Get-AdGroupMember – Export AD Group Members to CSV

Windows PowerShell Active Directory module is one of the popular modules to manage the active directory domains, manage objects in the active directory, get information about computers, users. Active Directory module consolidates a group of cmdlets which helps to manage different objects, get AD group members, export active directory group members.

Get-AdGroupMember PowerShell cmdlet get AD group member, members can be users, computers, or groups. Administrator often needs to export active directory group members to CSV file to know who are the users in the group or particular distribution list.

Using Get-AdGroupMember cmdlet, you can easily get ad group members from the active directory and export ad group members to CSV or file.

In this article, I will explain Get-ADGroupMember examples, how to use cmdlet to list group members in PowerShell and how to get ad group members, export members of the group to CSV file.

Getting Started

To use Active Directory cmdlets, your system needs to have the following requirement

  • PowerShell Active Directory module to be installed
  • User with administrator access or have enough access to read AD group information

Tip: To know about which modules are available in the system, run the below command in PowerShell ISE

Get-Module -ListAvailable

Get-ADGroupMember

PowerShell Get-ADGroupMember cmdlet get ad group members. Ad group members can be users, computers, or groups.

Get-AdGroupMember Syntax

Get-ADGroupMember
   [-AuthType <ADAuthType>]
   [-Credential <PSCredential>]
   [-Identity] <ADGroup>
   [-Partition <String>]
   [-Recursive]
   [-Server <String>]
   [<CommonParameters>]

Let’s understand Get-ADGroupMember cmdlet key parameter as below:

AuthType – It specifies the authentication method to use. AuthType parameter accepts either Basic (or 1) or Negotiate (or 0). It has Negotiate default authentication method.

SSL (Secure Socket Layer) connection is required to use the Basic Authentication method.

Credential PSCredential – It specifies user credentials required to perform Get-ADGroup search for the group. It default accepts the credentials of logged-on users.

To use the Credential parameter, use username as User1 or domain\User1 or you can create and use PSCredential object by using Get-Credential cmdlet.

-Identity – It specifies Active Directory group object search using the distinguished name, GUID, security identifier or SAMAccountName

-Partition – It specifies the distinguished name of an active directory partition.

-Recursive – It specifies to get all ad group members from a group that does not contain child objects.

Get-ADGroupMember Examples

Let’s understand using Get-AdGroupMember to list ad group members and export ad group members to the CSV file.

Get AD group by SAM account name

Get-ADGroup -Identity Administrators

This command returns the SAM account name Administrators.

Get-AdGroupMember of Group

Till now, we have seen Get-ADGroup cmdlet to get one or more groups from Active Directory. You can use Get-ADGroupMember cmdlet to get list of all members of AD group. Members can be users, groups, or computers.

In PowerShell to list ad group members of a specific group, use the Identity parameter. You can identify groups by displayname, SAM account name, GUID, distinguished name, or security identifier.

Get-AdGroupMember -Identity "Group Name"

Get members of ad group

If you want to get list of all members in the Administrators ad group, use the below command

Get-AdGroupMember -Identity 'Administrators'

In the above command, Get-AdGroupMember get list of all members of AD group specified by the Identity parameter.

If you want to get members name only, you can filter the above command as below

Get-AdGroupMember -Identity 'Administrators' | Select name

Get AD group members Export to csv file

PowerShell Get-AdGroupMember cmdlet get list of ad group members.

To get ad group members and export AD group members list to CSV file, use below command

Get-AdGroupMember -Identity 'Administrators' | Export-csv -Path D:\Powershell\adgroupmemers.csv  -NoTypeInformation

Above Get-AdGroupMember command get group members of Administrators as ad group specified by Identity parameter.

It gets all members of administrators active directory group and using Export-CSV it export group members of ad group to CSV file.

Export Ad Group Members Email Address to Csv

If you want to export ad group members email address to CSV file, use Get-AdGroupMember to get ad group members and export to CSV file as below

Get-AdGroupMember -Identity 'SalesLeader' | Get-AdUser -Properties * | Select Name,Mail | Export-csv -Path D:\Powershell\adgroupmembers.csv  -NoTypeInformation

In the above PowerShell script, Get-AdGroupMember cmdlet get members of ad group and passes the output to the second command.

The second command uses Get-AdUser cmdlet to get ad group member properties like Name and Email address and pass output to the third command.

Using Export-Csv cmdlet in PowerShell, it export ad group members email address to CSV file.

Export Ad Group Members from Specific OU

Organizational Unit in Active Directory contains users, computers, and group objects. Use Get-AdGroupMember to list members of ad groups and export to CSV file.

To export ad group members from specific OU to CSV file with group name and ad user name, run below PowerShell script

$OU = 'OU=SALES,DC=SHELLPRO,DC=LOCAL'
# Get adgroups from specific OU
$adGroups =  Get-ADGroup -Filter * -SearchBase $OU

# Iterate through adgroups and get ad group name and user name
$adGroupMembers = foreach ($Group in $adGroups) {
    Get-ADGroupMember -Identity $Group -Recursive | Select-Object @{Name='Group';Expression={$Group.Name}}, @{Name='Member';Expression={$_.Name}}
}
# export ad group name and user to csv file
$adGroupMembers | Export-Csv -Path D:\adGroupMembers.csv -NoTypeInformation

In the above PowerShell script,

In the first command, we define Organizational Unit (OU) path

Using Get-AdGroup cmdlet, it get ad groups from specific OU.

In the next command, it uses foreach to iterate over ad groups recursively to get ad group members, group name, user name belong to ad group in specific OU.

Using Export-Csv cmdlet in PowerShell, it export ad group members from specific OU to CSV file.

Get members of Ad group including members of child groups

By default Get-AdGroupMember get list of all members from active directory group. However, If you want to get members of a group and child groups as well then use recursive parameter.

Let’s consider if the Sales group contains user John Tigre and the group EUSalesLeader.

EUSalesLeader ad group contains user Smith Waugh.

Use Get-AdGroupMember with Recursive parameter to get John Tigre and Smith Waugh

Get-ADGroupMember -Identity "Sales" -Recursive

This command gets all the members of the Sales group including members of the child group using Get-AdGroupMember recursive parameter.

Get-ADGroupMember FAQ

The term ‘Get-ADGroupMember’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

To solve the above issue, the system must have an Active Directory module. You can check if the module is available or not using Get-Module -ListAvailable

If the Active Directory module is not available then import it using import-module activedirectory

Check Active Directory module requirement at http://technet.microsoft.com/en-us/library/dd378937.aspx

How to resolve Get-ADGroupMember : The size limit for this request was exceeded?

If you are trying to list thousands of group members, you may come across a size limit for this request was exceed the issue with Get-AdGroupMember.

By default, the limit is 5000 objects. This limit is from Active Directory Web Service and applies to three cmdlets Get-ADGroupMember, Get-ADPrincipalGroupMembership, and Get-ADAccountAuthorizationGroup.

You can modify it in the config file. You will have to make sure to update the config file on each DC.

On Domain controller, open file at location C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe.config and look for appSettings tag, add below tag
<add key="MaxGroupOrMemberEntries" value="15000" />
Save the config file and restart ADWS service on DC. Repeat the above step on each DC.

How to show Get-AdGroupMember email address, user name?

Use the below command to get-aduser account name, email address

Get-ADGroupMember "Asia_Sales_Users" | Sort -Property Name | foreach{ get-aduser $_ -Properties SamAccoutName| select Name, Surname, GivenName,
SamAccountname, EmailAddress | ft -AutoSize

Get-AdGroupMember examples?

If you want to get lists of users from one group and add them to another group

Get-ADGroupMember "asia_sales" | Get-ADUser | Foreach-Object {Add-ADGroupMember -Identity "India_sales" -Members $_}

How to use PowerShell get ad group members export to CSV file?


Get-ADGroupMember -identity “Asia_Sales” | select name | Export-csv -path C:\PowerShell\adgroupmembers.csv -NoTypeInformation

This command list members of ad groups that belong to the Asia_Sales group and export their information to the adgroupmembers.csv file using Export-csv

Conclusion

Hope you find and like the above article to get active directory group members using Get-AdGroupMember cmdlet helpful and educational.

PowerShell Active Directory module provides a powerful cmdlet to perform and export active directory members to CSV files.

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.

Leave a Comment