NetworkProGuide

Tips & Tutorials for Network Professionals

powershell get group members
System Administration 

Active Directory Export Group Members to CSV

Chase Smith, CCNP 0 Comments , , ,

If you’re looking for an easy way to get AD group membership in bulk you’ve come to the right place.

We’ve all been there…

Management wants to know who can send emails to your Everyone group, a supervisor wants to know who has access to a group of file shares,  etc…

While there are plenty of free of cheap 3rd party tools to export a list of members of an active directory group we can just as easily use the tools Microsoft provides.

Unfortunately, neither Active Directory Users and Computers (ADUC) nor Active Directory Administrative Center (ADAC) have built in functionality to export a list of group member.

Fortunately, we can use PowerShell to list AD group members and export them to CSV very quickly.

How to Export Members of AD Group to CSV with Powershell

Before we can use powershell to query active directory we need to verify we have the right components installed. More specifically, we need to very we have the Active Directory PowerShell Module installed and we can run PowerShell with a privileged account. So, let’s start there:

1. Import Active Directory PowerShell Module

If the server you’re using is a Domain Controller or is running the Active Directory Domain Services (AD DS) or Active Directory Lightweight Domain Services (AD LDS) then you’ll already have the ActiveDirectory PowerShell Module installed.

If the server is a member server and runs Windows Server 2008, 2012, or 2016 then you can simply enable the AD DS and AD LDS Tools feature in Server Manager -> Manage -> Add Roles and Features -> Features -> Remote Server Administration Tools -> Role Administration Tools. You can also run the PowerShell command:

Add-WinidowsFeature RSAT-AD-PowerShell

Alternatively, on Windows 8, Windows 8.1, and Windows 10 you can obtain the ActiveDirectory PowerShell Module by installing the Remote Server Administration Tools (RSAT)

Related: How to Install Remote Server Administration Tools (RSAT) for Windows 10

You can verify that you have the ActiveDirectory Module installed by running the following command in an elevated PowerShell window:

Get-Module -ListAvailable

Which will result in the following output:

Directory: C:\Program Files\Windows\PowerShell\Modules

ModuleType Version    Name                                ExportedCommands

Script     1.0.1      Microsoft.PowerShell.Operation.V... {Get-Opera…
Binary     1.0.0.1    PackageManagement                   {Find-Package, …
Script     3.4.0      Pester                              {Describe, Context…
Script     1.0.0.1    PowerShellGet                       {Install-Module, F…
Script     1.2        PSReadline                          {Get-PSReadlineKey…

Directory: C:\Windows\system32\Windows\PowerShell\v1.0\Modules

ModuleType Version    Name                                ExportedCommands

Manifest   1.0.0.0    ActiveDirectory                     {Add-ADCentralAcce…
Manifest   1.0.0.0    ADRMSADMIN                          {Export-RmsReportD…
Manifest   1.0.0.0    AppBackgroundTask                   {Disable-AppBackgr…

You’ll see that I have ActiveDirectory listed at the bottom to the right of Manifest meaning I’m good to go.

2. PowerShell Get AD Group

Before we can pull a groups members we need to know the exact name of the group. Use the following command to list all AD groups in your domain:

Get-ADGroup -filter * | sort Name | select Name

Which results in the following output:

name
--------
Accounting
Administration
Finance
IT
Marketing
Management

The results, of course, will be specific to your domain.

Once you have your group name, or if you already know the exact name of your group, you can proceed with the next step.

3. PowerShell Get AD Group Member List

To get a verbose list of group members run the following command using the Get-AdGroupMember cmdlet. I’m going to use Accounting in this example:

Get-AdGroupMember -identity “Accounting”

Which results in:

distinguishedName : CN=Rick Sanchez,OU=Users,OU=NPG,DC=AD,DC=NPGDOM,DC=com
name              : Rick Sanchez
objectClass       : user
objectGUID        : 433s6d47-32fc-ccd7-9fj3-2sdfgsr28d81
SamAccountName    : RSANCHEZ
SID               : S-1-5-21-3744692357-274637874-35847658595-2588

distinguishedName : CN=Morty Smith,OU=Users,OU=NPG,DC=AD,DC=NPGDOM,DC=com
name              : Morty Smith
objectClass       : user
objectGUID        : ds9d877d-cg472-4606-agga-ca09df8f4bd
SamAccountName    : MSMITH
SID               : S-1-5-21-9472549784-5746386957-36948474845-2550

If we don’t want to see the verbose output and just want a list of names we can use the following command:

Get-AdGroupMember -identity "Accounting" | select Name

Which results in:

name
--------
Rick Sanchez
Morty Smith

Much better!

If your group has other groups as members and you want to see the members in those groups as well we need append our command with the -Recursive switch like so:

Get-AdGroupMember -identity "Accounting" | select Name -Recursive

If your group has contacts as well that you would like to see in your list we can use the following command:

Get-ADGroup “Accounting” -Properties Member | select-object -ExpandProperty Member

This will return all members in a group, security principal or not. However, you’ll need to pipe the results through a Get-ADObject to find out what objectClass (user, contact, etc…) a member is.

Now that we have our group and our members, it’s time to export our AD group members to CSV so we can read them using a text editor or spreadsheet software like Excel.

4. PowerShell Export AD Group Member to CSV

Run the following command to export your group members to a CSV sheet in your desired location:

Get-ADGroupMember -identity “Accounting” | select name | Export-csv -path “C:\users\tdude\desktop\ADGroupMembers.csv” -NoTypeInformation

If you navigate to the path you specified in the command you should now have a CSV sheet that you can open and view the same output you saw in PowerShell earlier.

Recommended for You: Solarwinds Hybrid Systems Monitoring Bundle

Know which applications are having issues in your environment before users complain? Know which systems are causing those problems or were recently changed by someone? How about which servers are about to have problems like running out of space or memory?

Automate collection of data and alerting on your local or cloud applications and servers with Solarwinds Hybrid Systems Bundle so you have these answers.

Get insight into Active Directory, DNS, DHCP, and your Virtual and Applications environments, both locally and cloud hosted, without needing to mess with complex templates or knowing a single line of code.

Chase Smith, CCNP

Chase Smith, CCNP is a Network Engineer III who has spent the last decade elbow deep in enterprise system administration and networking. He can usually be found trying to warm up behind the storage in the datacenter.

Leave a Reply

Your email address will not be published. Required fields are marked *