• Chris Keim

List all AD Security Group Members including any of their Properties

Recently, I needed to create a report listing all Active Directory (AD) users, computers, managed service accounts, and security groups from a very large AD security group. I could have generated the data and slopped it together, manually typing some of the info. But, I wanted all the data in one clean report without having to type or combine outputs. So I came up with this script.

PowerShell Script

The following script will create a report of all the members of a specific group. This includes users, other security groups, managed service accounts, and computers. Along with these other object types, this script also includes the object type, whether the user account is enabled, when the password was last set for the user, and if the password is set to never expire.

  1. Modify $strADGroup with the name of the AD security group you want to generate the report for.

  2. Modify $objReport with the full path and file name for the CSV report.

  3. Optionally, modify the $objArray += lines to add additional properties.

  4. Optionally, un-comment the last line to display the results in a PowerShell grid view.

PowerShell Function

This function does the same as the PowerShell script above, except allows you to call it whenever you want without pasting code. To use the function, you need to save it, dot source it, then call it.

  1. Save the file as a .ps1 file.

  2. Dot source the function. Open PowerShell and run . .\scriptName.ps1

  3. Now you can call this function Get-GroupMemberObjectReport from within PowerShell and provide the following parameters:

So an example of the function could be:

Have fun!

21 views0 comments