en-US/PSADTree.dll-Help.xml
<?xml version="1.0" encoding="utf-8"?>
<helpItems schema="maml" xmlns="http://msh"> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-ADTreeGroupMember</command:name> <command:verb>Get</command:verb> <command:noun>ADTreeGroupMember</command:noun> <maml:description> <maml:para>`tree` like cmdlet for Active Directory group members.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-ADTreeGroupMember` cmdlet gets the Active Directory members of a specified group and displays them in a tree like structure. The members of a group can be users, groups, computers and service accounts. This cmdlet also helps identifying Circular Nested Groups.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-ADTreeGroupMember</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="DistinguishedName"> <maml:name>Identity</maml:name> <maml:description> <maml:para>Specifies an Active Directory group by providing one of the following property values:</maml:para> <maml:para>- A DistinguishedName</maml:para> <maml:para>- A GUID</maml:para> <maml:para>- A SID (Security Identifier)</maml:para> <maml:para>- A sAMAccountName</maml:para> <maml:para>- A UserPrincipalName</maml:para> <maml:para></maml:para> <maml:para>See `IdentityType` Enum (https://learn.microsoft.com/en-us/dotnet/api/system.directoryservices.accountmanagement.identitytype?view=dotnet-plat-ext-7.0)for more information.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Depth</maml:name> <maml:description> <maml:para>Determines the number of nested groups and their members included in the recursion. By default, only 3 levels of recursion are included.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>3</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Group</maml:name> <maml:description> <maml:para>The `-Group` switch indicates that the cmdlet should display nested group members only. Essentially, a built-in filter where `ObjectClass` (https://learn.microsoft.com/en-us/windows/win32/adschema/a-objectclass)is `group`.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Server</maml:name> <maml:description> <maml:para>Specifies the AD DS instance to connect to by providing one of the following values for a corresponding domain name or directory server.</maml:para> <maml:para>Domain name values:</maml:para> <maml:para>- Fully qualified domain name</maml:para> <maml:para>- NetBIOS name</maml:para> <maml:para></maml:para> <maml:para>Directory server values:</maml:para> <maml:para>- Fully qualified directory server name</maml:para> <maml:para>- NetBIOS name</maml:para> <maml:para>- Fully qualified directory server name and port</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ShowAll</maml:name> <maml:description> <maml:para>By default, previously processed groups will be marked as "Processed Group" and their hierarchy will not be displayed. This switch forces the cmdlet to display the full hierarchy including previously processed groups.</maml:para> <maml:para>> [!NOTE] > > This cmdlet uses a caching mechanism to ensure that Active Directory Groups are only queried once per Identity. > This caching mechanism is also used to reconstruct the pre-processed group's hierarchy when the `-ShowAll` switch is used, thus not incurring a performance cost. > The intent behind this switch is to not clutter the cmdlet's output by default.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none"> <maml:name>Exclude</maml:name> <maml:description> <maml:para>Specifies an array of one or more string patterns to be matched as the cmdlet enumerates child principals. Any matching principal is excluded from the output. Wildcard characters are accepted.</maml:para> <maml:para>> [!NOTE] > > - Patterns are tested against the principal's `.SamAccountName` property. > - When the matched principal is of type `group`, all child principals are also excluded from the output.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-ADTreeGroupMember</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="DistinguishedName"> <maml:name>Identity</maml:name> <maml:description> <maml:para>Specifies an Active Directory group by providing one of the following property values:</maml:para> <maml:para>- A DistinguishedName</maml:para> <maml:para>- A GUID</maml:para> <maml:para>- A SID (Security Identifier)</maml:para> <maml:para>- A sAMAccountName</maml:para> <maml:para>- A UserPrincipalName</maml:para> <maml:para></maml:para> <maml:para>See `IdentityType` Enum (https://learn.microsoft.com/en-us/dotnet/api/system.directoryservices.accountmanagement.identitytype?view=dotnet-plat-ext-7.0)for more information.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Group</maml:name> <maml:description> <maml:para>The `-Group` switch indicates that the cmdlet should display nested group members only. Essentially, a built-in filter where `ObjectClass` (https://learn.microsoft.com/en-us/windows/win32/adschema/a-objectclass)is `group`.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Recursive</maml:name> <maml:description> <maml:para>Specifies that the cmdlet should get all group members of the specified group.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Server</maml:name> <maml:description> <maml:para>Specifies the AD DS instance to connect to by providing one of the following values for a corresponding domain name or directory server.</maml:para> <maml:para>Domain name values:</maml:para> <maml:para>- Fully qualified domain name</maml:para> <maml:para>- NetBIOS name</maml:para> <maml:para></maml:para> <maml:para>Directory server values:</maml:para> <maml:para>- Fully qualified directory server name</maml:para> <maml:para>- NetBIOS name</maml:para> <maml:para>- Fully qualified directory server name and port</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ShowAll</maml:name> <maml:description> <maml:para>By default, previously processed groups will be marked as "Processed Group" and their hierarchy will not be displayed. This switch forces the cmdlet to display the full hierarchy including previously processed groups.</maml:para> <maml:para>> [!NOTE] > > This cmdlet uses a caching mechanism to ensure that Active Directory Groups are only queried once per Identity. > This caching mechanism is also used to reconstruct the pre-processed group's hierarchy when the `-ShowAll` switch is used, thus not incurring a performance cost. > The intent behind this switch is to not clutter the cmdlet's output by default.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none"> <maml:name>Exclude</maml:name> <maml:description> <maml:para>Specifies an array of one or more string patterns to be matched as the cmdlet enumerates child principals. Any matching principal is excluded from the output. Wildcard characters are accepted.</maml:para> <maml:para>> [!NOTE] > > - Patterns are tested against the principal's `.SamAccountName` property. > - When the matched principal is of type `group`, all child principals are also excluded from the output.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Depth</maml:name> <maml:description> <maml:para>Determines the number of nested groups and their members included in the recursion. By default, only 3 levels of recursion are included.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>3</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Group</maml:name> <maml:description> <maml:para>The `-Group` switch indicates that the cmdlet should display nested group members only. Essentially, a built-in filter where `ObjectClass` (https://learn.microsoft.com/en-us/windows/win32/adschema/a-objectclass)is `group`.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="DistinguishedName"> <maml:name>Identity</maml:name> <maml:description> <maml:para>Specifies an Active Directory group by providing one of the following property values:</maml:para> <maml:para>- A DistinguishedName</maml:para> <maml:para>- A GUID</maml:para> <maml:para>- A SID (Security Identifier)</maml:para> <maml:para>- A sAMAccountName</maml:para> <maml:para>- A UserPrincipalName</maml:para> <maml:para></maml:para> <maml:para>See `IdentityType` Enum (https://learn.microsoft.com/en-us/dotnet/api/system.directoryservices.accountmanagement.identitytype?view=dotnet-plat-ext-7.0)for more information.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Recursive</maml:name> <maml:description> <maml:para>Specifies that the cmdlet should get all group members of the specified group.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Server</maml:name> <maml:description> <maml:para>Specifies the AD DS instance to connect to by providing one of the following values for a corresponding domain name or directory server.</maml:para> <maml:para>Domain name values:</maml:para> <maml:para>- Fully qualified domain name</maml:para> <maml:para>- NetBIOS name</maml:para> <maml:para></maml:para> <maml:para>Directory server values:</maml:para> <maml:para>- Fully qualified directory server name</maml:para> <maml:para>- NetBIOS name</maml:para> <maml:para>- Fully qualified directory server name and port</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ShowAll</maml:name> <maml:description> <maml:para>By default, previously processed groups will be marked as "Processed Group" and their hierarchy will not be displayed. This switch forces the cmdlet to display the full hierarchy including previously processed groups.</maml:para> <maml:para>> [!NOTE] > > This cmdlet uses a caching mechanism to ensure that Active Directory Groups are only queried once per Identity. > This caching mechanism is also used to reconstruct the pre-processed group's hierarchy when the `-ShowAll` switch is used, thus not incurring a performance cost. > The intent behind this switch is to not clutter the cmdlet's output by default.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none"> <maml:name>Exclude</maml:name> <maml:description> <maml:para>Specifies an array of one or more string patterns to be matched as the cmdlet enumerates child principals. Any matching principal is excluded from the output. Wildcard characters are accepted.</maml:para> <maml:para>> [!NOTE] > > - Patterns are tested against the principal's `.SamAccountName` property. > - When the matched principal is of type `group`, all child principals are also excluded from the output.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para>You can pipe strings containing an identity to this cmdlet. __`ADGroup`__ (https://learn.microsoft.com/en-us/dotnet/api/microsoft.activedirectory.management.adgroup?view=activedirectory-management-10.0)instances piped to this cmdlet are also supported.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>PSADTree.TreeGroup</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> <command:returnValue> <dev:type> <maml:name>PSADTree.TreeUser</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> <command:returnValue> <dev:type> <maml:name>PSADTree.TreeComputer</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>`treegroupmember` is the alias for this cmdlet.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>------------ Example 1: Get the members of a group ------------</maml:title> <dev:code>PS ..\PSADTree\> Get-ADTreeGroupMember TestGroup001</dev:code> <dev:remarks> <maml:para>By default, this cmdlet uses `-Depth` with a default value of `3`.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------ Example 2: Get the members of a group recursively ------</maml:title> <dev:code>PS ..\PSADTree\> Get-ADTreeGroupMember TestGroup001 -Recursive</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Get the members of all groups under an Organizational Unit</maml:title> <dev:code>PS ..\PSADTree\> Get-ADGroup -Filter * -SearchBase 'OU=myOU,DC=myDomain,DC=com' | Get-ADTreeGroupMember</dev:code> <dev:remarks> <maml:para>You can pipe strings containing an identity to this cmdlet. __`ADGroup`__ (https://learn.microsoft.com/en-us/dotnet/api/microsoft.activedirectory.management.adgroup?view=activedirectory-management-10.0)instances piped to this cmdlet are also supported.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 4: Find any Circular Nested Groups from previous example</maml:title> <dev:code>PS ..\PSADTree\> Get-ADComputer -Filter * -SearchBase 'OU=myOU,DC=myDomain,DC=com' | Get-ADTreeGroupMember -Recursive -Group | Where-Object IsCircular</dev:code> <dev:remarks> <maml:para>The `-Group` switch limits the members tree view to nested groups only.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>------ Example 5: Get group members in a different Domain ------</maml:title> <dev:code>PS ..\PSADTree\> Get-ADTreeGroupMember TestGroup001 -Server otherDomain</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>--- Example 6: Get group members including processed groups ---</maml:title> <dev:code>PS ..\PSADTree\> Get-ADTreeGroupMember TestGroup001 -ShowAll</dev:code> <dev:remarks> <maml:para>By default, previously processed groups will be marked as "Processed Group" and their hierarchy will not be displayed. The `-ShowAll` switch indicates that the cmdlet should display the hierarchy of all previously processed groups.</maml:para> <maml:para>> [!NOTE] > > The use of this switch should not infer in a great performance cost, for more details see the parameter details.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks /> </command:command> <command:command xmlns:maml="http://schemas.microsoft.com/maml/2004/10" xmlns:command="http://schemas.microsoft.com/maml/dev/command/2004/10" xmlns:dev="http://schemas.microsoft.com/maml/dev/2004/10" xmlns:MSHelp="http://msdn.microsoft.com/mshelp"> <command:details> <command:name>Get-ADTreePrincipalGroupMembership</command:name> <command:verb>Get</command:verb> <command:noun>ADTreePrincipalGroupMembership</command:noun> <maml:description> <maml:para>`tree` like cmdlet for Active Directory Principals Group Membership.</maml:para> </maml:description> </command:details> <maml:description> <maml:para>The `Get-ADTreePrincipalGroupMembership` cmdlet gets the Active Directory groups that have a specified user, computer, group, or service account as a member and displays them in a tree like structure. This cmdlet also helps identifying Circular Nested Groups.</maml:para> </maml:description> <command:syntax> <command:syntaxItem> <maml:name>Get-ADTreePrincipalGroupMembership</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="DistinguishedName"> <maml:name>Identity</maml:name> <maml:description> <maml:para>Specifies an Active Directory principal by providing one of the following property values:</maml:para> <maml:para>- A DistinguishedName</maml:para> <maml:para>- A GUID</maml:para> <maml:para>- A SID (Security Identifier)</maml:para> <maml:para>- A sAMAccountName</maml:para> <maml:para>- A UserPrincipalName</maml:para> <maml:para></maml:para> <maml:para>See `IdentityType` Enum (https://learn.microsoft.com/en-us/dotnet/api/system.directoryservices.accountmanagement.identitytype?view=dotnet-plat-ext-7.0)for more information.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Depth</maml:name> <maml:description> <maml:para>Determines the number of nested group memberships included in the recursion. By default, only 3 levels of recursion are included.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>3</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Server</maml:name> <maml:description> <maml:para>Specifies the AD DS instance to connect to by providing one of the following values for a corresponding domain name or directory server.</maml:para> <maml:para>Domain name values:</maml:para> <maml:para>- Fully qualified domain name</maml:para> <maml:para>- NetBIOS name</maml:para> <maml:para></maml:para> <maml:para>Directory server values:</maml:para> <maml:para>- Fully qualified directory server name</maml:para> <maml:para>- NetBIOS name</maml:para> <maml:para>- Fully qualified directory server name and port</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ShowAll</maml:name> <maml:description> <maml:para>By default, previously processed groups will be marked as "Processed Group" and their hierarchy will not be displayed. This switch forces the cmdlet to display the full hierarchy including previously processed groups.</maml:para> <maml:para>> [!NOTE] > > This cmdlet uses a caching mechanism to ensure that Active Directory Groups are only queried once per Identity. > This caching mechanism is also used to reconstruct the pre-processed group's hierarchy when the `-ShowAll` switch is used, thus not incurring a performance cost. > The intent behind this switch is to not clutter the cmdlet's output by default.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none"> <maml:name>Exclude</maml:name> <maml:description> <maml:para>Specifies an array of one or more string patterns to be matched as the cmdlet enumerates child principals. Any matching principal is excluded from the output. Wildcard characters are accepted.</maml:para> <maml:para>> [!NOTE] > > Patterns are tested against the principal's `.SamAccountName` property.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> <command:syntaxItem> <maml:name>Get-ADTreePrincipalGroupMembership</maml:name> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="DistinguishedName"> <maml:name>Identity</maml:name> <maml:description> <maml:para>Specifies an Active Directory principal by providing one of the following property values:</maml:para> <maml:para>- A DistinguishedName</maml:para> <maml:para>- A GUID</maml:para> <maml:para>- A SID (Security Identifier)</maml:para> <maml:para>- A sAMAccountName</maml:para> <maml:para>- A UserPrincipalName</maml:para> <maml:para></maml:para> <maml:para>See `IdentityType` Enum (https://learn.microsoft.com/en-us/dotnet/api/system.directoryservices.accountmanagement.identitytype?view=dotnet-plat-ext-7.0)for more information.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Recursive</maml:name> <maml:description> <maml:para>Specifies that the cmdlet should get all group membership of the specified principal.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Server</maml:name> <maml:description> <maml:para>Specifies the AD DS instance to connect to by providing one of the following values for a corresponding domain name or directory server.</maml:para> <maml:para>Domain name values:</maml:para> <maml:para>- Fully qualified domain name</maml:para> <maml:para>- NetBIOS name</maml:para> <maml:para></maml:para> <maml:para>Directory server values:</maml:para> <maml:para>- Fully qualified directory server name</maml:para> <maml:para>- NetBIOS name</maml:para> <maml:para>- Fully qualified directory server name and port</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ShowAll</maml:name> <maml:description> <maml:para>By default, previously processed groups will be marked as "Processed Group" and their hierarchy will not be displayed. This switch forces the cmdlet to display the full hierarchy including previously processed groups.</maml:para> <maml:para>> [!NOTE] > > This cmdlet uses a caching mechanism to ensure that Active Directory Groups are only queried once per Identity. > This caching mechanism is also used to reconstruct the pre-processed group's hierarchy when the `-ShowAll` switch is used, thus not incurring a performance cost. > The intent behind this switch is to not clutter the cmdlet's output by default.</maml:para> </maml:description> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none"> <maml:name>Exclude</maml:name> <maml:description> <maml:para>Specifies an array of one or more string patterns to be matched as the cmdlet enumerates child principals. Any matching principal is excluded from the output. Wildcard characters are accepted.</maml:para> <maml:para>> [!NOTE] > > Patterns are tested against the principal's `.SamAccountName` property.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:syntaxItem> </command:syntax> <command:parameters> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Depth</maml:name> <maml:description> <maml:para>Determines the number of nested group memberships included in the recursion. By default, only 3 levels of recursion are included.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">Int32</command:parameterValue> <dev:type> <maml:name>Int32</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>3</dev:defaultValue> </command:parameter> <command:parameter required="true" variableLength="true" globbing="false" pipelineInput="True (ByPropertyName, ByValue)" position="0" aliases="DistinguishedName"> <maml:name>Identity</maml:name> <maml:description> <maml:para>Specifies an Active Directory principal by providing one of the following property values:</maml:para> <maml:para>- A DistinguishedName</maml:para> <maml:para>- A GUID</maml:para> <maml:para>- A SID (Security Identifier)</maml:para> <maml:para>- A sAMAccountName</maml:para> <maml:para>- A UserPrincipalName</maml:para> <maml:para></maml:para> <maml:para>See `IdentityType` Enum (https://learn.microsoft.com/en-us/dotnet/api/system.directoryservices.accountmanagement.identitytype?view=dotnet-plat-ext-7.0)for more information.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Recursive</maml:name> <maml:description> <maml:para>Specifies that the cmdlet should get all group membership of the specified principal.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>Server</maml:name> <maml:description> <maml:para>Specifies the AD DS instance to connect to by providing one of the following values for a corresponding domain name or directory server.</maml:para> <maml:para>Domain name values:</maml:para> <maml:para>- Fully qualified domain name</maml:para> <maml:para>- NetBIOS name</maml:para> <maml:para></maml:para> <maml:para>Directory server values:</maml:para> <maml:para>- Fully qualified directory server name</maml:para> <maml:para>- NetBIOS name</maml:para> <maml:para>- Fully qualified directory server name and port</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String</command:parameterValue> <dev:type> <maml:name>String</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="false" pipelineInput="False" position="named" aliases="none"> <maml:name>ShowAll</maml:name> <maml:description> <maml:para>By default, previously processed groups will be marked as "Processed Group" and their hierarchy will not be displayed. This switch forces the cmdlet to display the full hierarchy including previously processed groups.</maml:para> <maml:para>> [!NOTE] > > This cmdlet uses a caching mechanism to ensure that Active Directory Groups are only queried once per Identity. > This caching mechanism is also used to reconstruct the pre-processed group's hierarchy when the `-ShowAll` switch is used, thus not incurring a performance cost. > The intent behind this switch is to not clutter the cmdlet's output by default.</maml:para> </maml:description> <command:parameterValue required="false" variableLength="false">SwitchParameter</command:parameterValue> <dev:type> <maml:name>SwitchParameter</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>False</dev:defaultValue> </command:parameter> <command:parameter required="false" variableLength="true" globbing="true" pipelineInput="False" position="named" aliases="none"> <maml:name>Exclude</maml:name> <maml:description> <maml:para>Specifies an array of one or more string patterns to be matched as the cmdlet enumerates child principals. Any matching principal is excluded from the output. Wildcard characters are accepted.</maml:para> <maml:para>> [!NOTE] > > Patterns are tested against the principal's `.SamAccountName` property.</maml:para> </maml:description> <command:parameterValue required="true" variableLength="false">String[]</command:parameterValue> <dev:type> <maml:name>String[]</maml:name> <maml:uri /> </dev:type> <dev:defaultValue>None</dev:defaultValue> </command:parameter> </command:parameters> <command:inputTypes> <command:inputType> <dev:type> <maml:name>System.String</maml:name> </dev:type> <maml:description> <maml:para>You can pipe strings containing an identity to this cmdlet. `ADObject` (https://learn.microsoft.com/en-us/dotnet/api/microsoft.activedirectory.management.adobject?view=activedirectory-management-10.0)instances piped to this cmdlet are also supported.</maml:para> </maml:description> </command:inputType> </command:inputTypes> <command:returnValues> <command:returnValue> <dev:type> <maml:name>PSADTree.TreeGroup</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> <command:returnValue> <dev:type> <maml:name>PSADTree.TreeUser</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> <command:returnValue> <dev:type> <maml:name>PSADTree.TreeComputer</maml:name> </dev:type> <maml:description> <maml:para></maml:para> </maml:description> </command:returnValue> </command:returnValues> <maml:alertSet> <maml:alert> <maml:para>`treeprincipalmembership` is the alias for this cmdlet.</maml:para> </maml:alert> </maml:alertSet> <command:examples> <command:example> <maml:title>--------- Example 1: Get group memberships for a user ---------</maml:title> <dev:code>PS ..\PSADTree\> Get-ADTreePrincipalGroupMembership john.doe</dev:code> <dev:remarks> <maml:para>By default, this cmdlet uses `-Depth` with a default value of `3`.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>-- Example 2: Get the recursive group memberships for a user --</maml:title> <dev:code>PS ..\PSADTree\> Get-ADTreePrincipalGroupMembership john.doe -Recursive</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 3: Get group memberships for all computers under an Organizational Unit</maml:title> <dev:code>PS ..\PSADTree\> Get-ADComputer -Filter * -SearchBase 'OU=myOU,DC=myDomain,DC=com' | Get-ADTreePrincipalGroupMembership</dev:code> <dev:remarks> <maml:para>You can pipe strings containing an identity to this cmdlet. __`ADObject`__ (https://learn.microsoft.com/en-us/dotnet/api/microsoft.activedirectory.management.adobject?view=activedirectory-management-10.0)instances piped to this cmdlet are also supported.</maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 4: Find any Circular Nested Groups from previous example</maml:title> <dev:code>PS ..\PSADTree\> Get-ADComputer -Filter * -SearchBase 'OU=myOU,DC=myDomain,DC=com' | Get-ADTreePrincipalGroupMembership -Recursive | Where-Object IsCircular</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 5: Get group memberships for a user in a different Domain</maml:title> <dev:code>PS ..\PSADTree\> Get-ADTreePrincipalGroupMembership john.doe -Server otherDomain</dev:code> <dev:remarks> <maml:para></maml:para> </dev:remarks> </command:example> <command:example> <maml:title>Example 6: Get group memberships for a user, including processed groups</maml:title> <dev:code>PS ..\PSADTree\> Get-ADTreePrincipalGroupMembership john.doe -ShowAll</dev:code> <dev:remarks> <maml:para>By default, previously processed groups will be marked as "Processed Group" and their hierarchy will not be displayed. The `-ShowAll` switch indicates that the cmdlet should display the hierarchy of all previously processed groups.</maml:para> <maml:para>> [!NOTE] > > The use of this switch should not infer in a great performance cost, for more details see the parameter details.</maml:para> </dev:remarks> </command:example> </command:examples> <command:relatedLinks /> </command:command> </helpItems> |