Export AD Group Members With PowerShell - ALI TAJRAN

Sometimes you want to export Active Directory group members to CSV file. For example, you must export all AD group members, only a particular OU or multiple groups. In this article, you will learn how to export AD group membership to CSV file with PowerShell.

Table of contents

• Introduction
• Export Active Directory group members PowerShell script
  • Get distinguished name
• Export AD group members to CSV
• Export AD group members in OU
• Export AD group members in multiple OUs
• Export AD group members in particular group
• Export AD group members in multiple groups
• Conclusion

Introduction

The Export-ADGroupMembers.ps1 PowerShell script will run against the distinguishedName that you set. After that, it will export the AD groups, including members, to CSV file. You can open the CSV file with Microsoft Excel or any other application that supports the CSV file extension.

The script will export the following information:

1. Name
2. Category
3. Scope
4. MemberName
5. MemberType

Note: The Export-ADGroupMembers.ps1 PowerShell script gets the members of an Active Directory group. Members can be users, groups, and computers.

Export Active Directory group members PowerShell script

Before you start, you want to place the files in the right place. We recommend creating two folders with the name Scripts and Temp on the (C:) drive of the Management Server or Domain Controller.

Download and place Export-ADGroupMembers.ps1 PowerShell script in C:\Scripts folder.

Ensure the file is unblocked to prevent errors when running the script. Read more in the article Not digitally signed error when running PowerShell script.

Another option is to copy and paste the code below into Notepad. Give it the name Export-ADGroupMembers.ps1 and place it in the C:\scripts folder.

<# .SYNOPSIS Export-ADGroupMembers.ps1 .DESCRIPTION Export Active Directory group members to CSV file. .LINK www.alitajran.com/export-ad-group-members-powershell .NOTES Written by: ALI TAJRAN Website: www.alitajran.com LinkedIn: linkedin.com/in/alitajran .CHANGELOG V1.00, 03/22/2022 - Initial version V2.00, 03/25/2023 - Added extract contacts and groups + optimization for faster results V3.00, 09/28/2024 - Members are now listed on separate rows for each group #> # Get year and month for CSV export file $DateTime = Get-Date -f "yyyyMMddhhmm" # Set CSV file name $CSVFile = "C:\temp\ADGroups_" + $DateTime + ".csv" # Set distinguishedName as searchbase, you can use one DN or multiple DNs # Or use the root domain like DC=exoip,DC=local $DNs = @( "DC=exoip,DC=local" ) # Initialize a List to store the data $Report = [System.Collections.Generic.List[Object]]::new() # Loop through DNs foreach ($DN in $DNs) { # Add every DN to AD groups $ADGroups = Get-ADGroup -Filter * -SearchBase $DN } # Set progress bar variables $i = 0 $tot = $ADGroups.count # Loop through AD groups foreach ($ADGroup in $ADGroups) { # Set up progress bar $i++ $status = "{0:N0}" -f ($i / $tot * 100) Write-Progress -Activity "Exporting AD Groups" -status "Processing Group $i of $tot : $status% Completed" -PercentComplete ($i / $tot * 100) # Get group members $MembersArr = (Get-ADGroup -filter { Name -eq $ADGroup.Name } -Properties Members).Members | Get-ADObject | Where-Object { $_.ObjectClass -ne 'computer' } | Select-Object Name, objectClass, distinguishedName if ($MembersArr) { foreach ($Member in $MembersArr) { # Create PSCustomObject for each member $ReportLine = [PSCustomObject]@{ "Group" = $ADGroup.Name "Category" = $ADGroup.GroupCategory "Scope" = $ADGroup.GroupScope "MemberName" = $Member.Name "MemberType" = $Member.objectClass } $Report.Add($ReportLine) } } else { # Create an entry for an empty group $ReportLine = [PSCustomObject]@{ "Group" = $ADGroup.Name "Category" = $ADGroup.GroupCategory "Scope" = $ADGroup.GroupScope "MemberName" = "" "MemberType" = "" } $Report.Add($ReportLine) } } # Sort the report by group name and then by member type $SortReport = $Report | Sort-Object "Group", "MemberType" # Export report to CSV file $SortReport | Export-Csv -Encoding utf8 -Path $CSVFile -NoTypeInformation

• Line 31: Edit the target distinguishedName. You can have one DN or multiple DNs (more on that down below with different examples).

Get distinguished name

You need to add the distinguished name value in the PowerShell script. Follow the steps below to get the distinguished name in Active Directory:

1. Start Active Directory Users and Computers
2. Right-click the target and click Properties
3. Go to the Attribute Editor tab
4. Find the attribute distuingedName in the attributes list
5. Double-click to open the string and copy the value

Note: If you don’t see the Attribute Editor tab, click in Active Directory Users and Computers in the menu bar on View and enable Advanced Features.

Export AD group members to CSV

Run PowerShell as administrator and run the PowerShell script to export AD group members to CSV file. Wait till it completes.

C:\scripts\.\Export-ADGroupMembers.ps1

Go to the scripts folder and verify that you see the ADGroups_ file. Open the CSV file with your favorite application. In our example, it’s Microsoft Excel.

Export AD group members in OU

Get the OU distinguishedName and change line 31. In our example, it’s the OU Groups.

"OU=Groups,OU=Company,DC=exoip,DC=local"

Export AD group members in multiple OUs

Get the OUs distinguishedName and change line 31. In our example. it’s the OUs Groups1 and Groups2.

"OU=Groups1,OU=Company,DC=exoip,DC=local", "OU=Groups2,OU=Company,DC=exoip,DC=local"

Export AD group members in particular group

Get the group distinguishedName and change line 31. In our example, it’s the group Pilot.

"CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local"

Export AD group members in multiple groups

Get the groups distinguishedName and change line 31. In our example, it’s the groups Pilot and HR.

"CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local", "CN=HR,OU=Groups,OU=Company,DC=exoip,DC=local"

Did this help you to export AD group membership to CSV?

Read more: Copy members from one AD group to another »

Conclusion

You learned how to Export AD group members to CSV with PowerShell. There are a lot of groups in every organization, and it’s excellent to export them to CSV file. With the PowerShell script, you can select which Active Directory groups you want to export.

Did you enjoy this article? You may also like Export distribution group members to CSV with PowerShell. Don’t forget to follow us and share this article.