One common request I see is getting a list of users that belong to an Active Directory security group. This is requested for various reasons such as, a supervisor wants to know who has access to a folder, an auditor wants a list of users, or a cloud service needs to import a list of users from a CSV file.
The problem is…
The built-in Active Directory users and Computer tools have no option to export members from a group.
To accomplish this we can use PowerShell.
In this tutorial, I will walk through the steps for exporting group members to a CSV file.
Let’s get started.
Step 1: Load the Active Directory Module
To connect and query an AD group with PowerShell the Active Directory module needs to be loaded.
The Active Directory module can be installed with the following methods:
- RSAT tools installed
- Windows Server 2008 R2 and above with the AD DS or AD LDS server roles
You can run the following command to see if you have installed
As you can see I don’t have the module installed.
If you already have the module loaded then jump to step 2, if not following these instructions.
To get the Active Directory module installed on my Windows 10 PC, I will need to download and install the RSAT tools.
With the RSAT tools installed, I run the Get-Module -ListAvailable command again
Now I have the module installed, let’s move on to step 2.
Step 2: Find AD Group
If you already know the name of the group, then skip to step 3.
If you’re not sure what the group name is, you can issue the following command to list all Active Directory groups.
Get-ADGroup -filter * | sort name | select name
Above, is a screenshot of some of the groups listed in my domain. I had an HR group but wasn’t sure of its complete name, I can see it’s HR full. I’ll use that group in step 3 to list out the members.
Step 3: Use Get-AdGroupMember to list members
The following command will list all members of my HR Full group
Get-ADGroupMember -identity "HR Full"
You can see the above command provides more details on the group members than I need.
We can filter out the results and just get the member name with this command
Get-ADGroupMember -identity "HR Full" | select name
Perfect, now I just need to export this to CSV.
Step 4: Export group members to CSV file
The last step is to export the results to a CSV file
This is done by adding Export-csv to our above commands. The full command looks like this
Get-ADGroupMember -identity "HR Full" | select name | Export-csv -path c:\it\filename.csv -Notypeinformation
Get-ADGroupMember -identity “HR Full” | select name | Export-csv -path C:\it\filename.csv -NoTypeInformation
Now I have a CSV file of all the members from the HR Full Active Directory group.
Pretty easy right?
Method 2: Group Membership Report Tool
The AD Group Membership GUI Tool has the following benefits:
- Quickly find nested groups
- Search and filter results
- A huge list of user attributes to add or remove
- Very easy to use
- Easy to export to CSV
Step 1: Download and Install the AD Pro Toolkit
Step 2: Open AD Pro Toolkit and click on Group Membership Report
Step 3: Choose Paths and click run
- Entire Domain = Gets all groups and group members in the entire domain
- Select OU or Group = This lets you select one or multiple OUs or groups.
For this example, I’m going to select entire domain.
Now click the run button and you will get a report of groups and users in each group.
Step 4: Change user attributes (optional)
If you want to change the default user attributes just click on the change columns buttons. Add or remove the attributes you need and click ok.
Step 5: Export to CSV
At this point, you can export the report to a CSV file by clicking the export button and select “Export All Rows”.
Step 6: Filter Results and find nested groups (optional)
If you need to filter the report such as finding nested groups or displaying certain group types (security or distribution) then you can do that right in the tool. The tool comes with a powerful search and filter system.
In this example, I will find all nested groups.
You can right click on any column to access the filter options. To find all nested groups select “Filter Editor”
Set the filter to the screenshot below and click apply.
Now the report will be filtered to show all nested groups.
In the above screenshot, the first column is the source group and then the group column is the group it’s a member of. So Domain Users is a member of the Legal_Folders group. The next one down Accounting_Printers is a member of the Accounting_Local group.
This filtered report can now be exported to CSV.
The Group Membership Report Tool is a huge time saver and makes it so easy to report and export group membership.