List All Groups and Their Members with PowerShell on Win2008r2

Question

I am new to powershell, but I've been reading manuals and practiced a little bit. My objective is to List all users in all Security Groups under specified path. I have found the way to do it:

 get-adgroup -Filter * -SearchBase "OU=Groups,DC=corp,DC=ourcompany,DC=Com"  | %{Get-ADGroupMember $_.name} | ft name

But the problem is I do not see the group name. All I get is a bunch of users. It would be nice if someone could tell me how to display the group name before all the members of this group get listed. Thanks.

Answer 1

Gimme the codes! powers, activate!

$Groups = Get-ADGroup -Properties * -Filter * -SearchBase "OU=Groups,DC=corp,DC=ourcompany,DC=Com" 
Foreach($G In $Groups)
{
    Write-Host $G.Name
    Write-Host "-------------"
    $G.Members
}

The point being, just take your time and break it out into steps. I know that it's fun to try to get everything and the kitchen sink to fit into a one-liner with Powershell, but it's by no means required.

A few notes:

• You don't need to do Get-ADGroupMember if you collect the Members property in the initial Get-ADGroup Cmdlet. The good thing about this is that it halves the amount of calls you have to make to AD, which should make your script run faster, and it eases the burden on the domain controller.

• $G.Members will display all members of the group $G... in Powershell 3. In Powershell 2, you might still need to put another Foreach inside the Foreach there to enumerate through the group members. (Yo dawg, I heard you like loops...)

• I use Write-Host here, which is gross. You should never really use Write-Host. Instead, you should be building and outputting objects, not text, but that was a whole other topic and I was too lazy to do that for this answer.

Answer 2

Here is a much better solution. This will put everything in a 3 column csv with group name, username, and sam account name. A lot easier to figure out what group someone is in when there's 400 users in a group as you don't have to scroll.

Import-Module ActiveDirectory

$Groups = (Get-AdGroup -filter * | Where {$_.name -like "**"} | select name -ExpandProperty name)

$Table = @()

$Record = @{
  "Group Name" = ""
  "Name" = ""
  "Username" = ""
}


Foreach ($Group in $Groups) {

  $Arrayofmembers = Get-ADGroupMember -identity $Group -recursive | select name,samaccountname

  foreach ($Member in $Arrayofmembers) {
    $Record."Group Name" = $Group
    $Record."Name" = $Member.name
    $Record."UserName" = $Member.samaccountname
    $objRecord = New-Object PSObject -property $Record
    $Table += $objrecord

  }
}

$Table | export-csv "C:\temp\SecurityGroups.csv" -NoTypeInformation

Answer 3

I had to add .name after $group to make this work for me.

$Arrayofmembers = Get-ADGroupMember -identity $Group.name -recursive | select name,samaccountname

Answer 4

If you ever run into the Size Limit issue with groups containing more than 5000 members, you can change the one line as follows:

$Arrayofmembers = (Get-ADGroup $Group -Properties member).member | Get-ADUser -Properties *

Answer 5

Here is a scripts that exports all groups in a OU to a seperate file for each group with the group name and description. If someone wants that..

$groups = Get-ADGroup -filter * -SearchBase "OU=XXX, DC=XX,DC=XX"
ForEach ($g in $groups) 
{
$path = "c:\scripts\" + $g.Name + ".csv"
Get-ADGroup -Identity $g.Name -Properties * | select name,description | Out-File $path -Append

$results = Get-ADGroupMember -Identity $g.Name -Recursive | Get-ADUser -Properties displayname, name 

ForEach ($r in $results){
New-Object PSObject -Property @{       

    DisplayName = $r.displayname | Out-File $path -Append
  }
}   
}