Export AD group members with PowerShell (2024)

Sometimes you want to export Active Directory group members to CSV file. For example, you must export all AD group members, only a particular OU or multiple groups. In this article, you will learn how to export AD group membership to CSV file with PowerShell.

Introduction

The Export-ADGroupMembers.ps1 PowerShell script will run against the distinguishedName that you set. After that, it will export the AD groups, including members, to CSV file. You can open the CSV file with Microsoft Excel or any other application that supports the CSV file extension.

The script will export the following information:

1. Name
2. Category
3. Scope
4. Members

Note: The Export-ADGroupMembers.ps1 PowerShell script gets the members of an Active Directory group. Members can be users, groups, and computers.

Export Active Directory group members PowerShell script

Before you start, you want to place the files in the right place. We recommend creating two folders with the name Scripts and Temp on the (C:) drive of the Management Server or Domain Controller.

Download and place Export-ADGroupMembers.ps1 PowerShell script in C:\Scripts folder.

Ensure the file is unblocked to prevent errors when running the script. Read more in the article Not digitally signed error when running PowerShell script.

Another option is to copy and paste the below code into Notepad. Give it the name Export-ADGroupMembers.ps1 and place it in the C:\scripts folder.

<# .SYNOPSIS Export-ADGroupMembers.ps1 .DESCRIPTION Export Active Directory group members to CSV file. .LINK www.alitajran.com/export-ad-group-members-powershell .NOTES Written by: ALI TAJRAN Website: www.alitajran.com LinkedIn: linkedin.com/in/alitajran .CHANGELOG V1.00, 03/22/2022 - Initial version V2.00, 03/25/2023 - Added extract contacts and groups + optimization for faster results#># Get year and month for CSV export file$DateTime = Get-Date -f "yyyyMMddhhmm"# Set CSV file name$CSVFile = "C:\temp\ADGroups_" + $DateTime + ".csv"# Set distinguishedName as searchbase, you can use one DN or multiple DNs# Or use the root domain like DC=exoip,DC=local$DNs = @( "DC=exoip,DC=local")# Create empty array for CSV data$CSVOutput = @()# Create empty array for AD groups$ADGroups = @()# Loop through DNsforeach ($DN in $DNs) { # Add every DN to AD groups $ADGroups += Get-ADGroup -Filter * -SearchBase $DN}# Set progress bar variables$i = 0$tot = $ADGroups.countforeach ($ADGroup in $ADGroups) { # Set up progress bar $i++ $status = "{0:N0}" -f ($i / $tot * 100) Write-Progress -Activity "Exporting AD Groups" -status "Processing Group $i of $tot : $status% Completed" -PercentComplete ($i / $tot * 100) # Ensure Members variable is empty $Members = "" # Get group members which are also groups and add to string $MembersArr = (Get-ADGroup -filter { Name -eq $ADGroup.Name } -Properties Members ).Members | Get-ADObject | select Name, objectClass, distinguishedName if ($MembersArr) { foreach ($Member in $MembersArr) { $MemDN = $Member.distinguishedName $UserObj = Get-ADUser -filter { DistinguishedName -eq $MemDN } if ($UserObj.Enabled -eq $False) { continue } if ($Member.objectClass -eq "user") { $Members = $Members + ",U-" + $Member.Name } elseif ($Member.objectClass -eq "contact") { $Members = $Members + ",C-" + $Member.Name } else { $Members = $Members + ",G-" + $Member.Name } } # Check for members to avoid error for empty groups if ($Members) { $Members = $Members.Substring(1, ($Members.Length) - 1) } } # Set up hash table and add values $HashTab = $null $HashTab = [ordered]@{ "Name" = $ADGroup.Name "Category" = $ADGroup.GroupCategory "Scope" = $ADGroup.GroupScope "Members" = $Members } # Add hash table to CSV data array $CSVOutput += New-Object PSObject -Property $HashTab}# Export report to CSV file$CSVOutput | Sort-Object Name | Export-Csv -Encoding UTF8 -Path $CSVFile -NoTypeInformation #-Delimiter ";"

• Line 30: Edit the target distinguishedName. You can have one DN or multiple DNs (more on that down below with different examples).

Get distinguished name

You need to add the distinguished name value in the PowerShell script. Follow the below steps to get the distinguished name in Active Directory:

1. Start Active Directory Users and Computers
2. Right-click the target and click Properties
3. Go to the Attribute Editor tab
4. Find the attribute distuingedName in the attributes list
5. Double-click to open the string and copy the value

Note: If you don’t see the Attribute Editor tab, click in Active Directory Users and Computers in the menu bar on View and enable Advanced Features.

Export AD group members to CSV

Run PowerShell as administrator. Change the path to the scripts folder. Run the PowerShell script to export AD group members to CSV file. Wait till it completes.

PS C:\> cd c:\scriptsPS C:\scripts> .\Export-ADGroupMembers.ps1

Go to the scripts folder and verify that you see the ADGroups_ file. Open the CSV file with your favorite application. In our example, it’s Microsoft Excel.

Export AD group members in OU

Get the OU distinguishedName and change line 30. In our example, it’s the OU Groups.

"OU=Groups,OU=Company,DC=exoip,DC=local"

Export AD group members in multiple OUs

Get the OUs distinguishedName and change line 30. In our example. it’s the OUs Groups1 and Groups2.

"OU=Groups1,OU=Company,DC=exoip,DC=local","OU=Groups2,OU=Company,DC=exoip,DC=local"

Export AD group members in particular group

Get the group distinguishedName and change line 30. In our example, it’s the group Pilot.

"CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local"

Export AD group members in multiple groups

Get the groups distinguishedName and change line 30. In our example, it’s the groups Pilot and HR.

"CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local","CN=HR,OU=Groups,OU=Company,DC=exoip,DC=local"

Did this help you to export AD group membership to CSV?

Read more: Copy members from one AD group to another »

Conclusion

You learned how to Export AD group members to CSV with PowerShell. There are a lot of groups in every organization, and it’s excellent to export them to CSV file. With the PowerShell script, you can select which Active Directory groups you want to export.

Did you enjoy this article? You may also like Export distribution group members to CSV with PowerShell. Don’t forget to follow us and share this article.