ADManager PlusPowerShellHow to generate and export a report on the group memberships of a specific Active Directory (AD) user

How to generate and export a report on the group memberships of a specific Active Directory (AD) user

The following is a comparison between the steps required for generating a report on the group memberships of an AD user with the Get-ADPrincipalGroupMembership cmdlet of Windows PowerShell and ADManager Plus.

Windows PowerShell

Steps to obtain a report on an AD user's group memberships using PowerShell:

  • Choose which domain you want to generate the report for.
  • Select the LDAP filters that you'll use as parameters for generating the report.
  • Within the Property parameter, specify additional user object properties that should appear in the report.
  • Establish the format in which you want to export the report.
  • Double-check that you've adhered to the appropriate syntax when writing the script.
  • Use Windows PowerShell to compile and execute the script.
  • To generate the report in a different format, or to add additional properties to the reports, modify the script accordingly.

Sample Script:

 Copied
Get-ADPrincipalGroupMembership $JohnDoe | Select-Object -Property Name, GroupScope, GroupCategory | Export-Csv -Path "C:\Scripts\Users.csv" -NoTypeInformation
Click to copy entire script

ADManager Plus

To obtain the report:

  • Select the Groups for Users report from the Nested Groups column of the User Reports section.
  • Select the Domain and select the specific AD user/users whose group memberships you want to determine.
  • Generate the report. Use the Export As option to export the report in any of the desired format—CSV, PDF, XLSX, HTML and CSVDE.

Screenshot

Screenshot of ADManager Plus with users group membership report
Screenshot of ADManager Plus showing all the groups of a specific user in a specific domain

» Start 30-day Free Trial

In Active Directory, the Get-ADPrincipalGroupMembership cmdlet helps retrieve the AD group memberships of users. However, using a script with the Get-ADPrincipalGroupMembership cmdlet to retrieve group membership details of a specific user can prove to be a difficult task because:

  • Minute syntax errors or typographical errors can lead to execution failures.
  • Retrieving group memberships of a specific user using the Get-ADPrincipalGroupMembership cmdlet involves a global catalog to carry out a group search. If the forest in which the user or group exists does not contain a global catalog, then the cmdlet will throw a non-terminating error.
  • Searching for local groups in other domains requires scripts to include the ResourceContextServer parameter to mention an alternate server in that domain.
  • Adding more details to the report—such as adding additional attributes or obtaining the group memberships of multiple users —require scripts to be modified and executed again, which is time-consuming.
  • Exporting a report in a specific format requires a script to be modified accordingly, which increases the complexity of the script.
  • Troubleshooting these scripts require extensive AD and scripting expertise.
  • These scripts can only be executed from computers which have Active Directory Domain Services role.

Therefore, a better and easier way to generate AD reports is by using ADManager Plus, an Active Directory management and reporting tool. ADManager Plus is a web-based solution for all your AD, Exchange, Skype for Business, Google Workspace, and Office 365 management needs. It simplifies several routine tasks such as provisioning users, cleaning up dormant accounts, managing NTFS and share permissions, and more. Besides reporting, you can also build a custom workflow structure that will assist you in ticketing and compliance, automate routine AD tasks such as user provisioning and de-provisioning, and more. Download a free trial today to explore all these features.

Highlights of using ADManager Plus to generate AD reports

ADManager Plus simplifies the process of AD reporting by:

  • Providing script-free reporting.
  • Offering over 150 pre-packaged AD reports that cover the most important information about all AD objects.
  • Allowing you to create your own report using the custom reports feature.
  • Letting you automatically generate reports using the report scheduler. You can also choose to email these reports or store them at a specific location.
  • Enabling on-the-fly management tasks to be performed from within those reports. For instance, perform actions like delete, disable, move, etc, on inactive users generated from the inactive users reports.

Schedule and export reports on AD group membership without PowerShell scripting.

  Get 30-day free trial.
  • Embark on your script-free AD management, reporting, and automation journey with ADManager Plus.
  •  
  • By clicking 'Start your free trial now', you agree to processing of personal data according to the Privacy Policy.
  • Thanks
  • Your download should begin automatically in 15 seconds. If not, click here to download manually.

Related Powershell How-to Guides:

The one-stop solution toActive Directory Management and Reporting

Email Download Link