Maybe you are trying to find a list of users that belong to the Administrator’s group, or you probably want to know who has access to which folder. Anyone from IT managers, security auditors, or even third-party services might want to get a list of Active Directory group members for several reasons.
Unfortunately, the built-in Active Directory Users and Computers (ADUC) tool does not give you an option to export lists of group members.
How do you get a list of users that belong to a particular Active Directory group?
Fortunately, you can export all the users in a group with a couple of simple PowerShell commands. All you need is PowerShell, the Power Shells’s “Active Directory” module, and a couple of simple commands.
In this Export AD Group Members tutorial, we’ll walk you step by step on the process of exporting AD group members into a CSV file using PowerShell.
1. Install and Verify PowerShell the Module
If you don't have PowerShell (PS), you can download its latest version from its GitHub repository. To use PowerShell for connecting and querying an Active Directory group, you’ll first need to install the AD module.
The Active Directory module is a package containing cmdlets, variables, functions, etc. It lets you run Active Directory commands from your PowerShell command session.
Bear in mind that; the installation process of the Active Directory module will vary according to different Powershell and Windows versions.
A. Verify the PowerShell Active Directory module is installed
First, let’s verify if you already have the AD module.
Get-Module -Listavailable
As shown in the previous screenshot, if you do have the module installed, skip to part two. If you don’t have the Active Directory module, move on to the next section.
B. Install the PowerShell Active Directory module
For Windows 8, Windows 8.1, and Windows 10, you only need to have RSAT installed. The RSAT enables all tools by default, so you can use the AD module without installing it.
For Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016, follow the instructions below:
Add the module as a feature from Server Manager.
Open “Server Manager” and go to > “Add Roles and Features.”
Click Next until you reach “Features.”
Go to Remote Server Administration Tools > Role Administration Tools > AD DS and AD LDS Tools.
Find and enable “Active Directory Module for Windows PowerShell.”
Click on “Install.”
Alternatively, you can also install the AD module from the PowerShell console itself. Run the command:
Install-WindowsFeature RSAT-AD-PowerShell
To make sure that the AD is installed successfully and can be used from PowerShell, open the PowerShell console, and use the Get-Module -Listavailable command again.
2. Find the Active Directory Group Name
If you want to export Active Directory group members with PowerShell but don’t know the exact name of their groups, you can also export a list containing all group information in Active Directory with PowerShell.
To do this, open your PowerShell console and run the following command:
get-adgroup -filter * | sort name | select Name
Running this command without filters would result in a complete but complicated output.
You should get a list of all your AD groups in your domain, similar to the screenshot above. This list should help you identify the correct name of the group that you want to export the members from.
3. Get a List of the Members of a Specific Group
Now that you already know all the available groups and their names using the “get-adgroup” command, you can specify the group you want to export members from.
Use the following command to list all the members of a specific group:
Get-AdGroupMember -identity "Group Name"
Let’s use this command to get a list of all the members in the “Administrators” Group.
As you might notice from the screenshot above, the command Get-AdGroupMember -identity “Group Name” gives you more details on the group members than what you probably need. You can narrow down your search results with the help of the filter (| select name). You can use the same command as above but add a filter to list only specific member names.
For example,
Get-AdGroupMember -identity "Administrators" | select name
4. Export AD Group Members to a CSV File
Now that you already have a complete filtered list of AD group members let’s go ahead and export these results to a CSV file. To do this, you only need to append “export-CSV” to the previous command “Get-ADGroupMember … ”.
So, now the command should look something like this:
Exporting a CSV file containing all member’s information can be very handy for large AD groups. Maybe you want to perform some automation tasks in bulk and need all the names from that specific group in a CSV file.
5. More Free AD Management?
For example, the SolarWinds Admin Bundle for Active Directory is a complete 100% free set of three GUI utilities that allow you to manage and automate some tasks in AD. This tool features three AD management tools:
Find inactive users and remove them
Find inactive computers and remove them.
Import users in bulk.
The first two tools scan your AD environment and find inactive users or computer accounts. They show you a list of inactive users, including their name and last login. You can export this information into a CSV file and “optionally” remove the accounts. The third tool, “Import users in bulk,” allows you to import a CSV file or XLS including new users’ information and automatically imports users in bulk.
Conclusion
In this tutorial, we used a couple of simple PowerShell commands to export AD group members. But the truth is that PowerShell can do so much more. It is a fantastic tool for automating and simplifying a massive amount of Active Directory tasks.
Still, PowerShell is not for everyone. As the more you intend to do, the more overwhelming it can get. PowerShell requires scripting knowledge.
Some free tools introduce automation and simply AD management. For example, SolarWinds Admin Bundle for Active Directory provides basic day-to-day administration functionalities. Plus, the tool is straightforward to use, comes with a friendly GUI, and is 100% free.
