Trending
Adil Arif
You are at:»»Powershell – How to check AD Group Membership using Powershell

Powershell – How to check AD Group Membership using Powershell

1
By on HOW-TO, Microsoft, POWERSHELL, WINDOWS SERVER 2008, WINDOWS SERVER 2012

Hi All,

You must have seen my previous article where in we saw how to find out empty groups in Active Directory. Today we will taking a step further and check AD group Membership using Powershell.

Last time, we just queried all the groups that were empty in the AD structure. But today, our requirement is a little different. Assume that you have been provided with a list of groups and your task is find out the Members that are part of each group.

Imagine doing that through the Active Directory Users and Computers, what a nightmare that would be. So let us see how we can leverage the capabilities of powershell to help us achieve this in a much easier way.

Below is the script that we will be using. I will break it down in part by part so that it is easy to understand.

Import-Module ActiveDirectory
$Groups = Get-Content C:\Groups.txt
$output = foreach ($Group in $Groups)
{
if(Get-ADGroup "$Group" -Properties Members | where {-not $_.members})
{
Write-Output "The '$Group' has no Members."
Write-Output "`n"
}
else
{
Write-Output "The members in the '$Group' are:"
Get-ADGroupMember "$Group" | select Name
Write-Output "`n"
}
}
$output | Out-File c:\GroupDetails.txt

At first, we are importing the Active Directory Module to help us load all the AD cmdlets in the current Powershell session.

Next, I have already added the list of groups one per line that needs to queried in the text file called Groups.txt and saved it on the C drive.

Now using Get-Content we will load all the group names and save that into a variable called $Groups.

We now use a foreach loop to check the membership of each and every group. Inside the foreach loop we have an if else statement.

In the IF part, we say that Get-ADGroup and check if it has any members, if not then it will execute that portion and start with the next Group. In the execution part we just simply Output saying that the Group has no members associated with it.

In the ELSE statement we use Get-ADGroupMember cmdlet to list out the members and using select we are just getting the Name of the member.

Finally we save that to a text file called Groupdetails.txt on C drive.

I hope this has been informative and thank you for reading!

PS: I have planned a youtube video channel and made an introductory video which you can find here. Please go ahead and subscribe and I will keep you posted on when the content will be released.

Share.

About Author

I am Adil Arif, working as a Senior Technical Support Engineer at Rubrik as well as an independent blogger and founder of Enterprise Daddy. In my current role, I am supporting infrastructure related to Windows and VMware datacenters.

Related Posts

1 Comment

Leave A Reply