List members of Active Directory groups
This PowerShell script uses the Get-ADGroup cmdlet to retrieve a list of all groups in Active Directory and then loops through each group. For each group, it uses the Get-ADGroupMember cmdlet to retrieve a list of all members of the group.
$groups = Get-ADGroup -Filter * # get all groups in AD
foreach ($group in $groups) {
$members = Get-ADGroupMember $group | Where-Object { $_.objectClass -eq "user" } # get user members of the group
$membersData = foreach ($member in $members) {
$user = Get-ADUser $member -Properties DisplayName, EmailAddress
[PSCustomObject] @{
GroupName = $group.Name
MemberName = $user.DisplayName
MemberEmail = $user.EmailAddress
}
}
$membersData | Export-Csv -Path "C:\Groups\$($group.Name).csv" -NoTypeInformation # output to CSV file
}
If the $members array is not empty (i.e. the group has at least one member), the script creates a $membersData array using another foreach loop to iterate through each member of the group. For each member, the script uses the Get-ADUser cmdlet to retrieve the user object for that member and store the display name and email address properties.
Then, the script creates a [PSCustomObject] that includes the name of the group, the display name of the member, and the email address of the member. The script stores each of these custom objects in the $membersData array.
Finally, the script exports the $membersData array to a CSV file, named after the group, using the Export-Csv cmdlet.
So, the result of this script is to create a separate CSV file for each group that has at least one member, with each row in the CSV file listing the name of the group, the display name of the member, and the email address of the member.
Note that these scripts assume that the folder C:\Groups already exists, and writes the output files to that folder. You may need to create this folder manually before running the script.
Pulling Contacts as well
This PowerShell script retrieves a list of all groups in Active Directory using the Get-ADGroup cmdlet and loops through each group. For each group, it uses the Get-ADGroupMember cmdlet to retrieve a list of all members of the group. It filters out non-user objects by checking the objectClass property for the value "user" using the Where-Object cmdlet.
For each user member of the group, it retrieves additional information such as DisplayName and EmailAddress using the Get-ADUser cmdlet. It then creates a custom object with the GroupName, MemberName, and MemberEmail properties for each member and adds it to the $membersData array.
Finally, the script exports the $membersData array to a CSV file with the group name in the file name using the Export-Csv cmdlet. The -NoTypeInformation switch is used to exclude the data type information from the output CSV file.
This script can be useful for retrieving a list of group members with their display name and email address for auditing or reporting purposes. However, it should be noted that the Get-ADGroupMember cmdlet may have performance issues when used on large groups with many members. In such cases, it may be better to use alternative methods, such as using the Get-ADGroup cmdlet to retrieve the group's member attribute directly, which is a multivalued attribute that contains the distinguished names of the group's members.
PowerShell script:
$groups = Get-ADGroup -Filter * # get all groups in AD
foreach ($group in $groups) {
$members = Get-ADGroupMember $group | Where-Object { $_.objectClass -eq "user" -or $_.objectClass -eq "contact" } # get user and contact members of the group
$membersData = foreach ($member in $members) {
$user = Get-ADUser $member -Properties DisplayName, EmailAddress
[PSCustomObject] @{
GroupName = $group.Name
MemberName = $user.DisplayName
MemberEmail = $user.EmailAddress
}
}
$membersData | Export-Csv -Path "C:\Groups\$($group.Name).csv" -NoTypeInformation # output to CSV file
}