List Active Directory Non-LVR Group Members

Page content


My friend Jimmy wrote a couple of post a while ago on non LVR (aka legacy) group members in Active Directory groups over at his blog.

You can find the his post on how to find non-LVR members here:

The other day when I was facing a similar situation at a customer I wrote this PowerShell function that I used to list all non LVR members of a group:

Function Get-NonLVRMembers {
    [CmdletBinding(HelpUri = '',
    # Get meta data by running repadmin
    $ObjectMeta = & repadmin.exe /showobjmeta $DomainController "$DistinguishedName"

    # Define regular expression to find LEGACY membership
    $Regex = 'LEGACYs.*?((CN=.*?,)+?(OU=.*?,)*?(DC=.*?,)*?(DC=.*?))s'

    # Match output from repadmin with regular expression and return legacy members distinguished name
    ([regex]::matches($ObjectMeta, $Regex, @("Multiline"))) | Foreach {

This will return a list of strings, each containing the distinguished name of a non LVR group member.

I used this information to generate a report of which and how many LVR-members each group had.