none
Tools to export users in security groups active directory

    Question

  • I been looking tools quite a while, until now there is no one able to give perfect answers.
    Tools able to export list users from security groups.
    Export file can be CSV or Excel, with containing "Name of person" and "Email Address"

    Wednesday, May 25, 2011 4:12 AM

Answers

All replies

  • If you can't with ldifde, I would consider either a 3rd party ldap browser or making powershell script
    Vincenzo MCTS, MCTIP Server 2008 | MCTS Exchange 2010 | WatchGuard Firewall Security Professional
    Wednesday, May 25, 2011 5:27 AM
  • Hi,

    Please refer to the following blog.

    How to list Active Directory group members
    http://blogs.technet.com/b/activedirectoryua/archive/2010/11/22/ds-forum-how-to-list-active-directory-group-members.aspx

    Brent
    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”
    Wednesday, May 25, 2011 6:01 AM
    Moderator
  • Hello,

    Have a look the below articles.

    http://social.technet.microsoft.com/wiki/contents/articles/quest-powershell-for-active-directory.aspx

    http://social.technet.microsoft.com/wiki/contents/articles/dsquery-commands.aspx


    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
    Wednesday, May 25, 2011 6:07 AM
  • Hi,

    Try the ADmanager tool to export security group members list in csv or excel.

     

    http://www.manageengine.com/products/ad-manager/

     

     


    Regards, Abhay Jagdish Singh.
    Wednesday, May 25, 2011 6:09 AM
  • Check the below tool.

    http://www.dovestones.com/

     

    Regards  


    Awinish Vishwakarma| CHECK MY BLOG

    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights.

    Wednesday, May 25, 2011 6:14 AM
    Moderator
  • Hi,

    There are plenty of ways and tools to do this. You can even use the Active Directory Users and Computers console to query the group membership and export a list of its members. This provides you an easy way to export it to csv:
    Create a new "Saved Query", and set its Name, Query root, and to include subcontainer. Then define the query. Select Custom Search and switch to the Advanced tab. Here you simply enter "memberOf=" followed by the group DN (you can get this by running dsquery group -samid "Group Name"). Like this:
    memberOf=CN=Group Name,OU=Groups,DC=domain,DC=local

    No quotes around the group DN, and make sure that everything is on one line only. (Even though it may wrap at the end, that's ok, it  just has to be one long line)

    This should return the group members, and you can change to columns to just show Name and mail, then right click the query and Export List, and select CSV.

     

    Other tools:

    You can use dsquery/dsget (you may have to pipe to output to "find.exe" before "dsget user" to filter security groups):
    dsquery group -samid "Group Name" | dsget group -members | dsget user -display -email

    You can use PowerShell (easier with 2008 R2 cmdlets):
    Get-ADGroupMember "Group Name" | Get-ADUser | Select-Object Name, mail | Export-Csv -Path "C:\Temp\Output.csv" -NoTypeInformation

    You can use ADFind.exe:
    adfind -default -f name="Group Name" member -list | adfind name mail -nodn -csv

     


    Andreas Hultgren
    MCTS, MCITP
    http://ahultgren.blogspot.com/
    • Marked as answer by Oneoa Wednesday, May 25, 2011 7:09 AM
    • Unmarked as answer by Oneoa Wednesday, January 30, 2013 5:58 AM
    Wednesday, May 25, 2011 6:25 AM
  • @A.Hultgren

    Great Post! I think you solve my problem on by using "Saved Query", this question resolved on this answer.

    Talking about other tools, i'm using PowerGUI Script Editor or PowerGUI it self.

    Is it possible to use this command "Get-ADGroupMember "Group Name" | Get-ADUser | Select-Object Name, mail | Export-Csv -Path "C:\Temp\Output.csv" -NoTypeInformation" on PowerGUI Script Editor?


    Wednesday, May 25, 2011 7:09 AM
  • Where I work we use DameWare NT Utilities 6.9.0.4.  I can easily copy the members of a group and paste them into a spreadsheet.

    On the down side the very same program does not allow me to copy the group membership for a specific user and paste that into a spreadsheet.

    Update:

    Checked out PowerGUI and agree with Oneoa.  PowerGUI is excellent for exporting what groups a user is a member of as well a members of a group.

     


    • Proposed as answer by Stusteel Thursday, April 16, 2015 7:27 AM
    Wednesday, June 08, 2011 9:41 PM
  • Hi Try out Lepide Active Directory and Management tool to export security group member list in csv or excel. Moreover you can generate a report of all your exported group members. Try out its free version.

    http://www.lepide.com/active-directory-manager/

    Thanks

    Thursday, November 29, 2012 12:54 PM
  • I just sued the SystemTools, DUMPSEC and works on Win2008R2 with no problem!

    Free and fantastic, including NTFS permissions...

    Tuesday, January 29, 2013 1:17 PM
  • No body in this thread give perfect solution.

    I found my own.

    Here is the best.

    http://ctxadmtools.musumeci.com.ar/ADGroupMembers/ADGroupMembers11.html


    Other then this this also help me a lot.

    http://ctxadmtools.musumeci.com.ar/ADShowUserGroups/ADShowUserGroups10.html


    • Marked as answer by Oneoa Wednesday, January 30, 2013 5:59 AM
    • Edited by Oneoa Wednesday, January 30, 2013 6:01 AM
    Wednesday, January 30, 2013 5:59 AM
  • On the contrary, Oneoa -  your links are broken and useless.

    I found the powershell solution proposed by Andreas to work perfectly for me.

    Thank you Andreas !

    Thursday, October 17, 2013 9:20 PM
  • These links to CtxAdmTools tools are broken.

    The new link to the AD Group Members tool is

    http://adgroupmembers.ctxadmtools.com

    The new link to the AD User Info tool is

    http://aduserinfo.ctxadmtools.com

    -------

    Guillermo



    Monday, September 01, 2014 11:16 PM
  • try this

    

    Import-Module ActiveDirectory

    Get-ADGroupMember -identity “Name of Group” | select name | Export-csv -path C:\Output\Groupmembers.csv -NoTypeInformation


    Regards, Riaz Javed Butt | Consultant Microsoft Professional Services MCITP, MCITP (Exchange), MCSE: Messaging, MCITP Office 365 | msexchgeek.wordpress.com

    Wednesday, October 15, 2014 5:10 PM
  • Hi, is there any way to script sending group members of all groups in a single domain to respective group owners, i want to schedule regular review of group membership? Something like here is a list of all the groups you manage with users in these groups, please review and provide feedback? Thank you
    Friday, February 13, 2015 8:14 PM
  • Not workable: This is third party once you installed after registration it is asked for money to fetch data by updating software.  
    Thursday, March 17, 2016 11:38 AM
  • Below I will paste a script of mine. You can modify it to interactively ask for the name of the OU of interest or to take it from the command line. It lists all security groups in the OU of interest starting with the group name, description and date of creation. The members are listed with their names as well as first name and last name if they are not empty. If a member is a group itself it is being identified as such. At the bottom the empty groups are listed together with their descriptions.  We have two domains in our forest but I simplified the script before posting here for a single domain. 
    You can redirect the output to a file by using > or >> when calling the script or alternatively you can use tee-object

    A typical output  looks like this on the attached picture (in the example the Organizational unit of interest is "MATH")

    Typical output of the script - Example

    Here is the script itself.  Please make sure you edit the domain to yours @ line 4

        # Get-MembersOfSecurityGroups, written by Mario Ivanov 2014/2015
        # 
        $ou="MATH"  # this is the name of the Organizational unit of interest
        $searchBase = "OU=" + $ou + ",DC=microsoft,DC=com" # please edit to reflect your actual domain. 
        $EmptyGroups=""
        $EmptyCounter=0
        
        $DCserver=(Get-ADDomainController).hostname
        $isUnit=Get-ADorganizationalunit -filter 'name -like $ou'  -server $DCserver
        if ($isUnit.length -eq 0){
            "$ou does not exist "
            exit 
        }
        ("`r`nSecurity Groups membership in "+ $ou+"`r`n"+"="*92) 
        $groups = Get-ADGroup -Filter * -SearchBase $searchBase -server $DCserver -Properties * | Sort Name
        foreach ($group in $groups) {
            
            $GroupNameandCreation=("{0,-68} {1,0} {2,0} " -f  $group.Name, "Created: ", $group.whencreated.ToString("yyyy, MMM dd"))
            if ($group.description -eq $Null){$GRDescription=""}
            else {$GRDescription="Description: "+$group.description+"`r`n"}
            ("`r`n`r`n$GroupNameandCreation `r`n" +$GRDescription+ "-"*92) 
           
            $membernames=Get-ADGroupMember $group | sort SamAccountName
            if ($membernames.count -eq 0){ #Count and collect empty groups info
                $EGrow=("{0,-60} {1,-3} {2,-6} " -f $group.samaccountname, ":", $group.description)
                $EmptyGroups+=($EGrow+"`r`n")
                $EmptyCounter++
            }
            Foreach ($member in $membernames){
                #we want to check each member if a group or a single user.
                $isUser=$member.objectClass
                
                              
                if ($isUser -ne "group"){
                    $ADMember=get-ADUser $member
                    $given=$ADMember.GivenName  #using member.SamAccountName instead of member speeds up the process but causes err msgs for some accounts
                    $Sur  =$ADMember.Surname    #using member.SamAccountName instead of member speeds up the process but causes err msgs for some accounts
                    "{0,-20} {1,-20}" -f $member.SamAccountname,($given+" "+ $sur)               
                }
                else{
                    "{0,-20} {1,-20}" -f $member.SamAccountname,("-- AD Group") 
                }
            }
    
        }
        $totalCounter=$groups.count
        if ($totalCounter -ge 0){
            "`r`n`r`n-- There are $TotalCounter groups in $ou --`r`n" 
        }
        if ($EmptyCounter -gt 0){
            "`r`n======= Empty groups in $domain\$ou =========`r`n`r`n$EmptyGroups" 
            "`r`n-- There are $emptycounter empty groups in $ou --`r`n`r`n" 
        }
        
    

    Thursday, September 22, 2016 6:11 PM
  • Hi Mario

    Apologies for a basic question but where in the script would you add the output file?

    Example:
    Export-csv -path C:\temp\Groupmembers.csv

    Thank you
    Wednesday, September 28, 2016 8:40 PM
  • hi Pelchat,

    the quick answer is - I wouldn't. The way I formatted the output is not appropriate for a CSV file.It should be a plain text file.

    It looks best in Notepad when a mono-spaced font is chosen. What you can do is just redirect the standard output to a file when you call the script, e.g. if the script is named Get-MembersOfSecurityGroups.ps1, you call it this way:

    Get-MembersOfSecurityGroups.ps1 > c:\users\Pelchat\My documents\members.txt

    In my original script I analyze the command line and output to a file if a /f switch is used. The script constructs the name of the file by using the name of the OU of interest and the current date and time, e.g. Math-ADGroupsMembers-20160929-13h40m45s.txt   This way I always save to a unique filename without actually specifying any part of it.  Also I output simultaneously to the screen and to the file by using the tee-object commandlet. Here for simplicity I removed all those whistles and bells.

    Thursday, September 29, 2016 9:43 PM