those from the output?

score 2 · Accepted Answer · answered Sep 11 '15 at 13:05

2

Just add the following at the end of your commando.

|find /v "CN=ForeignSecurityPrincipals"

answered Sep 11 '15 at 13:05

ZEDA-NL

846
1
6
13

Of course! the command I actually used: dsquery group -name "" -limit 5000 | dsget group -members | find "OU=User Environment" | dsget user -samid -fn -ln – Mark Allison Sep 11 '15 at 14:18

Possible to filter dsquery group?

1 Answers1