With this line you get all the users of an Active Directory group recursively, so any nested group is expanded. It is also exported to a CSV file.
[code lang=“powershell” light=“true”]Get-ADGroupMember -Identity ‘GroupName’ -Recursive | Get-ADUser -Properties ‘*’ | Select-Object samAccountName, name, givenName, sn, mail, l | Export-Csv -Encoding UTF8 -Delimiter ‘;’ -path ‘.users.csv’[/code]
I have found that is not a trivial task to change the dial-in permission in an Active Directory user or computer because you must update the userParameters attribute at the same time that the msNPAllowDialin.
In the KB252398, Microsoft says to download the Active Directory Service Interface, so you can register adsras.dll, and use the ADSI interface it provides, but the download is no longer available.
I have managed to create a script to allow dial-in: first, I have allowed manually a user to dial-in, and then I pick those permissions and apply them to the rest.
[Read More]