One common request I see is getting a list of users that belong to an Active Directory security group. This is requested for various reasons such as, supervisor wants to know who has access to a folder, auditor wants a list of users, 3rd party program or cloud service needs to import a list of users from a csv file.
The problem is…
The built in Active Directory users and Computer tool has no option to export members from a group.
To accomplish this we can use PowerShell.
In this tutorial, I will walk through the steps for exporting group members to a csv file.
Let’s get started.
Step 1: Load the Active Directory Module
To connect and query an AD group with PowerShell the Active Directory module needs to be loaded.
The Active Directory module can be installed with the following methods:
- Having RSAT tools installed
- Windows Server 208 R2 and above with the AD DS or AD LDS server roles
You can run the following command to see if you have installed
As you can see I don’t have the module installed.
If you already have the module loaded then jump to step 2, if not following these instructions.
To get the Active Directory module installed on my Windows 10 PC, I will need to download and install the RSAT tools.
With the RSAT tools installed, I run the Get-Module -ListAvailable command again
Now I have the module installed, let’s move on to step 2.
Step 2: Find AD Group
If you already know the name of the group, then skip to step 3.
If you’re not sure what the group name is, you can issue the following command to list all Active Directory groups.
get-adgroup -filter * | sort name | select Name
Above, is a screenshot of some of the groups listed in my domain. I had an HR group but wasn’t sure of its complete name, I can see it’s HR full. I’ll use that group in step 3 to list out the members.
Step 3: Use Get-AdGroupMember to list members
The following command will list all members of my HR Full group
Get-AdGroupMember -identity HR Full
You can see the above command provides more details on the group members than I need.
We can filter out the results and just get the member name with this command
Get-AdGroupMember -identity "HR Full" | select name
Perfect, now I just need to export this to csv.
Step 4: Export group members to csv file
The last step is to export the results to a scv file
This is done by adding Export-csv to our above commands. The full command looks like this
Get-ADGroupMember -identity “HR Full” | select name | Export-csv -path C:\Output\Groupmembers.csv -NoTypeInformation
Now I have a csv file of all the members from the HR Full Active Directory group.
Pretty easy right?
Recommended Tool: SolarWinds Server & Application Monitor (SAM)
This utility was designed to Monitor Active Directory and other critical applications. It will quickly spot domain controller issues, prevent replication failures, track failed logon attempts and much more.
What I like best about SAM is it’s easy to use dashboard and alerting features. It also has the ability to monitor virtual machines and storage.