10

I need to return all members of multiple security groups using PowerShell. Handily, all of the groups start with the same letters.

I can return a list of all the relevant security groups using the following code:

Get-ADGroup -filter 'Name -like"ABC*"' | Select-Object Name

And I know I can return the membership list of a specific security group using the following code:

Get-ADGroupMember "Security Group Name" -recursive | Select-Object Name

However, I can't seem to put them together, although I think what I'm after should look something like this (please feel free to correct me, that's why I'm here!):

$Groups = Get-ADGroup -filter 'Name -like"ABC*"' | Select-Object Name
ForEach ($Group in $Groups) {Get-ADGroupMember -$Group -recursive | Select-Object Name

Any ideas on how to properly structure that would be appreciated!

Thanks,

Chris

Improve this question

4 Answers 4

Reset to default
14

This is cleaner and will put in a csv.

Import-Module ActiveDirectory

$Groups = (Get-AdGroup -filter * | Where {$_.name -like "**"} | select name -expandproperty name)


$Table = @()

$Record = [ordered]@{
"Group Name" = ""
"Name" = ""
"Username" = ""
}



Foreach ($Group in $Groups)
{

$Arrayofmembers = Get-ADGroupMember -identity $Group | select name,samaccountname

foreach ($Member in $Arrayofmembers)
{
$Record."Group Name" = $Group
$Record."Name" = $Member.name
$Record."UserName" = $Member.samaccountname
$objRecord = New-Object PSObject -property $Record
$Table += $objrecord

}

}

$Table | export-csv "C:\temp\SecurityGroups.csv" -NoTypeInformation
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Fantastic! This also allows you to get the groupname into your CSV by using new PS objects. Nice.
This worked for me after I removed [ordered] for PS2.0 (check your version with $PSVersionTable.PSVersion), added -Encoding UTF8 to the Export-CSV to handle non-ascii characters in names, and added -recursive to Get-ADGroupMember to list members of the nested groups (alternately you might want to add the objectClass attribute to the output to distinguish member groups from member users).
4

If you don't care what groups the users were in, and just want a big ol' list of users - this does the job:

$Groups = Get-ADGroup -Filter {Name -like "AB*"}

$rtn = @(); ForEach ($Group in $Groups) {
    $rtn += (Get-ADGroupMember -Identity "$($Group.Name)" -Recursive)
}

Then the results: 

$rtn | ft -autosize
Improve this answer

3 Comments

Thanks, I made one small change just to return the name only, which made the script into the following: $Groups = Get-ADGroup -Filter {Name -like "TIG*"} $rtn = @() ForEach ($Group in $Groups) { $rtn += (Get-ADGroupMember -Identity "$($Group.Name)" -Recursive | select-object name) } $rtn | ft' This did return duplicates (since some people are in multiple groups), however for me this was fine as I just copied the results into Excel and removed duplicates. Thanks very much, Chris
Glad I could help.. As a side note, adding: $rtn | select Name -unique | ft -autosize when returning results would have eradicated the duplicates.
This is a little easier with the same results: get-ADGroup -filter {Name -like "AB*"} | get-ADGroupMember | ft -AutoSize Good luck! :)
4 
Get-ADGroupMember "Group1" -recursive | Select-Object Name | Export-Csv c:\path\Groups.csv

I got this to work for me... I would assume that you could put "Group1, Group2, etc." or try a wildcard. I did pre-load AD into PowerShell before hand: 

Get-Module -ListAvailable | Import-Module
Improve this answer

3 Comments

blogs.msdn.com/b/rkramesh/archive/2012/01/17/…
The above link is titled "How to add Active Directory module in PowerShell in Windows 7"
You can not 'put "Group1, Group2, etc.': "Cannot find an object with identity: 'Group1, Group2'"
4

This will give you a list of a single group, and the members of each group. 

param
(   
    [Parameter(Mandatory=$true,position=0)]
    [String]$GroupName
)

import-module activedirectory

# optional, add a wild card..
# $groups = $groups + "*"

$Groups = Get-ADGroup -filter {Name -like $GroupName} | Select-Object Name

ForEach ($Group in $Groups)
   {write-host " "
    write-host "$($group.name)"
    write-host "----------------------------"

    Get-ADGroupMember -identity $($groupname) -recursive | Select-Object samaccountname

 }
write-host "Export Complete"

If you want the friendly name, or other details, add them to the end of the select-object query.

Improve this answer

1 Comment

Hi user2883951, it works like a charm, however it doesn't display the Group name before it list the username each ?

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.