get_group_members
Use the get_group_members command to check the Active Directory group membership for a specified group. You can use this command to return a Tcl list of the users in a specified group in one of two ways:
- With the
-adoption to return a simplified list of the distinguished names that are members of the specified group. The-adoption lists the users and groups that are members of the specified group without recursively expanding the group membership of any nested group. - Without the
-adoption to return a complete list of users that are members of the specified group. If you don’t specify the-adoption, the command recursively expands the groups that are members of the specified group to identify all of the users in any nested group.
Zone Type
Not applicable
Syntax
get_group_members [-ad | -upn] group_UPN
Abbreviation
ggm
Options
This command takes the following options:
| Option | Description |
|---|---|
| -ad | Returns the distinguished names for the users and groups that are members of the specified group. This option does not expand the group membership to list users who are members of nested groups. |
| -upn | Returns user names in user principal name (UPN) format for all of the users that are members of the specified group. This option expands the group membership of the specified group to include users who are members of nested groups. If you don’t specify this option, a complete list of user names is returned using the default sAMAccount@domain format. |
Arguments
This command takes the following argument:
| Argument | Type | Description |
|---|---|---|
| group_UPN | string | Required. Specifies the user principal name (UPN) of the group to for which you want to return user membership. |
Return Value
This command returns a Tcl list of group members.
Examples
get_group_members poweradmins@acme.com
This example returns the complete list of users who are members of the poweradmin@acme.com group, including users who are members of any nested groups, using the sAMAccountName@domain.name format. For example:
martin.moore@acme.com rachel.roberts@acme.com frank.smith@acme.com
The following example returns the distinguished names of the users and groups that are members of the demo-qa-lab@acme.com group without listing the members of any nested groups.
get_group_members -ad demo-qa-lab@acme.com
For example, this command returns the list of users and groups without expanding the group membership for the LabAdmins and QA groups:
CN=LabAdmins,CN=Users,DC=acme,DC=com {CN=Chris Howard,CN=Users,DC=acme,DC=com} CN=QA,CN=Users,DC=acme,DC=com CN=frank.smith,CN=UsersDC=acme,DC=com
Related Commands
The following commands perform actions related to this command:
joined_get_user_membershipchecks Active Directory through adclient and returns a Tcl list of groups that a user belongs to.joined_user_in_groupchecks Active Directory through adclient to see if a user is in a group.get_effective_groupschecks Active Directory and returns a Tcl list of groups a user belongs to.
