Exporting AD Group Members

Posted on 2004-09-05
Last Modified: 2010-08-05
Hello everyone,

Hopefully this will be an easy one for you...

When I look at the members of an AD group all I see is 'members' (showing their logon name) and 'Active Directory Folder' (showing domain\Users). Unfortunately the logon name does not show their first and last names, rather it shows their logon name we gave them when we had our NT domain. Now that we have migrated to W2K I can see their names in the users view but the group view dows not seem to have first and last names....

My question is this: How do you view this information without looking at each members login name, then going to their User Object properties to find their first and last names? And better yet, is there a way of exporting it into a txt file?


Question by:alsace
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
LVL 16

Accepted Solution

JamesDS earned 150 total points
ID: 11987734
Take a look at DUMPSEC from SOMARSOFT.COM - an excellent reporting tool that outputs into text files, screen and Excel format.

You could try altering the displayname field to "LastName, FirstName" by renaming each user. The Account itself will retain the same login name (see the Account tab in the properties), but will display as anything you like.


LVL 85

Assisted Solution

oBdA earned 100 total points
ID: 11987902
The fastest thing to do is to open your ADUC MMC, then from the "View" menu, choose "Add/Remove columns". Add "Display Name".
What you're currently seeing in the MMC in the "Name" column is the Distinguished Name of the AD object. You can right-click the user and change the name there; this will not change the logon name (so the users won't notice this), but you will then see the changed user's name in the Name column.
In addition to this, you still have (in the user's profile itself) first name, last name, display name, the User Principal Name, and the pre-Windows 2000 logon name (which is the one your users are logging on with). Except for the display name and the pre-W2k name, all those names will be empty after the NT4 migration.

Author Comment

ID: 11994365
Thanks for thefeedback guys...

oBdA - This technique helped if I wanted to see the first and last names in the USERS view, but the fields are not populated in the GROUP view (which is what I want). Furthermore, when I actually go into the group properties it only shows the username and active directory folder views...not the first and last name attributes..

JamesDS - This tool was pretty good (especially for freeware), but again when dumping group membership it specifies usernames by default, and I can't see how this can be changed (I found another tool on the same site - 'exporter' - which was also good but had the same results..)

I basically want to be able to customise the view by choosing the ATTRIBUTES in the schema that I want (in this case first name, last name) rather than the username. Unfortunately my predecessors decided to use a login name that had no bearing whatsoever on the user's actual therein lies my problem.

I have found a workaround however - I used DumpSec (as suggested by jamesDS) to export the group members of the groups I was interested in (by username). I then did the same with all users in our domain using the 'Dump Users As Table Fast (names only)' option - this gave me usernames and full names, but no group m'ships. I saved each export as a CSV, combined them, and then did a VLOOKUP in excel to map the usernames (in the group membership export) to full names (in the domain users export). his worked a treat.

The only problem it is fiddly - I 'm sure there must be a tool to view the schema attributes of the members of a group, and export the ones that I want...?

Thanks again guys - appreciate your help.... if there are no closer replies within the next 24hrs I am going to award the points to JamesDS as it achived what I wanted (with some tweaking).

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

LVL 16

Expert Comment

ID: 11994385

For complete flexibility you should consider VBScript. Look for a tool that enumerates groups and returns information about their attributes. and the Microsoft ScriptCenter are excellent scripting resources.

LVL 85

Expert Comment

ID: 11997174
To view the members by name in the group membership as well, you'll have to change the users' Distinguished Name, as I suggested before; this is the one you see in the regular "Name" column. You can right-click those and change them; this will NOT change their logon name.

Author Comment

ID: 12001974
Understood oBdA - and I think I will need to get someone to painstakingly rename everyone in the domain, but for my requirements this is a completely redundant exercise, as it will require me changing each users name - which will need me to identify each user in the group that I want, which is exactly what I wanted to avoid if I could. I realise this is the long term solution, but I wanted to pull out the Display Name attribute for group membership a really quick way, as the default group membership view shows the name attribute - which in our case is the pre W2K logon.

This was obviously harder than I thought! I really appreciate your help guys... as such I have increased the Q value to 250 and will split the points - 150 to JamesDS, and 100 to oBdA for the long term solution.



Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
The recent Petya-like ransomware attack served a big blow to hundreds of banks, corporations and government offices The Acronis blog takes a closer look at this damaging worm to see what’s behind it – and offers up tips on how you can safeguard your…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question