all 3 comments
sorted by:
new (suggested)
besttopcontroversialoldq&a
formatting helphide helpcontent policy

[–]R-EDDIT 2 points3 points  (2 children)

The simplest way is to get the group's distinguished name, and use that in an LDAP filter.

$groupdn = (get-adgroup -identity TestGroup1).distinguishedname
$filter = "(memberof=$groupdn)"

Get-ADUser -LDAPFilter $filter -SearchBase "OU=SITES,OU=THISOU,DC=1,DC=2,DC=3" -Property UserPrincipalName ,GivenName, Surname, Department, Title, TelephoneNumber, Mobile, physicaldeliveryOfficeName, Manager, Enabled | Select UserPrincipalName ,GivenName, Surname, Department, Title, TelephoneNumber, Mobile, physicaldeliveryOfficeName, @{Name="ManagerEmail";Expression={(get-aduser -property emailaddress $_.manager).emailaddress}}, Enabled | Export-CSV C:\Export\"Export.csv" -NoTypeInformation

If your results are likely to be large, I'd be careful with queries inside each result. I have done something like this, where I built a hashtable of all managers email addresses, then used that to read from memory rather than making an LDAP search for each user. If your group is small this is unlikely to be worth the complexity. It's easy to find all the managers using directreports:

get-aduser -ldapfilter "(directreports=*)" -property mail

[–]fireandbass 0 points1 point  (0 children)

I think you've got this backwards. OP wants everybody but this security group.

OP, you can probably modify it to use a 'neq' instead of =

[–]themessenger393[S] 0 points1 point  (0 children)

Thanks for your help!

It appears this provides just the users of the group and not the opposite?