We help IT Professionals succeed at work.

Exporting Groups and users Names

We need to Export all Security  Distribution Groups with all users names  into a csv file
i have used  and got some info in the CMD and some in powershell.
Does someone have the exact script for this?
Comment
Watch Question

Sam JacobsCitrix Technology Professional / Director of TechDev Services, IPM

Commented:
Try this:
$filePath = "C:\PSoutput"
$ADGroups = Get-ADGroup -Filter * -Properties  Member | Where GroupCategory -eq "Security" | Sort Name 
foreach ($group in $ADgroups) {
    Get-ADGroupMember $group.Name |
    Select @{n='Group Name'; e={$group.Name}},
    @{n='User Name'; e={$_.Name}} |
    Export-Csv "$($filePath)\SecurityGroupMembers.csv" -NoTypeInformation -Append
}

Open in new window

Most Valuable Expert 2019
Most Valuable Expert 2018

Commented:
Please clarify "all Security  Distribution Groups" - there are no "Security Distribution Groups"; a group is either a security or a distribution group. And which scope are you after, Global, DomainLocal, Universal, all of the above?
And when asking questions about AD reports, please specify the approximate size of your AD.
Sam's script might work for you, but there are some general issues with it (details follow in a separate comment), so here's a different approach:
## Group-Type attribute: https://docs.microsoft.com/en-us/windows/desktop/adschema/a-grouptype
## Scope: System created: 0x00000001, Global: 0x00000002, DomainLocal: 0x00000004, Universal: 0x00000008
## Security: Add 0x80000000, otherwise Distribution
$outFile = 'C:\Temp\GroupMembers.csv'
$textInfo = (Get-Culture).TextInfo
Get-ADGroup -Filter "(groupType -eq 0x80000002) -and (name -ne 'Domain Users') -and (name -ne 'Domain Computers')" -ResultSetSize $null -Properties Members | ForEach-Object {
	$group = $_
	$_.Members | Get-ADObject -Properties DisplayName, SamAccountName |
		Select-Object -Property `
			@{n='Group SamAccountName'; e={$group.SamAccountName}},
			@{n='Group Name'; e={$group.Name}},
			@{n='Group Category'; e={$group.GroupCategory}},
			@{n='Group Scope'; e={$group.GroupScope}},
			@{n='Member Type'; e={$textInfo.ToTitleCase($_.objectClass)}},
			@{n='Member SamAccountName'; e={$_.SamAccountName}},
			@{n='Member Name'; e={$_.Name}},
			@{n='Member DistinguishedName'; e={$_.DistinguishedName}},
			@{n='Group DistinguishedName'; e={$group.DistinguishedName}}
} | Export-Csv -NoTypeInformation -Path $outFile

Open in new window

Most Valuable Expert 2019
Most Valuable Expert 2018

Commented:
Some comments to PS in general and AD queries in particular.
* Use the ForcePipeline - if the pipeline is properly used (instead of collecting all results in intermediate variables), PowerShell will happily process millions of objects, without any noticeable impact to memory usage.
* Always filter as close to the source as possible. It's way more efficient (and less work for AD) to specify a proper filter when querying AD, than to just let AD deliver everything it has to offer and filter in PowerShell.
* Only retrieve the AD properties you need; the members property (which can be quite large) requested in Get-ADUser is never used later on.
* The Get-AD<Object> cmdlets have a default limit of 1000 objects. Should an AD exceed that, you need to set ResultSetSize to $null to retrieve everything.
* Get-ADGroupMember (to be more precise: the Active Directory Web Services that Get-ADGroupMember uses) is limited to 5000 members.
* Using the group's Name as identity for Get-ADGroupMember is not correct; the Name attribute is not unique. In a worst case scenario, there's a group with a name of "GroupABC" and a SamAccountName of "Group", and a group with a name of "GroupABCDEF" with a SamAccountName of "GroupABC". When passing the "GroupABC" name, AD will actually return the GroupABCDEF object. Just pass the group object itself, or the DistinguishedName.
* A group can contain other object types than just users, so naming a property "User Name", even though the object could be a computer or anothre group, might be confusing.
* An AD object name is not unique and should not be the sole identifying property in a report. You can have two user objects with a name of "jdoe" in different OUs, but not two users with a SamAccountName of "jdoe".
* "Export-Csv -Append ..." inside a loop is very inefficient. The file has to be opened and closed for every single element, and PS will check every single time whether the existing columns in the csv will match the properties of the object added.
Try this Script:
$Groups = Get-ADGroup -Properties * -Filter * -SearchBase "OU=Groups,DC=corp,DC=ourcompany,DC=Com"
Foreach($G In $Groups)
{
Write-Host $G.Name
Write-Host "-------------"
$G.Members
}

Open in new window


Source: http://expert-advice.org/active-directory/export-list-of-all-active-directory-security-groups-with-their-members/
Sam JacobsCitrix Technology Professional / Director of TechDev Services, IPM

Commented:
Thanks, oBdA, for your detailed comments. I'm always in "learn" mode.

Author

Commented:
Guys thanks but I could not get it to work?
Sam JacobsCitrix Technology Professional / Director of TechDev Services, IPM

Commented:
Are you receiving any errors? If so, what are they?

Author

Commented:
Hey Guys,

The requested  question  for the project, I was working on has changed.
So we do not need to pursue this for.

Thank you