How do I find all nested groups (for a given group) in Active Directory?

This script is really about enumerating all groups/nested sub-groups for a given group, recursively.  Useful when you’re performing a discovery/audit/cleanup exercise.  You could easily modify this to do the same task on a specific username, too – but here I’m focusing on querying a specific group for it’s nested groups. No fancy output here, just dump the nested group names to the screen.

There’s a line towards the end which catches groups that are members of themselves. Odd to think that this happens, but it does, and if you don’t catch it, the script will recurse forever.

 

And while we’re at it, let’s find all of the groups which are nested in themselves (again, printed to the screen):

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *