We have a project going on, and a lot of user mailboxes need to be…
List all users in a Security Group through PowerShell
We have security groups in Active Directory User and Computers (ADUC). In these security groups, we have users and security groups. If you have security groups in a security group, we call them nested security groups. How to list all users and security groups in a security group through PowerShell? Find out in this article how to list the content through PowerShell.
Get a list of users and security groups
We have a security group with the name SG_Office. We like to list all the users and security groups in that security group. Run PowerShell as administrator. We are going to make use of the Get-ADGroupMember cmdlet.
PS C:\> Get-ADGroupMember -Identity "SG_Office" | Select-Object Name | Sort-Object Name Name ---- Benetiz Anees Larson Tevin SG_Administration SG_Amsterdam SG_Communication SG_Field SG_Finance SG_HR SG_London SG_Madrid SG_Paris SG_Production SG_Recruiting SG_Sales
Note: Suppose you get the PowerShell output error that the size limit for this request was exceeded. Read the solution in the article Get-ADGroupMember : The size limit for this request was exceeded.
If you want to confirm, go to ADUC and open the security group SG_Office. Click Members. The exact list of users and security groups will show. You can see that we have two users and more than a couple of security groups.
Now that we have the users and security groups, what if we want to list the users in the nested security groups?
Get a list of users and users in nested security groups
We want to get all the users, including the users in the nested security groups in the security group SG_Office. Let’s sort the list on Display Name.
PS C:\> Get-ADGroupMember -Identity "SG_Office" -Recursive | Get-ADUser -Property DisplayName | Select-Object DisplayName | Sort-Object DisplayName DisplayName ----------- Adams Forrest Albert Corrie Beltran Noah Benetiz Anees Boyce Caoimhe Boyce Julie Chester Braiden Curtis Cari Foley Clifford Hodgson Leela Jones Weronika Klein Menna Larson Tevin Lopez Rebeca Mack Johanna Mcghee Kayne Mckinney Vanessa Monroe Cara Pitts Karina Todd Jake Wilson Herman Woodley Reya
Export the members to CSV file.
This example will export the results to the file members.csv in the C:\temp directory.
PS C:\> Get-ADGroupMember -Identity "SG_Office" -Recursive | Get-ADUser -Property DisplayName | Select-Object DisplayName | Sort-Object DisplayName | Export-Csv C:\temp\members.csv -Encoding UTF8 -NoTypeInformation
Read more: Copy members from one AD group to another »
You learned how to list all users in a security group through PowerShell. It’s good to know that you can get members in groups and nested groups. After that, export the results to a CSV file.
Did you enjoy this article? You may also like the article Add users to group with PowerShell. Don’t forget to follow us and share this article.
This Post Has 8 Comments
So how does one go about selecting another domain security group, with a full two-way trust? I tried domain\groupname to no avail.Get-ADGroupMember -Identity “otherdomainalias\security-group” | Select-Object Name | Sort-Object Name
Thanks for the updated how to get for many DG’s list.
This is what you are looking for: Export distribution group members to CSV with PowerShell.
How can i get a list of all security groups and their members?, exported to csv. Thanks!
This is what you are looking for: Export AD group members with PowerShell.
How would you go about setting up the path to the -Identity level if the AD tree is more complicated that this? Say something like::
AD DC —
OU 2 —
OU 3 —
CN -Identity level where I need to pull the user names from
I’m working on this already established tree and it’s not available to change.
This article is about listing users in a Security Group and nested Security Group. What you are asking is to pull a list of users in a specific OU, right?
Run the following cmdlet.
Let me know if this helped you.
Hi Ali … I’m looking to pull the names of all the users of a nested security group from a AD OU with it having multiple branches down to the actual group. I think it should look something like this based your script but I’m not having any luck.
Get-ADUser -Filter * -SearchScope OneLevel -SearchBase
“NestedSecurityGroupwithUsersIneed,OU=NASShareName,OU=2ndLayerDeliniation,OU=MainOU,DC=xx,DC=xx,DC=xx” |Select DistinguishedName, Name, UserPrincipalName | Sort-Object DistinguishedName
This is the error I get when I run it in PS ISE
Get-ADUser : Missing an argument for parameter ‘SearchBase’. Specify a parameter of type ‘System.String’ and try again.
At line:1 char:44
+ Get-ADUser -Filter * -SearchScope OneLevel -SearchBase
+ CategoryInfo : InvalidArgument: (:) [Get-ADUser], ParameterBindingException
+ FullyQualifiedErrorId : MissingArgument,Microsoft.ActiveDirectory.Management.Commands.GetADUser
DistinguishedName Name UserPrincipalName
—————– —- —————–
I’ll pipe the output to a text file when I’m done, but I’m stuck at getting it because of the nesting layers involved and like I said, I can’t even look at adjusting this tree