Using PowerShell to export Active Directory Group Members to a CVS File

Hi all,

In this article I will discuss how I use the Get-ADGroupMember cmdlet to get a list of Active Directory Group members and dump it to a csv file. You will need to have the Active Directory Module for PowerShell installed to use this cmdlet. Once you have the  Active Directory Module for PowerShell installed you can open PowerShell as Administrator and type the following to import the module (module will be imported automatically when executing the “Get-ADGroupMember” cmdlet in PowerShell 3.0)

“Import-Module ActiveDirectory”

After you import the AD module type the following changing the identity to reflect your group name and the path to export group members to a csv file in that directory:

Get-ADGroupMember -identity “Name of Group” | select name | Export-csv -path C:\Output\Groupmembers.csv -NoTypeInformation

You should now have a list of members by display name in a csv file located at C:\Output\Groupmembers.csv. If you wanted to list out the users by samaccountname you could just change out “name” after the select statement with “samaccountname”.

Now lets say you are using nested groups. You will notice that your list will reflect the nested group name and no the members of the nested group. All you need to do in this case is add the -recursive parameter to enumerate all the nested group members and add them to the list. This would look as follows:

Get-ADGroupMember -identity “Name of Group” -recursive | select name | Export-csv -path C:\Output\Groupmembers.csv -NoTypeInformation

I hope this helps. If you have any questions or feedback please leave a comment.

Related Links:

Using PowerShell and Active Directory to Create a Server or Workstation Inventory

Using PowerShell to find Stale Computers in Active Directory

Moving Stale Computers in Active Directory to an OU using PowerShell

Using PowerShell and a Text File to Delete Multiple Active Directory Groups

Using PowerShell and a CSV File to Create Multiple Active Directory Groups

Share Button
Author: BC

BC is a Pipe2text.com contributor and has been an IT Professional for 15 years. He currently works as a Sr. Systems Engineer at a private firm. He enjoys working with Active Directory, Exchange and VMware among other technologies.


37 Responses to Using PowerShell to export Active Directory Group Members to a CVS File

  1. Ryan Drewniak says:

    I can get an export working perfectly fine for both the members name and samaccountname attribute. However, I’m struggling with the email attribute. The script that I’ve been trying is as follows:


    Get-ADGroupMember -identity NAME OF MY GROUP | select name,samaccountname,mail | Export-csv -path C:\Output\Groupmembers.csv -NoTypeInformation

    With this, I get the name and samaccountname of each member in the specified group, but none of the email addresses are exported. Is there something that I’m missing?

    • BC says:

      Try piping it to AD user like this and specify the mail property:
      Get-ADGroupMember -identity “Name Of Your Group” -recursive | get-aduser -Properties mail |select name,samaccountname,mail |export-csv -path c:\groupmembers.csv -NoTypeInformation

      I added in the recursive parameter in case there are any nested groups so you don’t receive an error.

      You can also do:

      $Group = Get-ADGroupMember -identity “Name of Your Group” -Recursive
      $group | get-aduser -Properties mail |select name,samaccountname,mail |export-csv -path c:\groupmembers.csv -NoTypeInformation

  2. Osama says:

    Thanks for this good article.
    I just need one help.
    This command only export the domain users !!! Is there a way to export all group members “domain users and others”.
    I run the following command:

    Get-ADGroupMember -identity “My Group Name” -recursive | get-aduser -Properties mail |select name,samaccountname,mail |export-csv -path c:\groupmembers.csv –NoTypeInformation

    Best regards

  3. Osama says:

    Hi,
    I mean not domain users

    • BC says:

      I think I see what you mean now. Other objects such as computers etc… Change out Get-Aduser with Get-Adobject cmdlet as shown below:

      Get-ADGroupMember -identity “Name Of My Group” -recursive | get-adobject -Properties mail | select name,samaccountname,mail |export-csv -path c:\groupmembers.csv –NoTypeInformation

  4. Pls , Help me! says:

    In my domain have 3 Groups . abc, cba &acb. now I want to export all of members of 3 groups to 1 file CSV. but the data imput to CSV file . it’s be overwrite! if I use Out-file. it’s only export to 1 column my code below:
    I use window XP with powershell 1.0.

    $group=”abc”,”cba”,”acb”
    $group |ForEach-Object {Echo “——————–Group Name $_ —————-“; Get-QADGroupMember $_ | Select-Object Email,LogonName,ParentContainer,LastLogon,AccountIsDisabled |Export-Csv -path ‘D:\Test.csv’}

    Help!!!!!!

    • BC says:

      Hi,
      I’m not using the quest cmdlets here but I can give you an example of how to do this if you had the Active Directory Module for PowerShell I ran this on PowerShell 3.o and it worked. Hopefully this will help you. See below:
      Import-Module ActiveDirectory
      $groups= ”abc”,”cba”
      $selectgroups=$groups |Get-Adgroup
      $selectgroups |get-adgroupmember -Recursive|Get-ADUser -property mail,lastlogontimestamp | Select samaccountname, mail,lastlogontimestamp |Export-Csv c:\multigroup.csv

  5. Joseph Snyder says:

    Hello, is it possible to export a listing of all groups, and for each group found, all members and last login date and computer name?

    • BC says:

      Hi Joseph,
      I will be glad to help if I can. I have a few questions.
      What do you mean by all groups?
      You want the last logontimestamp for each user in the groups and which computer it the logon was on?

      • Joseph SNYDER says:

        I am looking to capture all AD global and domain local groups. Are there cmdlets to get- all ad groups and group members without installing additional software?

  6. Joao says:

    Hi,
    Your help have made my day. But now i want to go a step further.

    Import-Module ActiveDirectory
    $groups= ”abc”,”cba”
    $selectgroups=$groups |Get-Adgroup
    $selectgroups |get-adgroupmember -Recursive|Get-ADUser -property mail,lastlogontimestamp | Select samaccountname, mail,lastlogontimestamp |Export-Csv c:\multigroup.csv

    Using this how can i populate abc, cba, etc with an list that i have on a csv (using import-csv, but how?)
    The other question, is it possible to show on the export csv the adgroup were the user belong?

    Cheers,

    • BC says:

      You could just list the users samaccountnames in a text file called users.txt and then run something similar to the following:
      Import-Module ActiveDirectory
      $users = Get-Content “c:\users.txt”
      Add-ADGroupMember -identity GroupName -Members $users

      Hope this helps!

  7. David Denley says:

    Hi all, these scripts are exactly what I am looking for, so thanks for that. I am using the extract of text for multiple groups as below.

    Import-Module ActiveDirectory
    $groups= ”abc”,”cba”
    $selectgroups=$groups |Get-Adgroup
    $selectgroups |get-adgroupmember -Recursive|Get-ADUser -property mail,lastlogontimestamp | Select samaccountname, mail,lastlogontimestamp |Export-Csv c:\multigroup.csv

    How can I get this to only return active ad accounts and include username, firstname, surname and email address? Also when I generate the csv with just the code above, it adds a line at the very top of the spreadsheet that says “#TYPE Selected.Microsoft.ActiveDirectory.Management.ADUser”. how can I get rid of this please?

    Thanks in advance.

    David

    • BC says:

      To get rid off the “TYPE Selected.Microsoft.ActiveDirectory.Management.ADUser” just add the -NoTypeInformation parameter to the Export-Csv cmdlet for example:

      Export-Csv c:\multigroup.csv -NoTypeInformation

      To return the username, firstname, surname and email address for the Get-ADUSer cmdlet, you could add those to the properties parameter and select them for example:

      Get-ADUser -Filter * -property mail, surname, givenname | Select samaccountname, mail, surname, givenname
      NOTE: If you need find out the additional properties you can choose, take a user from your directory and type the following and this will display all the additional non default properties (Replace YourUser) with the username from your AD:

      Get-ADUser YourUser -property * | Get-member

      If you want to find enabled accounts you can use a filter such as the following:

      Get-ADUser -Filter ‘enabled -eq $true’

      I hope this helps!

  8. David Denley says:

    Thanks BC, I apologise as I am a relative newbie to the world of scripting and I have been set the task to use AD to extract user information to a csv to be uploaded to another piece of software to create accounts for that software.
    I can get the information back for firstname, surname, username & email address as you stated above, but I can’t seem to figure out where I need to add the line Get-ADUser -Filter ‘enabled -eq $true’ in order to just filter those groups for active accounts. The code I am using is:

    Import-Module ActiveDirectory
    Get-ADUser -Filter ‘enabled -eq $true’
    $groups= ”Students”,”Staff”
    $selectgroups=$groups |Get-Adgroup
    $selectgroups |get-adgroupmember -Recursive|Get-ADUser -property mail,lastlogontimestamp | Select givenname, surname, samaccountname, mail | Export-Csv c:\ADGroupMember2.csv -NoTypeInformation

    Also, how can I map the AD Properties such as givenname, surname, samaccountname, mail so that the headings appear in the csv as Firstname, Surname, Username, Email Address.

    Your help is greatly appreciated.

    David

    • BC says:

      Hey David,
      Try this instead of using the – filter parameter. I added | Where enabled -eq $true (see below).

      Import-Module ActiveDirectory
      $Groups= “abc”,”cba”
      $SelectGroups = $groups | get-adgroup
      Foreach ($SelectGroup in $SelectGroups) {
      Get-ADGroupMember $SelectGroup -Recursive | Get-ADUser -property mail, surname, givenname | Where enabled -eq $true | Select samaccountname, mail, surname, givenname | Export-Csv c:\multigroup.csv -NoTypeInformation
      }

      • BC says:

        Hey David,

        You can try this to replace the headers in the csv file using powershell. I this example we change the “samaccountname” header to “username” in multigroups.csv:

        (Get-Content multigroups.csv) | ForEach-Object {$_ -replace “samaccountname”, “username”} | Set-Content multigroups.csv

        Hope this helps!

  9. Axel Limousin says:

    You should try oneline below to Csv export Members from all Groups found depending on a Name filter and a SearchBase :
    Get-ADGroup -Filter { Name -Like “yourFilter” } -SearchBase “yourOUorContainer” | Select @{ n=’Group'; e={ $_.Name } }, @{ n=’Members'; e={ (Get-ADGroup $_.DistinguishedName -Properties Members | Select Name, Members).Members } } | Export-Csv -NoTypeInformation -Path “yourFilePath”

    • Axel Limousin says:

      Erratum:
      Get-ADGroup -Filter { Name -Like “yourFilter” } -SearchBase “yourOUorContainer” | Select @{ n=’Group’; e={ $_.Name } }, @{ n=’Members’; e={ (Get-ADGroup $_.DistinguishedName -Properties Members | Select Members).Members } } | Export-Csv -NoTypeInformation -Path “yourFilePath”

      • Axel Limousin says:

        If you import Csv file into spreadsheet app like MSExcel, be aware that cell content length is limited to 32,767 characters, which can be annoying for very large groups and/or if you want extract distinguishedName instead of sAMAccountName.

      • BC says:

        Thanks for your Feedback!

  10. Random Bypasser says:

    Hi BC,

    I know this may be a bit of a necropost. But I was wondering the following.
    How should I make my script give me the following output:

    Groupname1
    ——————–
    GroupMemberA
    GroupMemberB
    GroupMemberC

    Groupname2
    ——————–
    GroupMemberD
    GroupMemberE
    GroupMemberF

    The above scripts helped me alot already, but somehow I can’t make it sorted like this.
    Note that I don’t export anything and my output just shows onto the command line screen.

    Thanks on forehand!

  11. David Denley says:

    Hi BC, thanks for your reply (and thanks to all others for your replies) I have ran your suggestion as posted above and changed for the relevant group names. this is the script now:

    Import-Module ActiveDirectory
    $Groups= “staff”,”students”
    $SelectGroups = $groups | get-adgroup
    Foreach ($SelectGroup in $SelectGroups) {
    Get-ADGroupMember $SelectGroup -Recursive | Get-ADUser -property mail, surname, givenname | Where enabled -eq $true | Select samaccountname, mail, surname, givenname | Export-Csv c:\multigroup.csv -NoTypeInformation
    }

    After running, I get the following error within powershell:

    Where-Object : Cannot bind parameter ‘FilterScript’. Cannot convert the “enabled” value of type “System.String” to type
    “System.Management.Automation.ScriptBlock”.
    At C:\ADGroupMember2.ps1:5 char:99
    + Get-ADGroupMember $SelectGroup -Recursive | Get-ADUser -property mail, surname, givenname | Where <<<< enabled -eq
    $true | Select samaccountname, mail, surname, givenname | Export-Csv c:\multigroup.csv -NoTypeInformation
    + CategoryInfo : InvalidArgument: (:) [Where-Object], ParameterBindingException
    + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.PowerShell.Commands.WhereObjectCommand

    Could you please help.

    Thanks

    • BC says:

      Hi David,

      Try this must have been a typo. Let me know how it works out for you and I will remove the earlier comment. Thanks.
      Import-Module ActiveDirectory
      $Groups= “staff”,”students”
      $SelectGroups = $groups | get-adgroup
      $results = Foreach ($SelectGroup in $SelectGroups) {
      Get-ADGroupMember $SelectGroup -Recursive | Get-ADUser -property mail, surname, givenname | Where {$_.enabled -eq $true} | Select samaccountname, mail, surname, givenname
      }
      $results | Export-Csv c:\users.csv

  12. Steve (noobie)! says:

    So, I have a Root Group that contains about 35+ nested groups. I would like to create a single output CSV that shows all the members and shows which nested group they belong to. Thanks.

  13. Perikles says:

    Thanks a lot.
    Worked perfect also with the nested groups.
    A more advance query which i haven’t found the solution is if you have many sec. groups from where you want to export the members of.

    ex. Save in an excel/csv all the group names you want and feed that excel on powershell to do the above.

    even more advance would be to find a way to export all members of all groups starting with ex GG.xxx [<–the name of the groups you want to export]

  14. BC says:

    Are you saying that you are looking for a way to get the group names from a file and then pull the members of the groups in the file?
    Also for the second part, if I understand correctly the following should do what you need.
    Get-ADGroup -filter {Name -Like “gg*”}

  15. Dave White says:

    Hi,

    I need to perform this script but to Pull Computer objects from security groups. Have hit a number of walls can anyone Help me out.

    Dave

  16. BC says:

    See my previous comment above about this. http://pipe2text.com/?page_id=1218#comment-34655

  17. tatenda says:

    Hi,
    your page has been more than helpful with the script i am trying to develop. I am trying to pipe into one file retrieving the domain, distinguished and full user etc. but if i pipe the AD Group and ADUser it doesnt run is the output getting over written?

    Get-ADGroup -filter {GroupCategory -eq “Security”}|Get-ADUser -property mail, surname, givenname|Export-csv -path C:\Users\munjanga\Desktop\Execute\AD\Groupmembers.csv -NoTypeInformation

    • BC says:

      Hi tatenda,

      You don’t have the Get-AdgroupMember cmdlet in here to obtain the actual group members. You are piping the names of the groups into the Get-ADUser cmdlet which will not work. You could Pipe to the Get-AdGroupMember cmdlet

      Get-ADGroup -filter {GroupCategory -eq “Security”}| Get-ADGroupMember |Get-ADUser -property mail, surname, givenname|Export-csv -path C:\Users\munjanga\Desktop\Execute\AD\Groupmembers.csv -NoTypeInformation

      Adding this Get-ADGroupMember to this as shown above will just return every user in every security group. The results will be too large and it wont list the groups. Is that what you are looking to do?

  18. Rocky says:

    i need to export members details to csv from an AD group and that ad group contains about 50,000 users. This command that i was using in the powershell AD module is below

    Get-ADGroupMember “GroupName” |Get-ADUser -properties CN,Title,samaccountname,displayname,manager,department,distinguishedname | select-object CN,Title,@{n=”PRODID”;e=”samaccountname”},DisplayName,@{n=”Manager Name”;e={(Get-ADuser -identity $_.Manager -properties displayname).DisplayName}},@{n=”ManagerID”;e={(Get-ADuser -identity $_.Manager –properties samaccountname).samaccountname}},Department,@{n=”LOB”;e={($_.distinguishedname -split “,OU=”)[2]}} | Export-Csv -Path “C:\Temp\Userdetails.csv” -NoTypeInformation

    When i use this command, it says “the size limit of this request was exceeded”.
    please suggest me the command that could export 50,000 AD users details.

  19. Perikles says:

    Hi BC,

    thanks for the this tool.
    Helped a lot. Getting Group names and its’ members was quite easy with your work here.
    I got an additional request and i am trying to sort it out.
    Apart from nested groups we have group members which their account belongs to another
    domain [we have a 2way trust].
    Apparently these members are not listed when i run the script.

    Any ideas on how to get users who are group members and are from another domain?

  20. Amol Patil says:

    Hi,
    Good conversation here.

    But I am trying to pull the members list with respect to the groups. but if no members are there in group, then what?

    It should give the group name i mentioned in output even if there are no members.
    I tried this but somewhere is wrong.

    $results = @()

    $Groups= “abc”, “cde”

    foreach ($Group in $Groups) {
    If($Group -ne $Null) {
    $Ggroupcollects = Get-ADGroupMember -identity $Group
    foreach ($G in $Ggroupcollects) {
    If($G.PropertyCount -eq 6) {
    $Members = $G.name
    $results+= New-Object psobject -Property @{
    GroupName = $Group
    Members = $Members
    }
    }
    else {
    $results+= New-Object psobject -Property @{
    GroupName = $Group
    Members = “NA”
    }
    }
    }
    }
    }

    $results | select GroupName, Members #| Export-Csv -NoTypeInformation -Path “C:\Users\memeberlist.csv”

  21. Nir says:

    Thanks ! very good article

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>