Get-ADGroupMember syntax

Question

Hi All

i have an AD security group and it has 500 security groups and 50 users added to it. if i use the below syntax will i be able to export the 500 AD groups and 50 members. i dont want to export users of 500 AD groups just the 500 AD groups and 50 users in it to a csv file.

Get-ADGroupMember -identity "ADGroup" | Select-Object Name,Description,UserprincipalName,SamAccountName| export-csv C:\temp\output.csv -NoTypeInformation

Answer 1

Provided "ADGroup" is an acceptable value to be used as an identity, yes. If you were to add the "-Recurse" switch you'd get the membership if "ADGroup" and the membership of all the groups that are a member of "ADGroup" and all the members of any groups that are members of those groups.

Acceptable identity values are:

A distinguished name  
A GUID (objectGUID)  
A security identifier (objectSid)  
A Security Account Manager account name (sAMAccountName)  

Note that the name of the group won't work.

Answer 2

Hello RisingFlight,

It is not very clear what you are trying to achieve. You have one AD group with 500 security groups, and 50 users added to the main group?

I would use Get-ADGroup -filter * | sort name | select name - to find the group name
Then check if the list of users is the correct: Get-ADGroupMember -identity "yourADgroup"
Then extract the membership of that group: Get-ADGroupMember -identity "yourADgroup" | select name | Export-csv -path c:\it\filename.csv -Notypeinformation (this will isolate member information for the group)

About the groups within the group isolatedly: I would use the Get-NestedGroup

Get-NestedGroup "yourADgroup" | Format-Table | | Export-csv -path c:\it\filename.csv -Notypeinformation

Hope this is what you are looking for,

Best regards,