We sync the Active Directory on-premises AD objects to Microsoft Entra ID with Microsoft Entra…
Export AD group members with PowerShell
Sometimes you want to export Active Directory group members to CSV file. For example, you must export all AD group members, only a particular OU or multiple groups. In this article, you will learn how to export AD group membership to CSV file with PowerShell.
Table of contents
Introduction
The Export-ADGroupMembers.ps1 PowerShell script will run against the distinguishedName that you set. After that, it will export the AD groups, including members, to CSV file. You can open the CSV file with Microsoft Excel or any other application that supports the CSV file extension.
The script will export the following information:
- Name
- Category
- Scope
- Members
Note: The Export-ADGroupMembers.ps1 PowerShell script gets the members of an Active Directory group. Members can be users, groups, and computers.
Export Active Directory group members PowerShell script
Before you start, you want to place the files in the right place. We recommend creating two folders with the name Scripts and Temp on the (C:) drive of the Management Server or Domain Controller.
Download and place Export-ADGroupMembers.ps1 PowerShell script in C:\Scripts folder.
Ensure the file is unblocked to prevent errors when running the script. Read more in the article Not digitally signed error when running PowerShell script.
Another option is to copy and paste the below code into Notepad. Give it the name Export-ADGroupMembers.ps1 and place it in the C:\scripts folder.
<#
.SYNOPSIS
Export-ADGroupMembers.ps1
.DESCRIPTION
Export Active Directory group members to CSV file.
.LINK
www.alitajran.com/export-ad-group-members-powershell
.NOTES
Written by: ALI TAJRAN
Website: www.alitajran.com
LinkedIn: linkedin.com/in/alitajran
.CHANGELOG
V1.00, 03/22/2022 - Initial version
V2.00, 03/25/2023 - Added extract contacts and groups + optimization for faster results
#>
# Get year and month for CSV export file
$DateTime = Get-Date -f "yyyyMMddhhmm"
# Set CSV file name
$CSVFile = "C:\temp\ADGroups_" + $DateTime + ".csv"
# Set distinguishedName as searchbase, you can use one DN or multiple DNs
# Or use the root domain like DC=exoip,DC=local
$DNs = @(
"DC=exoip,DC=local"
)
# Create empty array for CSV data
$CSVOutput = @()
# Create empty array for AD groups
$ADGroups = @()
# Loop through DNs
foreach ($DN in $DNs) {
# Add every DN to AD groups
$ADGroups += Get-ADGroup -Filter * -SearchBase $DN
}
# Set progress bar variables
$i = 0
$tot = $ADGroups.count
foreach ($ADGroup in $ADGroups) {
# Set up progress bar
$i++
$status = "{0:N0}" -f ($i / $tot * 100)
Write-Progress -Activity "Exporting AD Groups" -status "Processing Group $i of $tot : $status% Completed" -PercentComplete ($i / $tot * 100)
# Ensure Members variable is empty
$Members = ""
# Get group members which are also groups and add to string
$MembersArr = (Get-ADGroup -filter { Name -eq $ADGroup.Name } -Properties Members ).Members | Get-ADObject | select Name, objectClass, distinguishedName
if ($MembersArr) {
foreach ($Member in $MembersArr) {
$MemDN = $Member.distinguishedName
$UserObj = Get-ADUser -filter { DistinguishedName -eq $MemDN }
if ($UserObj.Enabled -eq $False) {
continue
}
if ($Member.objectClass -eq "user") {
$Members = $Members + ",U-" + $Member.Name
}
elseif ($Member.objectClass -eq "contact") {
$Members = $Members + ",C-" + $Member.Name
}
else {
$Members = $Members + ",G-" + $Member.Name
}
}
# Check for members to avoid error for empty groups
if ($Members) {
$Members = $Members.Substring(1, ($Members.Length) - 1)
}
}
# Set up hash table and add values
$HashTab = $null
$HashTab = [ordered]@{
"Name" = $ADGroup.Name
"Category" = $ADGroup.GroupCategory
"Scope" = $ADGroup.GroupScope
"Members" = $Members
}
# Add hash table to CSV data array
$CSVOutput += New-Object PSObject -Property $HashTab
}
# Export report to CSV file
$CSVOutput | Sort-Object Name | Export-Csv -Encoding UTF8 -Path $CSVFile -NoTypeInformation #-Delimiter ";"- Line 30: Edit the target distinguishedName. You can have one DN or multiple DNs (more on that down below with different examples).
Get distinguished name
You need to add the distinguished name value in the PowerShell script. Follow the below steps to get the distinguished name in Active Directory:
- Start Active Directory Users and Computers
- Right-click the target and click Properties
- Go to the Attribute Editor tab
- Find the attribute distuingedName in the attributes list
- Double-click to open the string and copy the value
Note: If you don’t see the Attribute Editor tab, click in Active Directory Users and Computers in the menu bar on View and enable Advanced Features.
Export AD group members to CSV
Run PowerShell as administrator. Change the path to the scripts folder. Run the PowerShell script to export AD group members to CSV file. Wait till it completes.
PS C:\> cd c:\scripts
PS C:\scripts> .\Export-ADGroupMembers.ps1Go to the scripts folder and verify that you see the ADGroups_ file. Open the CSV file with your favorite application. In our example, it’s Microsoft Excel.
Export AD group members in OU
Get the OU distinguishedName and change line 30. In our example, it’s the OU Groups.
"OU=Groups,OU=Company,DC=exoip,DC=local"Export AD group members in multiple OUs
Get the OUs distinguishedName and change line 30. In our example. it’s the OUs Groups1 and Groups2.
"OU=Groups1,OU=Company,DC=exoip,DC=local",
"OU=Groups2,OU=Company,DC=exoip,DC=local"Export AD group members in particular group
Get the group distinguishedName and change line 30. In our example, it’s the group Pilot.
"CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local"Export AD group members in multiple groups
Get the groups distinguishedName and change line 30. In our example, it’s the groups Pilot and HR.
"CN=Pilot,OU=Groups,OU=Company,DC=exoip,DC=local",
"CN=HR,OU=Groups,OU=Company,DC=exoip,DC=local"Did this help you to export AD group membership to CSV?
Read more: Copy members from one AD group to another »
Conclusion
You learned how to Export AD group members to CSV with PowerShell. There are a lot of groups in every organization, and it’s excellent to export them to CSV file. With the PowerShell script, you can select which Active Directory groups you want to export.
Did you enjoy this article? You may also like Export distribution group members to CSV with PowerShell. Don’t forget to follow us and share this article.
What Others Are Reading
Thanks for the great scripts. I want to have group email id as well. can you help?
Hi Tajran
How can i export group membership details to different CSV files based on the group name if i have more than one group in the same OU
Excellent work! – any way to display the members of the nested group.
Yes, and in some cases there are circular nesting as well
Hello ALI TAJRAN,
I used your script to export the groups from AD and it works fine, I have a problem…Once the csv export is done how do I modify the script to import the csv into active directory to recreate the groups in another OU ?
Thanks in advance for your reply.
First hit on google. Worked perfectly. Just what I needed! Thanks ????
Thank you for the script. I replaced line(s) 29-31 with the following to make it more dynamic when targeting the script on a DC:
Thanks again!
Very nice script! It works great! Thanks for your efforts!
Hi, TAJRAN
As Marco asked before , do you have any way to get mail address as member of groups?
Hello sir – thanks for this tool really helps!
If you don’t mind me asking, do you also have a script that gets all users of the domain and also writes down on CSV its group memberships?
Thanks and more power!
Is it possible to add the email address of the user and the group?
Hi Tajran,
this is working like a dream.
What change is needed to export all security groups from the whole domain in to CSV format?
Thanks
Hi Miro,
The PowerShell script shows how to get all the security groups from Active Directory (root domain).
You only have to edit line 30 in the PowerShell script and paste the Active Directory distinguished name.
Lifesaver!
Works perfectly. Thanks a ton.
Excellent work