How To Retrieve Windows AD Group Members using PowerShell
Introduction
As part of daily administration we are constantly being asked by Auditors and managers for a list of the individuals in groups. In the past and current we can still use the venerable net commands to get the access. With PowerShell we can it quickly and in a format easier than before. In this post we will over how to get the information and export it into other formats. To use the ActiveDirectory module you will want to run it on a server which will have the module to load.
Process
First step is to load the ActiveDirectory PowerShell module.
Open PowerShell and Import the ActiveDirectory module.
PS> Import-Module ActiveDirectory
Now for this example we are going to query the Domain Admins group, you can use any other group, and export to a text file in csv format. This command gives alot of information.
PS> Get-ADGroupMember "Domain Admins" | export-csv c:\domainadmins.txt -encoding "unicode"
This example give’s an output of three columns for name, SamAccountName (user name) and objectclass (user, computer, etc)
PS> Get-ADGroupMember "Domain Admins" | format-table -Property name,SamAccountName, objectClass
There is alot more information that can be outputted from the ActiveDirectory module as this is a just a tip of the iceberg.
Leave a Reply