List Active Directory Non-LVR Group Members

My friend Jimmy wrote a couple of post a while ago on non LVR (aka legacy) group members in Active Directory groups over at his blog.

You can find the his post on how to find non-LVR members here: http://jimmytheswede.blogspot.se/2013/06/non-lvr-groupmembers-how-to-find-them.html

The other day when I was facing a similar situation at a customer I wrote this PowerShell function that I used to list all non LVR members of a group:

Function Get-NonLVRMembers {
    [CmdletBinding(HelpUri = 'http://blog.simonw.se/',
                  ConfirmImpact='Low')]
    [OutputType([String])]
    Param(
        [Parameter(Mandatory=$true,
        ValueFromPipeline=$false)]
        [ValidateNotNullOrEmpty()]
        [Alias("dc")]
        $DomainController,
        [Parameter(Mandatory=$true,
        ValueFromPipeline=$true)]
        [ValidateNotNullOrEmpty()]
        [Alias("dn")]
        $DistinguishedName
    )
    # Get meta data by running repadmin
    $ObjectMeta = & repadmin.exe /showobjmeta $DomainController "$DistinguishedName"

    # Define regular expression to find LEGACY membership
    $Regex = 'LEGACYs.*?((CN=.*?,)+?(OU=.*?,)*?(DC=.*?,)*?(DC=.*?))s'

    # Match output from repadmin with regular expression and return legacy members distinguished name
    ([regex]::matches($ObjectMeta, $Regex, @("Multiline"))) | Foreach {
        $_.Groups[1].Value
    }
}

This will return a list of strings, each containing the distinguished name of a non LVR group member.

I used this information to generate a report of which and how many LVR-members each group had.