List all users in a Security Group through PowerShell

We have security groups in Active Directory User and Computers (ADUC). In these security groups, we have users and security groups. If you have security groups in a security group, we call them nested security groups. How to list all users and security groups in a security group through PowerShell? Find out in this article how to list the content through PowerShell.

Get a list of users and security groups

We have a security group with the name SG_Office. We like to list all the users and security groups in that security group. Run PowerShell as administrator. We are going to make use of the Get-ADGroupMember cmdlet.

PS C:\> Get-ADGroupMember -Identity "SG_Office" | Select-Object Name | Sort-Object Name

Name
----
Benetiz Anees
Larson Tevin
SG_Administration
SG_Amsterdam
SG_Communication
SG_Field
SG_Finance
SG_HR
SG_London
SG_Madrid
SG_Paris
SG_Production
SG_Recruiting
SG_Sales

If you want to confirm. Go to ADUC and open the security group SG_Office. Click Members. The same list of users and security groups will show. You can see that we have two users and more then a couple of security groups.

List all users in a Security group through PowerShell ADUC security group members

Now that we have the users and security groups, what if we want to list the users in the nested security groups?

Get a list of users and users in nested security groups

We want to get all the users and the users in the nested security groups in the security group SG_Office. Let’s sort the list on Display Name.

PS C:\> Get-ADGroupMember -Identity "SG_Office" -Recursive | Get-ADUser -Property DisplayName | Select-Object DisplayName | Sort-Object DisplayName

DisplayName
-----------
Adams Forrest 
Albert Corrie
Beltran Noah 
Benetiz Anees 
Boyce Caoimhe 
Boyce Julie 
Chester Braiden 
Curtis Cari 
Foley Clifford 
Hodgson Leela 
Jones Weronika 
Klein Menna 
Larson Tevin
Lopez Rebeca 
Mack Johanna 
Mcghee Kayne 
Mckinney Vanessa 
Monroe Cara 
Pitts Karina 
Todd Jake 
Wilson Herman 
Woodley Reya

There you have it, all the users in the security group SG_Office.

Conclusion

In this article, you learned how to list all users in a security group through PowerShell. Did you enjoy this article? You may also like the article Server switchover Exchange 2016 EAC. Don’t forget to follow us and share this article.

ALI TAJRAN

ALI TAJRAN

ALI TAJRAN is a passionate IT Architect, IT Consultant, and Microsoft Certified Trainer. He started Information Technology at a very young age, and his goal is to teach and inspire others. Read more »

TwitterLinkedIn

What Others Are Reading

This Post Has 3 Comments

  1. How would you go about setting up the path to the -Identity level if the AD tree is more complicated that this? Say something like::

    AD DC —
    OU 1–
    OU 2 —
    OU 3 —
    CN -Identity level where I need to pull the user names from

    I’m working on this already established tree and it’s not available to change.

    Reply

    1. This article is about listing users in a Security Group and nested Security Group. What you are asking is to pull a list of users in a specific OU, right?

      Run the following cmdlet.

      Get-ADUser -Filter * -SearchScope OneLevel -SearchBase “OU=ServiceAccounts,OU=Users,OU=Company,DC=exoip,DC=local” | Select DistinguishedName, Name, UserPrincipalName| Sort-Object DistinguishedName

      Let me know if this helped you.

      Reply

      1. Hi Ali … I’m looking to pull the names of all the users of a nested security group from a AD OU with it having multiple branches down to the actual group. I think it should look something like this based your script but I’m not having any luck.

        Get-ADUser -Filter * -SearchScope OneLevel -SearchBase
        “NestedSecurityGroupwithUsersIneed,OU=NASShareName,OU=2ndLayerDeliniation,OU=MainOU,DC=xx,DC=xx,DC=xx” |Select DistinguishedName, Name, UserPrincipalName | Sort-Object DistinguishedName

        This is the error I get when I run it in PS ISE

        Get-ADUser : Missing an argument for parameter ‘SearchBase’. Specify a parameter of type ‘System.String’ and try again.
        At line:1 char:44
        + Get-ADUser -Filter * -SearchScope OneLevel -SearchBase
        + ~~~~~~~~~~~
        + CategoryInfo : InvalidArgument: (:) [Get-ADUser], ParameterBindingException
        + FullyQualifiedErrorId : MissingArgument,Microsoft.ActiveDirectory.Management.Commands.GetADUser

        DistinguishedName Name UserPrincipalName
        —————– —- —————–

        I’ll pipe the output to a text file when I’m done, but I’m stuck at getting it because of the nesting layers involved and like I said, I can’t even look at adjusting this tree

        Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

Back To Top