Active Directory is a very widely-used access rights management system and it is bundled with Windows Server. PowerShell is integrated into Windows Server as well and it provides you an excellent way to get all of the user account data in an AD group extracted to a CSV file.
The management console for Active Directory has limited features and it can often be easier to just use the straightforward search, sort, and filter facilities in Microsoft Excel instead. Reading a CSV file into Excel is very easy, so you just need to know how to get that file created.
This guide is a quick read and gives you four easy-to-follow steps explaining how to export AD group members by using PowerShell.
Step One: Setting up
Type powershell into the Start search field and click on Run as Administrator.
Click on Yes in the User Account Control screen to continue.
In the PowerShell window, type:
This lists all PowerShell utilities. If you don’t see Active Directory near the top of the list, enter the following on Windows Server:
Install-WindowsFeature -Name RSAT-AD-PowerShell
On Windows 10, in PowerShell, run the following:
Get-WindowsCapability -Name RSAT* -Online | Add-WindowsCapability –Online
The installation process takes a long time. You will see a progress bar at the top of the screen in the form of a growing line of “o”.
Run the Get-Module query again to confirm that the Active Directory module is now available.
Step Two: Get the group name
You will need to know the name of the group that you are going to extract. If you’re not quite sure what it is called you can list all group names to jog your memory.
get-adgroup -filter * | sort name | select Name
Note the name of the group that interests you.
Step Three: Look at the membership list
If you want to look at the list of group members, type:
Get-AdGroupMember -identity "group_name"
Substitute the name of your group for group_name. This is not an essential step to extract the member list. However, it is a good confirmation that there are actually members in the group and it also checks that you spelled the group name correctly when you wrote it down.
Step Four: Perform the export
Now that all systems are go, you can launch the extract. In order to do this, you just have to pipe that last group member query into a file:
Get-AdGroupMember -identity "Group Name"| Export-csv -path C:\a_path\filename.csv -NoTypeInformation
Make sure you substitute the real path and name for your export file.
Read this file into Excel to use its data searching facilities.
Use a third-party tool for Active Directory management
The PowerShell system is great for getting user account information out of Active Directory. However, loading new user accounts into Active Directory is difficult with PowerShell.
A better solution for uploading user accounts is the Admin Bundle for Active Directory from SolarWinds.
This package of three Active Directory utilities is free to use. The other tools in the bundle assist in account removal. The Admin Bundle’s three components are:
- User Import Tool Create Active Directory user account entries in bulk by uploading them from a CSV file. The interface allows you to specify the columns that are contained in the file and map them to AD fields.
- Inactive User Account Removal Tool This utility will scan Active Directory and help you to remove users who have not logged in for a certain amount of time.
- Inactive Computer Account Removal Tool With this facility, you can identify defunct device entries and remove them.
Active Directory administration
A badly organized Active Directory database is harder to manage than a well-planned system. Use free tools and system utilities to get a grip on the records in the AD system. Abandoned accounts and orphaned entries are particularly risky because they offer facilities to intrusion and so it is very important to ensure that all of the accounts that you have listed in Active Directory are still in use.