Supervisors, auditors, or service are always asking for a list of users and groups from our clients active directory. The trouble is that natively there’s no export feature or option to export this information in active directory. We absolutely avoid installing software on clients computers whenever possible. Luckily we can accomplished this effectively by using PowerShell .
I’m going to take you step by step on how to use PowerShell to export the groups user list to a .csv file.
1. First run PowerShell as administrator
Run PowerShell as an administrator from a workstation on the network and member of the domain.
2. Load the Active Directory Module
In order to run queries to an AD group using PowerShell you must first load the Active Directory module.
The Active Directory module can be installed using the following 2 methods:
- On Windows Server 2008 R2 and above with the AD DS or AD LDS server roles.
- Installing RSAT tools.
You can run the following command to check if you have these installed
If you see the AD module loads then proceed to step 3. If the module doesn’t load install the RSAT tools. Then run the Get-Module -ListAvailable command again.
3. List And Find AD Groups
If you already know the name of the group, then proceed to step 4.
If you’re not sure about the name of the group, you can run the following command to list all groups in Active Directory.
Get-adgroup -filter * | sort name | select Name
Here you can see a list of all the groups in the domain. From here on we’ll be using the “HR FULL” group.
4. List The Members Of Group
To get a list of all the members in the “HR FULL” group run the following command.
Get-AdGroupMember -identity "HR Full"
Above you can see the command provides more details on the group members
We can filter out the results to just the members names with this command.
Get-AdGroupMember -identity "HR Full" | select name
Great, so far! Now all we need is to export the list to a .csv.
5. Exporting Group Members To A CSV File
Finally to export the list of group members to a csv file run the following command.
Get-ADGroupMember -identity “HR Full” | select name | Export-csv -path C:\Output\Groupmembers.csv -NoTypeInformation
Note: The path and file name can be anything you want. for this example we used “C:\Output\Groupmembers.csv”.
Always avoid when ever possible installing 3rd party apps on client computers. There are many 3rd party applications that have a GUI and can do the same thing, but its always best to try using what you have at hand.
Click here for another article that may help with PowerShell.