1What about pulling the output from Get-ADGroupMember to a variable $USERS and then running a ForEach loop that pulls them through Get-ADUser to check for Enabled? I'm playing with this now modifying a script that is similar-ish, but haven't worked out the kinks yet. – music2myear – 2017-11-10T00:31:38.843

1@music2myear Seems that worked! Did the following: $GROUPNAME = 'Domain Admins'

Get-ADGroupMember -identity $GROUPNAME -Recursive | Select name, SamAccountName, objectclass | Sort-Object Name

foreach ($USERS in $USERS) { Get-ADUser -Filter {Enabled -eq $false } | Select Name, Enabled, SamAccountName, UserPrincipalName } – Marlon – 2017-11-13T01:04:07.787

Sweet, write that up as the answer. I may have pointed you in the right direction, but you solved it. – music2myear – 2017-11-13T16:41:36.720

1Though, I'd personally leave off the Select and Sort-object off of the first line. Get-ADGroupMember is outputting objects which Get-ADUser should be able to handle just fine, and the Select command on the last line should be sufficient. – music2myear – 2017-11-13T16:43:22.850

Did some tests here but seems that statement:

Get-ADGroupMember -identity $GROUPNAME -Recursive is not getting all the members from Domain Admins group or whatever group on the cmdlet. With last cmdlet filtering results just show disabled users at general on AD. – Marlon – 2017-11-13T20:42:33.523

In the code you've posted it doesn't look as though you writing the contents of Domain Admins to a variable, and then you're just looping through every user account in the domain with Get-ADUser. – music2myear – 2017-11-13T21:49:58.313

It seems that you doing the command Get-ADGroupMember -identity $GROUPNAME without recursive option shows the members. Just does not show a group inserted into the Domain Admins members. – Marlon – 2017-11-16T18:05:39.617

@music2myear I tested these cmdlets and seems to be working now! Unfortunatelly I can't vote for my own reply, if you could do will be appreciate. – Marlon – 2017-11-27T21:04:12.767