Get-ADGroupMember -Identity syntax

Glenn Maxwell 10,106 Reputation points
2021-11-01T16:27:20.23+00:00

Hi All

I have an AD group, it has many subgroups and users, for example
Group1 is my AD group. it has many groups and users added to it, i want to export users and groups residing in it to csv file.
Lets say Group1 has below groups and users and i want the output as in the below format.

Group2
user1
user2
group4

will the below syntax work for me. 

Get-ADGroupMember -Identity "group1" -Recursive | Get-ADUser -Properties Name,Description,UserprincipalName,SamAccountName,office,Department | Select Name,Description,UserprincipalName,SamAccountName,office,Department | Export-CSV -Path C:\temp\output.csv -NoTypeInformation
Windows Server 2019
Windows Server 2019
A Microsoft server operating system that supports enterprise-level management updated to data storage.
3,445 questions
Windows Server 2016
Windows Server 2016
A Microsoft server operating system that supports enterprise-level management updated to data storage.
2,368 questions
Active Directory
Active Directory
A set of directory-based technologies included in Windows Server.
5,822 questions
Windows Server PowerShell
Windows Server PowerShell
Windows Server: A family of Microsoft server operating systems that support enterprise-level management, data storage, applications, and communications.PowerShell: A family of Microsoft task automation and configuration management frameworks consisting of a command-line shell and associated scripting language.
5,355 questions
0 comments
Accepted answer
  1. Rich Matheisen 44,696 Reputation points
    2021-11-01T18:23:27.667+00:00

    It looks okay to me. Why not run it and see?

    I'm not a big fan of "one-liners", though. I'd have probably written it like this: 

    $props = "Name,Description,UserprincipalName,SamAccountName,office,Department" -split ','

Get-ADGroupMember -Identity "group1" -Recursive | 
    Get-ADUser -Properties $props | 
        Select-Object $props | 
            Export-CSV -Path C:\temp\output.csv -NoTypeInformation
    0 comments

4 additional answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Glenn Maxwell 10,106 Reputation points
    2021-11-01T20:08:10.8+00:00

    Rich, your syntax works perfectly but my requirement is not to fetch all users from subgroups.
    Lets say Group1 has two subgroups and users

    Group2
    user2
    group3
    user3

    The output i am getting is the list of all users of group2 and group3. i dont to fetch users from group2 and group3. i want to just now how many subgroups and users are in group1.

  2. Glenn Maxwell 10,106 Reputation points
    2021-11-02T01:37:06.77+00:00

    if i remove recursive switch i am getting below error

    Get-ADUser : Cannot find an object with identity: 'CN=Group1,OU=MYOU,DC=mydomain,DC=com' under: 'DC=mydomain,DC=com'.
    At line:4 char:2

    • Get-ADUser -Properties $props |
    • ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    • CategoryInfo : ObjectNotFound: (CN=Group1...-now,DC=com:ADUser) [Get-ADUser], ADIdentityNotFoundException
    • FullyQualifiedErrorId : ActiveDirectoryCmdlet:Microsoft.ActiveDirectory.Management.ADIdentityNotFoundException,Microsoft.ActiveDirectory.Management.Commands.GetADUser
  3. Rich Matheisen 44,696 Reputation points
    2021-11-02T02:10:17.857+00:00

    See if this works better for you (I haven't tested it, though):

    $props = "Name,Description,UserprincipalName,SamAccountName,office,Department,ObjectCategory" -split ','

(Get-ADGroup -Identity "group1").Members | 
    Get-ADObject -Properties $props | 
        Select-Object $props | 
            Export-CSV -Path C:\temp\output.csv -NoTypeInformation
    0 comments
  4. Glenn Maxwell 10,106 Reputation points
    2021-11-02T02:15:42.167+00:00

    this doesnot give any output