How to generate and export report containing members of a specific AD group
The following is a comparison between obtaining a report containing members of a specific group in AD with Windows PowerShell and ADManager Plus.
Windows PowerShell
Steps to obtain members of a particular group using PowerShell:
- Identify the domain from which you want to retrieve the report.
- Identify the LDAP attributes you need to fetch the report.
- Identify the primary DC to retrieve the report.
- Compile the script.
- The script must contain the filter to mention the LDAP names of the groups whose members should be listed and additional conditions must be put forth for the group(s) in question being not empty.
- Execute it in Windows PowerShell.
- The report will be exported in the given format.
- To obtain the report in a different format, modify the script accordingly to the needs of the user.
Sample Windows PowerShell script:
Copied
$groupsusers=get-adgroup
-ldapFilter
'(&(objectCategory=group)
(name=administrators))' |
ForEach-Object{
$settings=
@{Group=$_.DistinguishedName;
Member=$null}
$_ | get-adgroupmember |
ForEach-Object{
$settings.Member=$_.DistinguishedName
New-Object PsObject -Property $settings
}
}
$groupsusers |
Export-Csv C:\Scripts\GroupsUsers.csv
-NoTypeInformation
Click to copy entire script
ADManager Plus
To obtain the report,
- Select Group Members from Group Reports section.
- Select the domain and OU.
- Select the desired group(s) from the 'Group' field or enter the name of the group and click search button. Click Generate.
- Select Export as to export the report in any of the preferred formats (CSV, PDF, HTML, CSVDE and XLSX).
Screenshot
ยป Start 30-day Free Trial
Following are the limitations to obtain report of members of a particular AD group using native tools like Windows PowerShell:
- Classifying members based on object type requires modification in the script.
- Changing the script to get nested group members will increase the complexity. Also we cannot assure the number of iterations it requires.
- Each time we should change the group name in the query to get result for different groups.
- Difficult to export in other formats.
- We can run this script only from the computers which has Active Directory Domain Services role.
ADManager Plus has a built-in feature of Group Members Report to list the details of the Group(s) and its members in a report which can be exported in any of the preferred formats.