Get a list of  AD groups and  their members

rookie_b
rookie_b used Ask the Experts™
on
I have a list of AD groups and would like to export them into a report, which includes both the group name and the members. Exporting directly to csv only gives me the members, so I was wondering if there was a way to get the group name as well. Is there an approach I could apply to other commands in general? How do I  include the object against which the command was run alongside the command output itself?

Thank you!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Citrix Technology Professional / Director of TechDev Services, IPM
Commented:
Credit goes to oBdA: https://www.experts-exchange.com/questions/29125750/Exporting-Groups-and-users-Names.html
List of global security groups and their members (if more than 5000 members in a group, adjust $maxUsers).

## Group-Type attribute: https://docs.microsoft.com/en-us/windows/desktop/adschema/a-grouptype
## Scope: System created: 0x00000001, Global: 0x00000002, DomainLocal: 0x00000004, Universal: 0x00000008
## Security: Add 0x80000000, otherwise Distribution
$outFile = 'C:\Users\xxx\Documents\GroupMembers.csv'
$textInfo = (Get-Culture).TextInfo
$maxUsers = 5000
Get-ADGroup -Filter "(groupType -eq 0x80000002) -and (name -ne 'Domain Users') -and (name -ne 'Domain Computers')" -ResultSetSize $maxUsers -Properties Members | ForEach-Object {
	$group = $_
	$_.Members | Get-ADObject -Properties DisplayName, SamAccountName |
		Select-Object -Property `
			@{n='Group SamAccountName'; e={$group.SamAccountName}},
			@{n='Group Name'; e={$group.Name}},
			@{n='Group Category'; e={$group.GroupCategory}},
			@{n='Group Scope'; e={$group.GroupScope}},
			@{n='Member Type'; e={$textInfo.ToTitleCase($_.objectClass)}},
			@{n='Member SamAccountName'; e={$_.SamAccountName}},
			@{n='Member Name'; e={$_.Name}},
			@{n='Member DistinguishedName'; e={$_.DistinguishedName}},
			@{n='Group DistinguishedName'; e={$group.DistinguishedName}}
} | Export-Csv -NoTypeInformation -Path $outFile

Open in new window

you can use an ldap browser and issue a regular ldap command. that will allow to query any attribute.

Author

Commented:
Thank you Sam!

In my case  I actually prefer your suggestion in the post you referenced. All I had to change is the way how "$ADgroups" was defined and later referenced, so I can use a list of groups, rather than all security groups.

Thank you skullnobrains!

This is something I will definitely explore in the future.


Cheers!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial