List of active directory group members that are not disabled

Question

I've been trying to locate / write a script that displays all NON disabled accounts in an active directory group.

The closest I've come to a working script displays all members of a group but it also shows the disabled users.

Here's the non-filtered query.

dsquery group -name "admins" | dsget group -members -expand

Please help, -Rob

Answer 1

Given that you tagged this with PowerShell, I will lean that direction with my answer. If you are have the ActiveDirectory module from the AD DS RSAT tools installed (using PowerShell 3.0 or greater here)

Get-ADGroupMember "CN=Group DN,OU=Group OU,DC=domain,DC=com" | ? ObjectClass -eq "User" | Get-ADUser | ? Enabled

If you want to recourse through nested groups, use the -Recursive parameter on the Get-ADGroupMember cmdlet.