Get-AdGroupMember PowerShell cmdlet gets AD group members, members can be users, computers, or groups. Administrator often needs to export active directory group members to CSV file to know who are the users in the group or particular distribution list.
Windows PowerShell Active Directory module is one of the popular modules to manage the active directory domains, manage objects in the active directory, and get information about computers, and users.
Active Directory module consolidates a group of cmdlets which helps to manage different objects, get AD group members, and export active directory group members.
Using Get-AdGroupMember cmdlet, you can easily get ad group members from the active directory and export ad group members to CSV or file.
In this article, I will explain Get-ADGroupMember examples, how to use the cmdlet to list group members in PowerShell and how to get ad group members, and export members of the group to a CSV file.
Table of Contents hide
1Getting Started
2Get-ADGroupMember
2.1Get-AdGroupMember Syntax
3Get-ADGroupMember Examples
4Get AD group by SAM account name
5Get-AdGroupMember of Group
6Get members of ad group
7Get AD group members Export to csv file
8Export Ad Group Members Email Address to Csv
9Export Ad Group Members from Specific OU
10Get members of Ad group including members of child groups
11Get-ADGroupMember FAQ
12Conclusion
Getting Started
To use Active Directory cmdlets, your system needs to have the following requirement
- PowerShell Active Directory module to be installed
- Users with administrator access or have enough access to read AD group information
Tip: To know which modules are available in the system, run the below command in PowerShell ISE
Get-Module -ListAvailable
Get-ADGroupMember
PowerShell Get-ADGroupMember cmdlet get ad group members. Ad group members can be users, computers, or groups.
Get-AdGroupMember Syntax
Get-ADGroupMember [-AuthType <ADAuthType>] [-Credential <PSCredential>] [-Identity] <ADGroup> [-Partition <String>] [-Recursive] [-Server <String>] [<CommonParameters>]
Let’s understand the Get-ADGroupMember cmdlet key parameter as below:
–AuthType – It specifies the authentication method to use. AuthType parameter accepts either Basic (or 1) or Negotiate (or 0). It has Negotiate default authentication method.
SSL (Secure Socket Layer) connection is required to use the Basic Authentication method.
–Credential PSCredential – It specifies user credentials required to perform the Get-ADGroup search for the group. It default accepts the credentials of logged-on users.
To use the Credential parameter, use username as User1 or domain\User1 or you can create and use PSCredential object by using Get-Credential cmdlet.
-Identity – It specifies Active Directory group object search using the distinguished name, GUID, security identifier or SAMAccountName
-Partition – It specifies the distinguished name of an active directory partition.
-Recursive – It specifies to get all ad group members from a group that does not contain child objects.
Get-ADGroupMember Examples
Let’s understand using Get-AdGroupMember to list ad group members and export ad group members to the CSV file.
Get AD group by SAM account name
Get-ADGroup -Identity Administrators
This command returns the SAM account name Administrators.
Get-AdGroupMember of Group
Till now, we have seen Get-ADGroup cmdlet to get one or more groups from Active Directory. You can use the Get-ADGroupMember cmdlet to get a list of all members of the AD group. Members can be users, groups, or computers.
In PowerShell to list ad group members of a specific group, use the Identity parameter. You can identify groups by displayname, SAM account name, GUID, distinguished name, or security identifier.
Get-AdGroupMember -Identity "Group Name"
Get members of ad group
If you want to get list of all members in the Administrators ad group, use the below command
Get-AdGroupMember -Identity 'Administrators'
In the above command, Get-AdGroupMember gets list of all members of AD group specified by the Identity parameter.
If you want to get members name only, you can filter the above command as below
Get-AdGroupMember -Identity 'Administrators' | Select name
Get AD group members Export to csv file
PowerShell Get-AdGroupMember cmdlet get list of ad group members.
To get ad group members and export AD group members list to a CSV file, use the below command
Get-AdGroupMember -Identity 'Administrators' | Export-csv -Path D:\Powershell\adgroupmemers.csv -NoTypeInformation
Above Get-AdGroupMember command get group members of Administrators as ad group specified by the Identity parameter.
It gets all members of administrators active directory group and using Export-CSV it export group members of ad group to CSV file.
Export Ad Group Members Email Address to Csv
If you want to export ad group members email address to a CSV file, use Get-AdGroupMember to get ad group members and export them to the CSV file as below
Get-AdGroupMember -Identity 'SalesLeader' | Get-AdUser -Properties * | Select Name,Mail | Export-csv -Path D:\Powershell\adgroupmembers.csv -NoTypeInformation
In the above PowerShell script, Get-AdGroupMember cmdlet get members of ad group and passes the output to the second command.
The second command uses the Get-AdUser cmdlet to get ad group member properties like Name and Email address and pass output to the third command.
Using Export-Csv cmdlet in PowerShell, it exports ad group members email address to a CSV file.
Cool Tip: How to get-adgroupmember count in PowerShell!
Export Ad Group Members from Specific OU
The Organizational Unit in Active Directory contains users, computers, and group objects. Use Get-AdGroupMember to list members of ad groups and export to CSV file.
To export ad group members from specific OU to a CSV file with group name and ad user name, run below PowerShell script
$OU = 'OU=SALES,DC=SHELLPRO,DC=LOCAL'# Get adgroups from specific OU$adGroups = Get-ADGroup -Filter * -SearchBase $OU# Iterate through adgroups and get ad group name and user name$adGroupMembers = foreach ($Group in $adGroups) { Get-ADGroupMember -Identity $Group -Recursive | Select-Object @{Name='Group';Expression={$Group.Name}}, @{Name='Member';Expression={$_.Name}}}# export ad group name and user to csv file$adGroupMembers | Export-Csv -Path D:\adGroupMembers.csv -NoTypeInformationIn the above PowerShell script,
In the first command, we define Organizational Unit (OU) path
Using the Get-AdGroup cmdlet, it gets ad groups from specific OU.
In the next command, it uses foreach to iterate over ad groups recursively to get ad group members, group names, user names belonging to the ad group in specific OU.
Using Export-Csv cmdlet in PowerShell, it exports ad group members from specific OU to CSV file.
Cool Tip: How to get adgroupmember samaccountname in PowerShell!
Get members of Ad group including members of child groups
By default Get-AdGroupMember get list of all members from the active directory group. However, If you want to get members of a group and child groups as well then use recursive parameter.
Let’s consider if the Sales group contains user John Tigre and the group EUSalesLeader.
EUSalesLeader ad group contains user Smith Waugh.
Use Get-AdGroupMember with Recursive parameter to get John Tigre and Smith Waugh
Get-ADGroupMember -Identity "Sales" -Recursive
This command gets all the members of the Sales group including members of the child group using Get-AdGroupMember recursive parameter.
Get-ADGroupMember FAQ
The term ‘Get-ADGroupMember’ is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
To solve the above issue, the system must have an Active Directory module. You can check if the module is available or not using Get-Module -ListAvailable
If the Active Directory module is not available then import it using import-module activedirectory
Check Active Directory module requirement at http://technet.microsoft.com/en-us/library/dd378937.aspx
How to resolve Get-ADGroupMember: The size limit for this request was exceeded?
If you are trying to list thousands of group members, you may come across a size limit for this request was exceed the issue with Get-AdGroupMember.
By default, the limit is 5000 objects. This limit is from Active Directory Web Service and applies to three cmdlets Get-ADGroupMember, Get-ADPrincipalGroupMembership, and Get-ADAccountAuthorizationGroup.
You can modify it in the config file. You will have to make sure to update the config file on each DC.
On Domain controller, open file at location C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe.config and look for appSettings tag, add below tag<add key="MaxGroupOrMemberEntries" value="15000" />
Save the config file and restart ADWS service on DC. Repeat the above step on each DC.
How to show the Get-AdGroupMember email address, and user name?
Use the below command to the get-aduser account name, email address
Get-ADGroupMember "Asia_Sales_Users" | Sort -Property Name | foreach{ get-aduser $_ -Properties SamAccoutName| select Name, Surname, GivenName,
SamAccountname, EmailAddress | ft -AutoSize
Get-AdGroupMember examples?
If you want to get lists of users from one group and add them to another group
Get-ADGroupMember "asia_sales" | Get-ADUser | Foreach-Object {Add-ADGroupMember -Identity "India_sales" -Members $_}
How to use PowerShell to get ad group members export to CSV file?
Get-ADGroupMember -identity “Asia_Sales” | select name | Export-csv -path C:\PowerShell\adgroupmembers.csv -NoTypeInformation
This command list member of ad groups that belong to the Asia_Sales group and exports their information to the adgroupmembers.csv file using Export-csv
Conclusion
Hope you find and like the above article to get active directory group members using Get-AdGroupMember cmdlet is helpful and educational.
PowerShell Active Directory module provides a powerful cmdlet to perform and export active directory members to CSV files.
You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.
FAQs
How do I export a group of members to a CSV file? ›
Export AD group members to CSV
Run PowerShell as administrator. Change the path to the scripts folder. Run the PowerShell script to export AD group members to CSV file. Wait till it completes.
All you need to do is open ADUC, navigate to your desired OU, and click the Export List button. This will export all of the accounts in the OU to a tab delimited text file. If you want to view the data in CSV form just change the extension from . txt to .
How do I get a list of members of AD group? ›You can use the Get-ADGroupMember cmdlet to get a list of all members of the AD group. Members can be users, groups, or computers. In PowerShell to list ad group members of a specific group, use the Identity parameter.
How do I export Azure AD group members? ›In Azure AD, select Groups > All groups. Open the group whose membership you want to download, and then select Members. On the Members page, select Download members to download a CSV file listing the group members.