Compare AD group members with PowerShell

We have two security groups in Active Directory, and we want to compare the members in both of these groups. What is the quickest way to compare AD group members and export the results? In this article, you will learn how to compare members of two AD security groups with PowerShell.

Introduction

If you have a couple of members, you can compare them in Active Directory Users and Computers (ADUC). But what if you have many members, let’s say a thousand. Or, what if you want to be precise with comparing members.

Reading another group from a list and comparing them to another group is not bulletproof. You can miss a member, and that’s not what you want. That’s when you want to use PowerShell.

In our example, we like to compare the members from the AD group Group_A with AD group Group_B.

• Source: Group_A
• Target: Group_B

AD members that we can compare

To compare members of two AD groups will work for all group scopes and group types:

• Group scope: Domain local / Global / Universal
• Group type: Security / Distribution

Comparing members will work criss-cross between the AD groups. For example, if you have members in a Global Security and you want to compare members with another Universal Distribution group, it works excellent.

In our example, we will compare members from a Universal Security group to another Universal Security group.

Good to know is that it will compare the users, groups, and computers from the members group.

Compare members of two AD groups

Run PowerShell as administrator. List the members in the source AD group by running the Get-AdGroupMember cmdlet.

PS C:\> Get-ADGroupMember -Identity "Group_A" | Select-Object Name | Sort-Object Name

Name
----
Abigail Hodges
Amanda Morgan
Finance
Jonathan Fisher
Kevin Grant
Max Fraser
Sebastian Nolan
Simon Berry
Thomas Wilkins
Zoë Roberts

Compare the groups with the Compare-Object cmdlet. The Compare-Object cmdlet will show the values as:

• == The object type is in both groups
• <= The object type is in the source group
• => The object type is in the target group

This will show the user’s Name.

PS C:\> Compare-Object (Get-ADGroupMember "Group_A") (Get-ADGroupMember "Group_B") -Property "Name" -IncludeEqual | Sort-Object Name

Name            SideIndicator
----            -------------
Abigail Hodges  <=
Amanda Morgan   ==
Finance         <=
Grace Rees      =>
Jonathan Fisher <=
Kevin Grant     <=
Max Fraser      <=
Sebastian Nolan <=
Simon Berry     <=
Thomas Wilkins  <=
Zoë Roberts     <=

Or if you want the user’s SamAccountName instead.

PS C:\> Compare-Object (Get-ADGroupMember "Group_A") (Get-ADGroupMember "Group_B") -Property "SamAccountName" -IncludeEqual | Sort-Object SamAccountName

SamAccountName  SideIndicator
--------------  -------------
Abigail.Hodges  <=
Amanda.Morgan   ==
Finance         <=
Grace.Rees      =>
Jonathan.Fisher <=
Kevin.Grant     <=
Max.Fraser      <=
Sebastian.Nolan <=
Simon.Berry     <=
Thomas.Wilkins  <=
Zoe.Roberts     <=

Export CSV file to the path C:\temp\CompareMembers.csv.

PS C:\> Compare-Object (Get-ADGroupMember "Group_A") (Get-ADGroupMember "Group_B") -Property "Name" -IncludeEqual | Sort-Object Name | Export-Csv "C:\temp\CompareMembers.csv" -Encoding UTF8 -NoTypeInformation

Filter members in both groups

With the above commands and export, we can filter the members out. However, it’s good to have separate lists with members in both groups, not in the source group or the target group.

Compare members in both groups

Create a variable for both the security groups.

PS C:\> $a= Get-ADGroupMember "Group_A"

PS C:\> $b= Get-ADGroupMember "Group_B"

Use the -contains operator and filter the members in both the source and target group. This will list the members that are in both the target group and the source group.

PS C:\> $a.name | Where-Object {$b.name -contains $PSItem} | Select-Object @{Name='Name';Expression={$_}} | Sort-Object Name

Name
----
Amanda Morgan

Export CSV file to the path C:\temp\CompareMembersBoth.csv.

PS C:\> $a.name | Where-Object {$b.name -contains $PSItem} | Select-Object @{Name='Name';Expression={$_}} | Sort-Object Name | Export-Csv "C:\temp\CompareMembersBoth.csv" -Encoding UTF8 -NoTypeInformation

Compare members in source group

Use the -notcontains operator and filter the members in the source group. This will list the members that are missing in the target group.

PS C:\> $a.name | Where-Object {$b.name -notcontains $PSItem} | Select-Object @{Name='Name';Expression={$_}} | Sort-Object Name

Name
----
Abigail Hodges
Finance
Jonathan Fisher
Kevin Grant
Max Fraser
Sebastian Nolan
Simon Berry
Thomas Wilkins
Zoë Roberts

Export CSV file to the path C:\temp\CompareMembersSource.csv.

PS C:\> $a.name | Where-Object {$b.name -notcontains $PSItem} | Select-Object @{Name='Name';Expression={$_}} | Sort-Object Name | Export-Csv "C:\temp\CompareMembersSource.csv" -Encoding UTF8 -NoTypeInformation

Compare members in target group

Use the -notcontains operator and filter the members in the target group. This will list the members that are missing in the source group.

PS C:\> $b.name | Where-Object {$a.name -notcontains $PSItem} | Select-Object @{Name='Name';Expression={$_}} | Sort-Object Name

Name
----
Grace Rees

Export CSV file to the path C:\temp\CompareMembersTarget.csv.

PS C:\> $b.name | Where-Object {$a.name -notcontains $PSItem} | Select-Object @{Name='Name';Expression={$_}} | Sort-Object Name | Export-Csv "C:\temp\CompareMembersTarget.csv" -Encoding UTF8 -NoTypeInformation

We did successfully compare AD group members. In our example, we did compare the members of a Universal Security group with another Universal Security group.

Read more: Export AD group members with PowerShell »

Conclusion

You learned how to compare members of two AD groups with PowerShell. If you have a couple of members, you can use Active Directory Users and Computers and compare the members between AD groups. However, if you have many members and want to speed up your work, your best way is PowerShell.

Did you enjoy this article? You may also like Copy members from one AD group to another. Don’t forget to follow us and share this article.