Home » PowerShell » Get-AdGroupMember – Export AD Group Members to CSV

Get-AdGroupMember – Export AD Group Members to CSV

Get-AdGroupMember PowerShell cmdlet gets AD group members, members can be users, computers, or groups. Administrator often needs to export active directory group members to CSV file to know who are the users in the group or particular distribution list.

Windows PowerShell Active Directory module is one of the popular modules to manage the active directory domains, manage objects in the active directory, and get information about computers, and users.

Active Directory module consolidates a group of cmdlets which helps to manage different objects, get AD group members and export active directory group members.

Using Get-AdGroupMember cmdlet, you can easily get ad group members from the active directory and export ad group members to CSV or file.

In this article, we will discuss about Get-ADGroupMember examples, how to use the cmdlet to list group members in PowerShell, and how to get ad group members, and export members of the ad group to a CSV file.

Getting Started

To use Active Directory cmdlets, your system needs to have the following requirement

  1. PowerShell Active Directory module to be installed
  2. Users with administrator access or have enough access to read AD group information

Tip: To know which modules are available in the system, run the below command in PowerShell ISE

Get-Module -ListAvailable

Get-ADGroupMember

PowerShell Get-ADGroupMember cmdlet get ad group members. Ad group members can be users, computers, or groups.

Get-AdGroupMember Syntax

Get-ADGroupMember
   [-AuthType <ADAuthType>]
   [-Credential <PSCredential>]
   [-Identity] <ADGroup>
   [-Partition <String>]
   [-Recursive]
   [-Server <String>]
   [<CommonParameters>]

Let’s understand the Get-ADGroupMember cmdlet key parameter as below:

AuthType – It specifies the authentication method to use. AuthType parameter accepts either Basic (or 1) or Negotiate (or 0). It has Negotiate default authentication method.

SSL (Secure Socket Layer) connection is required to use the Basic Authentication method.

Credential PSCredential – It specifies user credentials required to perform the Get-ADGroup search for the group. It default accepts the credentials of logged-on users.

To use the Credential parameter, use username as User1 or domain\User1 or you can create and use PSCredential object by using Get-Credential cmdlet.

-Identity – It specifies Active Directory group object search using the distinguished name, GUID, security identifier or SAMAccountName

-Partition – It specifies the distinguished name of an active directory partition.

-Recursive – It specifies getting all ad group members from a group that does not contain child objects.

Get-ADGroupMember Examples

Let’s understand using Get-AdGroupMember to list ad group members and export ad group members to the CSV file.

Get AD group by SAM account name

Get-ADGroup -Identity Administrators

In the above PowerShell script, the Get-AdGroup cmdlet is used to retrieve information about the Active Directory group "Administrators" specified by the Identity parameter.

This command returns the SAM account name for the Administrators ad group.

Get-AdGroupMember of Group

Use the Get-ADGroupMember cmdlet in PowerShell to get a list of all members of the AD group. Members can be users, groups, or computers.

In PowerShell to list ad group members of a specific group, use the Identity parameter. You can identify Active Directory groups by displayname, SAM account name, GUID, distinguished name, or security identifier.

Get-AdGroupMember -Identity "Group Name"

Get members of ad group

Use the Get-AdGroupMember cmdlet in PowerShell to get a list of all members in the Administrators ad group, and run the below script.

Get-AdGroupMember -Identity 'Administrators'

In the above PowerShell script, the Get-AdGroupMember gets a list of all members of AD group specified by the Identity parameter.

If you want to get members name only, use the Select command to select the ad group member name.

Get-AdGroupMember -Identity 'Administrators' | Select name

The output of the above PowerShell script to get an active directory group member name is:

PowerShell get ad group member name
PowerShell get ad group member name

Get AD group members Export to CSV file

PowerShell Get-AdGroupMember cmdlet get list of ad group members.

To get ad group members and export AD group members list to a CSV file, use the below command

Get-AdGroupMember -Identity 'Administrators' | Export-csv -Path D:\Powershell\adgroupmemers.csv  -NoTypeInformation

In the above PowerShell script, the Get-AdGroupMember command gets group members of Administrators ad group specified by the Identity parameter.

It gets all members of the “Administrators” active directory group and uses the Export-CSV to export group members of ad group to a CSV file.

Export members of a group to CSV file
Export members of a group to a CSV file

Export Ad Group Member Email Address to Csv

Use Get-AdGroupMember to get ad group member email addresses and export group members to the CSV file, run the following script.

Get-AdGroupMember -Identity 'SalesLeader' | Get-AdUser -Properties * | Select Name,Mail | Export-csv -Path D:\Powershell\adgroupmembers.csv  -NoTypeInformation

In the above PowerShell script, the Get-AdGroupMember cmdlet gets members of ad group and passes the output to the Get-AdUser cmdlet to get ad group member properties like Name and Email address and pass output to the third command.

Using the Export-Csv cmdlet in PowerShell, it exports ad group member email addresses to a CSV file.

Cool Tip: How to get adgroupmember count in PowerShell!

Export Ad Group Members from Specific OU

The Organizational Unit in Active Directory contains users, computers, and group objects. Use Get-AdGroupMember to list members of ad groups and export group members to a CSV file.

To export ad group members from specific OU to a CSV file with the group name and ad user name, run the below PowerShell script

$OU = 'OU=SALES,DC=SHELLPRO,DC=LOCAL'
# Get adgroups from specific OU
$adGroups =  Get-ADGroup -Filter * -SearchBase $OU

# Iterate through adgroups and get ad group name and user name
$adGroupMembers = foreach ($Group in $adGroups) {
    Get-ADGroupMember -Identity $Group -Recursive | Select-Object @{Name='Group';Expression={$Group.Name}}, @{Name='Member';Expression={$_.Name}}
}
# export ad group name and user to csv file
$adGroupMembers | Export-Csv -Path D:\adGroupMembers.csv -NoTypeInformation

In the above PowerShell script,

In the first command, we define Organizational Unit (OU) path

Using the Get-AdGroup cmdlet, it gets ad groups from specific OU.

In the next command, it uses foreach to iterate over ad groups recursively to get ad group members, group names, and user names belonging to the ad group in specific OU.

Using Export-Csv cmdlet in PowerShell, it exports members of ad group from specific OU to CSV file.

Cool Tip: How to get adgroupmember samaccountname in PowerShell!

Get members of Ad group including members of child groups

By default Get-AdGroupMember get list of all members from the active directory group. Use recursive the parameter to get members of a group and child groups.

Let’s consider if the Sales group contains user John Tigre and the group EUSalesLeader.

EUSalesLeader ad group contains user Smith Waugh.

Use Get-AdGroupMember with Recursive parameter to get John Tigre and Smith Waugh

Get-ADGroupMember -Identity "Sales" -Recursive

The above PowerShell script uses the Get-AdGroupMember command uses the Identity parameter to get all the members of the Sales ad group including members of the child group using the Recursive parameter.

Get-ADGroupMember FAQ

The term ‘Get-ADGroupMember’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.

To solve the above issue, the system must have an Active Directory module. You can check if the module is available or not using Get-Module -ListAvailable

If the Active Directory module is not available then import it using import-module activedirectory

Check the Active Directory module requirement at http://technet.microsoft.com/en-us/library/dd378937.aspx

How to resolve Get-ADGroupMember: The size limit for this request was exceeded?

If you are trying to list thousands of group members, you may come across a size limit for this request was exceed the issue with Get-AdGroupMember.

By default, the limit is 5000 objects. This limit is from Active Directory Web Service and applies to three cmdlets Get-ADGroupMember, Get-ADPrincipalGroupMembership, and Get-ADAccountAuthorizationGroup.

You can modify it in the config file. You will have to make sure to update the config file on each DC.

On Domain controller, open file at location C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe.config and look for appSettings tag, add below tag
<add key="MaxGroupOrMemberEntries" value="15000" />
Save the config file and restart the ADWS service on DC. Repeat the above step on each DC.

How to show the Get-AdGroupMember email address and user name?

Use the below command to the get-aduser account name, email address

Get-ADGroupMember "Asia_Sales_Users" | Sort -Property Name | foreach{ get-aduser $_ -Properties SamAccoutName| select Name, Surname, GivenName,
SamAccountname, EmailAddress | ft -AutoSize

Get-AdGroupMember examples?

If you want to get lists of users from one group and add them to another group

Get-ADGroupMember "asia_sales" | Get-ADUser | Foreach-Object {Add-ADGroupMember -Identity "India_sales" -Members $_}

How to use PowerShell to export members of ad groups to a CSV file?


Get-ADGroupMember -identity “Asia_Sales” | select name | Export-csv -path C:\PowerShell\adgroupmembers.csv -NoTypeInformation

This command list member of ad groups that belong to the Asia_Sales group and exports their information to the adgroupmembers.csv file using Export-csv

Conclusion

Hope you find and like the above article to get active directory group members using Get-AdGroupMember cmdlet is helpful and educational.

The PowerShell Active Directory module provides a powerful cmdlet to perform and export active directory members to CSV files.

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.

Leave a Comment