Active Directory or AD group objects are location objects of every Active Directory domain. This AD groups are available as distribution groups or Sicherheitsgr u ppen and are mostly used to control access to files and folders. It would often make sense to make a list of the group members of an Active Directory group . Unfortunately, this is not possible by default via Active Directory user and group management.
For this reason, we have to use the PowerShell to make a list of members of an AD group . We would like to show you this below.
List members of an AD group using PowerShell
First you have to call up a PowerShell console with administrator rights. Then use the following PowerShell command.
Get-ADGroupMember -Identity AD_GRUPPENNAME
Then the individual AD group members are listed . Unfortunately, the list is relatively unattractive because it contains too much information. A tabular listing of the AD members would be nicer . You can achieve this by adding the field name ” Name ” to the command so that only this is output. Then the PowerShell command looks like this.
Get-ADGroupMember -Identity AD_GRUPPENNAME | select name
Below we have shown you this as an example.
In our example, we have all members of the group of administrators displayed. It is also useful to add the ” distinguishedName ” field after the “Name” field (please separate with a comma). Then you will be shown in which OU the members of these AD groups are stored.
If you want to export this list to a text file for further processing , you only need to append the following to the command.
Get-ADGroupMember -Identity AD_GRUPPENNAME | select name, distinguishedName> C: Export liste.txt
In this case the PowerShell output is redirected directly to the file C: Export list.txt . You can then open this file and edit it further.
Other useful PowerShell commands for querying the Active Directory can also be found in these articles:
– Count the number of AD (Active Directory) objects using PowerShell
– Determine the last logon (last login) of a user in AD using Get-ADUser
– List AD user accounts that have entered a profile path
– Deactivate user account under Windows 10
– Determine which AD user is still there has never logged on
– create a list of all XP PCs in the AD (Active Directory)