We have a project going on, and a lot of user mailboxes need to be…
List all users in a Security Group through PowerShell
We have security groups in Active Directory User and Computers (ADUC). In these security groups, we have users and security groups. If you have security groups in a security group, we call them nested security groups. How to list all users and security groups in a security group through PowerShell? Find out in this article how to list the content through PowerShell.
Get a list of users and security groups
We have a security group with the name SG_Office. We like to list all the users and security groups in that security group. Run PowerShell as administrator. We are going to make use of the Get-ADGroupMember cmdlet.
PS C:\> Get-ADGroupMember -Identity "SG_Office" | Select-Object Name | Sort-Object Name
Name
----
Benetiz Anees
Larson Tevin
SG_Administration
SG_Amsterdam
SG_Communication
SG_Field
SG_Finance
SG_HR
SG_London
SG_Madrid
SG_Paris
SG_Production
SG_Recruiting
SG_Sales
Note: Suppose you get the PowerShell output error that the size limit for this request was exceeded. Read the solution in the article Get-ADGroupMember : The size limit for this request was exceeded.
If you want to confirm, go to ADUC and open the security group SG_Office. Click Members. The exact list of users and security groups will show. You can see that we have two users and more than a couple of security groups.
Now that we have the users and security groups, what if we want to list the users in the nested security groups?
Get a list of users and users in nested security groups
We want to get all the users, including the users in the nested security groups in the security group SG_Office. Let’s sort the list on Display Name.
PS C:\> Get-ADGroupMember -Identity "SG_Office" -Recursive | Get-ADUser -Property DisplayName | Select-Object DisplayName | Sort-Object DisplayName
DisplayName
-----------
Adams Forrest
Albert Corrie
Beltran Noah
Benetiz Anees
Boyce Caoimhe
Boyce Julie
Chester Braiden
Curtis Cari
Foley Clifford
Hodgson Leela
Jones Weronika
Klein Menna
Larson Tevin
Lopez Rebeca
Mack Johanna
Mcghee Kayne
Mckinney Vanessa
Monroe Cara
Pitts Karina
Todd Jake
Wilson Herman
Woodley Reya
Export the members to CSV file.
This example will export the results to the file members.csv in the C:\temp directory.
PS C:\> Get-ADGroupMember -Identity "SG_Office" -Recursive | Get-ADUser -Property DisplayName | Select-Object DisplayName | Sort-Object DisplayName | Export-Csv C:\temp\members.csv -Encoding UTF8 -NoTypeInformation
That’s it!
Read more: Copy members from one AD group to another »
Conclusion
You learned how to list all users in a security group through PowerShell. It’s good to know that you can get members in groups and nested groups. After that, export the results to a CSV file.
Did you enjoy this article? You may also like the article Add users to group with PowerShell. Don’t forget to follow us and share this article.
So how does one go about selecting another domain security group, with a full two-way trust? I tried domain\groupname to no avail.Get-ADGroupMember -Identity “otherdomainalias\security-group” | Select-Object Name | Sort-Object Name
Hi,
Thanks for the updated how to get for many DG’s list.
Thanks
Muthu
Hi Muthu,
This is what you are looking for: Export distribution group members to CSV with PowerShell.
Hi Ali,
How can i get a list of all security groups and their members?, exported to csv. Thanks!
Hi Sean,
This is what you are looking for: Export AD group members with PowerShell.
How would you go about setting up the path to the -Identity level if the AD tree is more complicated that this? Say something like::
AD DC —
OU 1–
OU 2 —
OU 3 —
CN -Identity level where I need to pull the user names from
I’m working on this already established tree and it’s not available to change.
This article is about listing users in a Security Group and nested Security Group. What you are asking is to pull a list of users in a specific OU, right?
Run the following cmdlet.
Let me know if this helped you.
Hi Ali … I’m looking to pull the names of all the users of a nested security group from a AD OU with it having multiple branches down to the actual group. I think it should look something like this based your script but I’m not having any luck.
Get-ADUser -Filter * -SearchScope OneLevel -SearchBase
“NestedSecurityGroupwithUsersIneed,OU=NASShareName,OU=2ndLayerDeliniation,OU=MainOU,DC=xx,DC=xx,DC=xx” |Select DistinguishedName, Name, UserPrincipalName | Sort-Object DistinguishedName
This is the error I get when I run it in PS ISE
Get-ADUser : Missing an argument for parameter ‘SearchBase’. Specify a parameter of type ‘System.String’ and try again.
At line:1 char:44
+ Get-ADUser -Filter * -SearchScope OneLevel -SearchBase
+ ~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [Get-ADUser], ParameterBindingException
+ FullyQualifiedErrorId : MissingArgument,Microsoft.ActiveDirectory.Management.Commands.GetADUser
DistinguishedName Name UserPrincipalName
—————– —- —————–
I’ll pipe the output to a text file when I’m done, but I’m stuck at getting it because of the nesting layers involved and like I said, I can’t even look at adjusting this tree