question

JordanNivan-2746 avatar image
0 Votes"
JordanNivan-2746 asked NewbieJones-6218 commented

Export multiple AD groups and 'Member of'

Good Afternoon

I have multiple AD Security groups (about 9) that have other groups in it that is listed under the 'Member of' tab.

I would like to export these 9 groups into a csv that shows all the 'members of' each group.

I haven't found a proper script that is able to do this, can you help me please?

windows-server-powershell
· 5
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

What have you found? This is a common question.

Use Get-ADGroupMember.

Have a look at the following thread which shows a simple method on how to do recursive searches. (Or search again including the key word recursive).

https://docs.microsoft.com/en-us/answers/questions/864082/active-directory-export-users-in-security-group-wi.html

0 Votes 0 ·

Huge thanks for your assistance and quick response.

This is the closest I found so far, I installed a module that now allows me to use 'Get-WinADGroupMemberOf'

please see the script below:

> Get-WinADGroupMemberOf 'my_adgroup_here' | select Name, objectclass

When running this, it returns the names of all the groups under the 'Member Of' tab and not the users that are under the 'Members' tab of this group.. I hope this make sense, I've attached a screenshot as well.

So in essence I have 9 AD groups that I need to export into a csv file. Each group needs to show the 'groups' it has under the 'Member Of' tab and not the users that are under the 'Members' tab.

205914-tuladrolegroup1.png


0 Votes 0 ·
tuladrolegroup1.png (102.8 KiB)

@NewbieJones-6218

I forgot to add, if I add another group in the script, it outputs the 'Member Of' groups together and doesn't show which one it belongs to.

This needs to separate when doing the export to csv, to distinguish which 'Member of' belongs to which group.

See the attached screenshot.

205953-tuladrgroupmembersofpso1.png


0 Votes 0 ·

Still not 100% sure on what you are trying to achieve.

If you only want the groups and not the users then you can consider the following.

 Get-ADGroupMember GroupA | Where-Object {$_.objectClass -eq 'Group'}


objectClass is a default attribute for Get-ADGroupMember and you can filter client side for only group objects.

This won't be recursive though if that is still a requirement.


0 Votes 0 ·

Option 2

 $list = "GroupA", "GroupB", "GroupC"
 $results=@()
    
 ForEach ($group in $list) {
     $groups = (Get-ADGroupMember $group | Where-Object {$_.objectClass -eq 'Group'}).Name -join ','
     $props = [ordered]@{
         Group=$group
         EmbeddedGroup=$groups
     }
     $results +=  New-Object -TypeName PSObject -property $props
 }
                
    
 $results

206245-image2.png


0 Votes 0 ·
image2.png (3.1 KiB)

1 Answer

NewbieJones-6218 avatar image
1 Vote"
NewbieJones-6218 answered

Something like..

 $groups = "GroupA", "GroupB", "GroupC"
    
 ForEach ($group in $groups) {
     Get-ADGroupMember $group |
         Where-Object {$_.objectClass -eq 'Group'} |
             Select-Object @{name="Group";expression={$group}}, @{name="Embedded Group";expression={$_.Name}}
 }

206262-image1.png



image1.png (3.2 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.