Kent,
I wrote a program that does all kinds of fun things in AD. However, when working with multiple domains I had to set the domain I was working in. Also, after a brief glance at your code it looks like $group is populated with user specific data hence the code
code:
for each $member in $group.members
is invalid because you are bound to a user object and not bound at a 'group' level.
Feel free to take a look at my Network Manager tool located on my website. I haven't worked on it lately since real work is keeping me from having fun, and there are a couple features left to add, but it's a fairly comprehensive tool for working with Users in AD.
-Ben
http://www.rgcweb.org/kix
