10

I need to return all members of multiple security groups using PowerShell. Handily, all of the groups start with the same letters.

I can return a list of all the relevant security groups using the following code:

Get-ADGroup -filter 'Name -like"ABC*"' | Select-Object Name

And I know I can return the membership list of a specific security group using the following code:

Get-ADGroupMember "Security Group Name" -recursive | Select-Object Name

However, I can't seem to put them together, although I think what I'm after should look something like this (please feel free to correct me, that's why I'm here!):

$Groups = Get-ADGroup -filter 'Name -like"ABC*"' | Select-Object Name ForEach ($Group in $Groups) {Get-ADGroupMember -$Group -recursive | Select-Object Name

Any ideas on how to properly structure that would be appreciated!

Thanks,

Chris

Improve this question

4 Answers 4

Reset to default
14

This is cleaner and will put in a csv.

Import-Module ActiveDirectory $Groups = (Get-AdGroup -filter * | Where {$_.name -like "**"} | select name -expandproperty name) $Table = @() $Record = [ordered]@{ "Group Name" = "" "Name" = "" "Username" = "" } Foreach ($Group in $Groups) { $Arrayofmembers = Get-ADGroupMember -identity $Group | select name,samaccountname foreach ($Member in $Arrayofmembers) { $Record."Group Name" = $Group $Record."Name" = $Member.name $Record."UserName" = $Member.samaccountname $objRecord = New-Object PSObject -property $Record $Table += $objrecord } } $Table | export-csv "C:\temp\SecurityGroups.csv" -NoTypeInformation
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Fantastic! This also allows you to get the groupname into your CSV by using new PS objects. Nice.
This worked for me after I removed [ordered] for PS2.0 (check your version with $PSVersionTable.PSVersion), added -Encoding UTF8 to the Export-CSV to handle non-ascii characters in names, and added -recursive to Get-ADGroupMember to list members of the nested groups (alternately you might want to add the objectClass attribute to the output to distinguish member groups from member users).
4

If you don't care what groups the users were in, and just want a big ol' list of users - this does the job:

$Groups = Get-ADGroup -Filter {Name -like "AB*"} $rtn = @(); ForEach ($Group in $Groups) { $rtn += (Get-ADGroupMember -Identity "$($Group.Name)" -Recursive) }

Then the results: 

$rtn | ft -autosize
Improve this answer

3 Comments

Thanks, I made one small change just to return the name only, which made the script into the following: $Groups = Get-ADGroup -Filter {Name -like "TIG*"} $rtn = @() ForEach ($Group in $Groups) { $rtn += (Get-ADGroupMember -Identity "$($Group.Name)" -Recursive | select-object name) } $rtn | ft' This did return duplicates (since some people are in multiple groups), however for me this was fine as I just copied the results into Excel and removed duplicates. Thanks very much, Chris
Glad I could help.. As a side note, adding: $rtn | select Name -unique | ft -autosize when returning results would have eradicated the duplicates.
This is a little easier with the same results: get-ADGroup -filter {Name -like "AB*"} | get-ADGroupMember | ft -AutoSize Good luck! :)
4 
Get-ADGroupMember "Group1" -recursive | Select-Object Name | Export-Csv c:\path\Groups.csv

I got this to work for me... I would assume that you could put "Group1, Group2, etc." or try a wildcard. I did pre-load AD into PowerShell before hand: 

Get-Module -ListAvailable | Import-Module
Improve this answer

3 Comments

blogs.msdn.com/b/rkramesh/archive/2012/01/17/…
The above link is titled "How to add Active Directory module in PowerShell in Windows 7"
You can not 'put "Group1, Group2, etc.': "Cannot find an object with identity: 'Group1, Group2'"
4

This will give you a list of a single group, and the members of each group. 

param ( [Parameter(Mandatory=$true,position=0)] [String]$GroupName ) import-module activedirectory # optional, add a wild card.. # $groups = $groups + "*" $Groups = Get-ADGroup -filter {Name -like $GroupName} | Select-Object Name ForEach ($Group in $Groups) {write-host " " write-host "$($group.name)" write-host "----------------------------" Get-ADGroupMember -identity $($groupname) -recursive | Select-Object samaccountname } write-host "Export Complete"

If you want the friendly name, or other details, add them to the end of the select-object query.

Improve this answer

1 Comment

Hi user2883951, it works like a charm, however it doesn't display the Group name before it list the username each ?

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.