Active Directory Export Group Members to CSV
If you’re looking for an easy way to get AD group membership in bulk you’ve come to the right place.
We’ve all been there…
Management wants to know who can send emails to your Everyone group, a supervisor wants to know who has access to a group of file shares, etc…
While there are plenty of free of cheap 3rd party tools to export a list of members of an active directory group we can just as easily use the tools Microsoft provides.
Unfortunately, neither Active Directory Users and Computers (ADUC) nor Active Directory Administrative Center (ADAC) have built in functionality to export a list of group member.
Fortunately, we can use PowerShell to list AD group members and export them to CSV very quickly.
How to Export Members of AD Group to CSV with Powershell
Before we can use powershell to query active directory we need to verify we have the right components installed. More specifically, we need to very we have the Active Directory PowerShell Module installed and we can run PowerShell with a privileged account. So, let’s start there:
1. Import Active Directory PowerShell Module
If the server you’re using is a Domain Controller or is running the Active Directory Domain Services (AD DS) or Active Directory Lightweight Domain Services (AD LDS) then you’ll already have the ActiveDirectory PowerShell Module installed.
If the server is a member server and runs Windows Server 2008, 2012, or 2016 then you can simply enable the AD DS and AD LDS Tools feature in Server Manager -> Manage -> Add Roles and Features -> Features -> Remote Server Administration Tools -> Role Administration Tools. You can also run the PowerShell command:
Add-WinidowsFeature RSAT-AD-PowerShell
Alternatively, on Windows 8, Windows 8.1, and Windows 10 you can obtain the ActiveDirectory PowerShell Module by installing the Remote Server Administration Tools (RSAT)
Related: How to Install Remote Server Administration Tools (RSAT) for Windows 10
You can verify that you have the ActiveDirectory Module installed by running the following command in an elevated PowerShell window:
Get-Module -ListAvailable
Which will result in the following output:
Directory: C:\Program Files\Windows\PowerShell\Modules
ModuleType Version Name ExportedCommands
Script 1.0.1 Microsoft.PowerShell.Operation.V… {Get-Opera…
Binary 1.0.0.1 PackageManagement {Find-Package, …
Script 3.4.0 Pester {Describe, Context…
Script 1.0.0.1 PowerShellGet {Install-Module, F…
Script 1.2 PSReadline {Get-PSReadlineKey…
Directory: C:\Windows\system32\Windows\PowerShell\v1.0\Modules
ModuleType Version Name ExportedCommands
Manifest 1.0.0.0 ActiveDirectory {Add-ADCentralAcce…
Manifest 1.0.0.0 ADRMSADMIN {Export-RmsReportD…
Manifest 1.0.0.0 AppBackgroundTask {Disable-AppBackgr…
You’ll see that I have ActiveDirectory listed at the bottom to the right of Manifest meaning I’m good to go.
2. PowerShell Get AD Group
Before we can pull a groups members we need to know the exact name of the group. Use the following command to list all AD groups in your domain:
Get-ADGroup -filter * | sort Name | select Name
Which results in the following output:
name
– – – –
Accounting
Administration
Finance
IT
Marketing
Management
The results, of course, will be specific to your domain.
Once you have your group name, or if you already know the exact name of your group, you can proceed with the next step.
3. PowerShell Get AD Group Member List
To get a verbose list of group members run the following command. I’m going to use Accounting in this example:
Get-AdGroupMember -identity “Accounting”
Which results in:
distinguishedName : CN=Rick Sanchez,OU=Users,OU=NPG,DC=AD,DC=NPGDOM,DC=com
name : Rick Sanchez
objectClass : user
objectGUID : 433s6d47-32fc-ccd7-9fj3-2sdfgsr28d81
SamAccountName : RSANCHEZ
SID : S-1-5-21-3744692357-274637874-35847658595-2588
distinguishedName : CN=Morty Smith,OU=Users,OU=NPG,DC=AD,DC=NPGDOM,DC=com
name : Morty Smith
objectClass : user
objectGUID : ds9d877d-cg472-4606-agga-ca09df8f4bd
SamAccountName : MSMITH
SID : S-1-5-21-9472549784-5746386957-36948474845-2550
If we don’t want to see the verbose output and just want a list of names we can use the following command:
Get-AdGroupMember -identity “Accounting” | select Name
Which results in:
name
– – – –
Rick Sanchez
Morty Smith
Much better!
If your group has other groups as members and you want to see the members in those groups as well we need append our command with the -Recursive switch like so:
Get-AdGroupMember -identity “Accounting” | select Name -Recursive
If your group has contacts as well that you would like to see in your list we can use the following command:
Get-ADGroup “Accounting” -Properties Member | select-object -ExpandProperty Member
This will return all members in a group, security principal or not. However, you’ll need to pipe the results through a Get-ADObject to find out what objectClass (user, contact, etc…) a member is.
Now that we have our group and our members, it’s time to export our AD group members to CSV so we can read them using a text editor or spreadsheet software like Excel.
4. PowerShell Export AD Group Member to CSV
Run the following command to export your group members to a CSV sheet in your desired location:
Get-ADGroupMember -identity “Accounting” | select name | Export-csv -path “C:\users\tdude\desktop\ADGroupMembers.csv” -NoTypeInformation
If you navigate to the path you specified in the command you should now have a CSV sheet that you can open and view the same output you saw in PowerShell earlier.
Recommended for You: Solarwinds Server & Application Monitor (SAM)
Know which applications are having issues in your environment before users complain? Know which systems are causing those problems? How about which servers are about to have problems like running out of space or memory? Automate collection of data and alerting on your applications and servers with Solarwinds Server & Application Monitor so you have these answers.
Get insight into Active Directory, DNS, DHCP, and your Virtual environment without needing to mess with complex templates or knowing a single line of code.