Manage your privacy

To provide the best experiences, we and our partners use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us and our partners to process personal data such as browsing behavior or unique IDs on this site and show (non-) personalized ads. Not consenting or withdrawing consent, may adversely affect certain features and functions.

Click below to consent to the above or make granular choices. Your choices will be applied to this site only. You can change your settings at any time, including withdrawing your consent, by using the toggles on the Cookie Policy, or by clicking on the manage consent button at the bottom of the screen.

Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Statistics

Marketing

Features
Always active

Always active
Manage options Manage services Manage vendors Read more about these purposes
Manage options
{title} {title} {title}
Manage your privacy
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Statistics

Marketing

Features
Always active

Always active
Manage options Manage services Manage vendors Read more about these purposes
Manage options
Privacy Policy {title}
  • Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar
OpenTechTips

OpenTechTips

Comprehensive IT Guides for Pros and Enthusiasts

MENUMENU
  • HOME
  • ALL TOPICS
    • Exchange
    • InfoSec
    • Linux
    • Networking
    • Scripting
      • PowerShell
    • SSL
    • Tools
    • Virtualization
    • Web
    • Windows
  • ABOUT
  • SUBSCRIBE
Home » How to Export Users from Nested AD Groups

How to Export Users from Nested AD Groups

October 17, 2020 - by Zsolt Agoston - last edited on October 18, 2020

In a real-life IT environment, it is inevitable to have nested groups, one containing another, which contains another, etc.

To get all the users who are members of those groups, the following GetADGroup function will help us. It displays all the member users, no matter how deep the nested structure goes.

# GetADGroup

Plain text
Copy to clipboard
Open code in new window
EnlighterJS 3 Syntax Highlighter
<#
Script to retrieve the members of specified groups, checking the nested members, removing duplicates
#>
function GetADGroup {
param ( [string]$Member )
$members = @()
Get-ADGroupMember $Member | %{
if ($_.objectClass -eq "group") { GetADGroup -Member $_.distinguishedName
} else { $members += $_.name }
}
$result = ($members | Sort -Unique)
return $result
}
# Example: getting the members of the group called "All Users"
GetADGroup -Member "All Users" | Sort -Unique
# Example: export user list to a csv file
$group = "All Users"
GetADGroup -Member $group | Sort -Unique | % { [pscustomobject]@{"Group" = $group; "Member" = $_} | Export-Csv "$group members.csv" -Append -NoTypeInformation}
<# Script to retrieve the members of specified groups, checking the nested members, removing duplicates #> function GetADGroup { param ( [string]$Member ) $members = @() Get-ADGroupMember $Member | %{ if ($_.objectClass -eq "group") { GetADGroup -Member $_.distinguishedName } else { $members += $_.name } } $result = ($members | Sort -Unique) return $result } # Example: getting the members of the group called "All Users" GetADGroup -Member "All Users" | Sort -Unique # Example: export user list to a csv file $group = "All Users" GetADGroup -Member $group | Sort -Unique | % { [pscustomobject]@{"Group" = $group; "Member" = $_} | Export-Csv "$group members.csv" -Append -NoTypeInformation}
<#
Script to retrieve the members of specified groups, checking the nested members, removing duplicates
#>

function GetADGroup {
param ( [string]$Member )
 
$members = @()
Get-ADGroupMember $Member | %{
               if ($_.objectClass -eq "group") { GetADGroup -Member $_.distinguishedName
               } else { $members += $_.name }
}
$result = ($members | Sort -Unique)
 
return $result
}
 
# Example: getting the members of the group called "All Users"
GetADGroup -Member "All Users" | Sort -Unique

# Example: export user list to a csv file
$group = "All Users"
GetADGroup -Member $group | Sort -Unique | % { [pscustomobject]@{"Group" = $group; "Member" = $_} | Export-Csv "$group members.csv" -Append -NoTypeInformation}

Example - Export "All Users"

In our test system we have three AD groups nested in each other, all of them contain a certain number of users. On the top of that, Alice user is a member of all three groups. See the diagram below:

How to Export Users from Nested AD Groups

After running the query, here is the result:

How to Export Users from Nested AD Groups

Reader Interactions

Comments Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Tools

Secondary Sidebar

CONTENTS

  • # GetADGroup
  • Example – Export “All Users”

  • Terms of Use
  • Disclaimer
  • Privacy Policy