Resources For IT Professionals
Post an article
Wikis - Page Details
  • First published by (eMicrosof)
  • When: 16 Nov 2010 8:30 AM
  • Last revision by (eMicrosoft Community Contributor, Microsoft Partne)
  • When: 31 May 2012 5:55 PM
  • Revisions: 8
  • Comments: 6
Options
RSSSubscribe to Article (RSS)
Can You Improve This Article?
Positively! Click Sign In to add the tip, solution, correction or comment that will help other users.

Report inappropriate content using these instructions.
Wiki  >  TechNet Articles  >  How to List Active Directory Group Members (dsforum2wiki)

How to List Active Directory Group Members (dsforum2wiki)

How to List Active Directory Group Members (dsforum2wiki)

Here are a few different ways to list members of an Active Directory group:

  1. Using built-in Active Directory command-line tools

    Following command will provide you first name and last name of member of a group:

    dsquery group domainroot -name groupname | dsget group -members | dsget user -fn -ln

  2. Using a filter

    The following filter returns the members of a specific group.
    You have to specify the groups distinguishedName.

    ldifde -f groupMembers.txt -r "(&(objectClass=User)(memberOf=CN=myGroup,OU=MyContainer,DC=myOrg,DC=local))" -l "sAMAccountName,givenName,sn"

  3. Using Adfind (Adfind is a free tool that you can download from www.joeware.net/freetools/tools/adfind/index.htm)

    TO RETRIEVE THE DN OF THE GROUP

    adfind -default -f "(&(objectCategory=group)(name=<GROUPNAME>))" -dsq

    or

    adfind -default -f "(&(objectCategory=group)(name=<GROUPNAME>))" -dn

    TO RETRIEVE THE PROPERTIES (givenName=firstname, sn=surname sAMAccountName, pre-w2k logon name, description=description, cn=full name, displayName=displayname) OF THE MEMBERS OF THE GROUP

    adfind -b "<DN of group>" -asq member givenName sn sAMAccountName description cn displayName

  4. Use PowerShell with free Quest AD Cmdlets (http://www.quest.com/powershell/activeroles-server.aspx), with the following one-liner query.
                          Get-QADGroupMember GROUPNAME
             
               You may also use the -indirect switch to retrieve the nested group membership.

                          Get-QADGroupMember GROUPNAME -indirect

              Conversely, you may also look up the user's direct and indirect group membership with
              the Get-QADMemberOf cmdlet.
 
                            Get-QADMemberOf USERNAME

                            Get-QADMemberOf USERNAME -indirect
 
          5.    Using PowerShell with native AD Cmdlets i.e ADWS/ADMGS
                 (http://technet.microsoft.com/en-us/library/dd378937%28WS.10%29.aspx)

                             Get-ADGroup GROUPNAME -properties members
                
                 For #4 and #5 above, use built-in help to learn more about the Cmdlets and the available syntaxes
 
                  for e.g Help Get-ADGroup -full



References

This article was derived from the forum post Active Directory Saved Query - Group Member Listing.


Other Languages

This article is also available in the following languages:

, , , , , , , , [Edit tags]
Leave a Comment
  • Please add 1 and 1 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • 31 May 2012 5:55 PM

    Yagmoth555 edited Revision 6. Comment: great article ! adding a fr-FR link

  • 24 May 2012 7:22 PM

    Richard Mueller edited Revision 5. Comment: Improved link to Joe Richards' adfind

  • 21 May 2012 8:38 AM

    Fernando Lugão Veltem edited Revision 4. Comment: added tags

  • 9 Feb 2011 9:36 AM

    Ed Price MSFT edited Revision 3. Comment: Updated title case. Minor formatting edits.

Page 1 of 1 (4 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Posted by
    on 31 May 2012 5:55 PM

    Yagmoth555 edited Revision 6. Comment: great article ! adding a fr-FR link

  • Posted by
    on 24 May 2012 7:22 PM

    Richard Mueller edited Revision 5. Comment: Improved link to Joe Richards' adfind

  • Posted by
    on 21 May 2012 8:38 AM

    Fernando Lugão Veltem edited Revision 4. Comment: added tags

  • Posted by
    on 16 Apr 2011 9:44 PM

    I have mentioned another method using PowerShell script in the following blog:

    portal.sivarajan.com/.../list-group-members-in-active.html

  • Posted by
    on 21 Feb 2011 3:11 AM

    Export to Excel with Quest AD Cmdlets:

    Set-QADProgressPolicy -ShowProgress $true -ProgressThreshold 2 | Out-Null

    $gr=Read-Host; $day=Get-Date -UFormat "%Y-%m-%d"; $fle=$gr+"_"+$day+".csv"; Get-QADGroupMember $gr -UseGlobalCatalog -Activity 'Retrieving group' | Sort-Object | select DisplayName,NTAccountName,Email,Company,Department | Get-Unique -asstring | Export-Csv -Encoding unicode -NoTypeInformation -path $env:temp\$fle; Invoke-Item $env:temp\$fle

  • Posted by
    on 9 Feb 2011 9:36 AM

    Ed Price MSFT edited Revision 3. Comment: Updated title case. Minor formatting edits.

Page 1 of 1 (6 items)