A reader sent in a question asking how to enumerate groups that have spaces in them and this lead me to realize I didn’t follow the specifications for valid distinguished names as well as I thought I had.  If you take a look at RFC 2253 and the Microsoft page that defines security group names, you will see what the allowed characters are for these names.  At this point the validation is a lot better, but it still isn’t perfect.

If you encounter a situation where you need to enumerate members of a group that my validation does not allow, you can scroll down to line 271 in the script and change the $rx variable to “.+” to make it simple which will allow you to pass any characters.  If you pass invalid characters you will get some funny errors happening, but it should work.  You may have to use quotes around the name if you are looking to use spaces or other allowed special characters.

Taking another look at the code, I also found a small bug that was causing the display of notes associated with a group to print out an error about null strings.  This should be fixed now.  If anyone notices any other problems, feel free to comment and let me know and I will try to fix it or add in the change as soon as possible.  I’ll be posting another update soon that goes the other direction of this script, one that enumerates group membership for a specific user.

Thanks again to Darren from Brisbane(?), Australia for pointing this out.

Here is the updated script download link: Download enumerate_groups.ps1