- Open the Powershell ISE on your domain controller → Run the following Powershell script, specifying the CSV path where you want to export the results:
$nameofgroup= 'Domain Admins'
$groupsusers=Get-ADGroup -Identity $nameofgroup |
$_ | Get-ADGroupMember |
New-Object PsObject -Property $settings
$groupsusers | Export-Csv C:\scripts\GroupsUsers.csv –NoTypeInformation
With this script, you will get a list of all members of the specified Active Directory group in a CSV file.
- Run Netwrix Auditor → Navigate to “Reports” → Expand the “Active Directory” section → Go to “Active Directory – State-in-Time” → Select “Group Members” → Click “View”.
You can easily restrict the report to the members of a specific group. For instance, to see just the members of the Domain Admins group, enter “\com\enterprise\Users\Domain Admins” in the “Group Path” filter → Click “View Report”.
- To export the report to a CSV file click the "Export" button → Choose CSV format from the dropdown menu → Click "Save".
Stop Using PowerShell Scripting Every Time You Need to List AD Group Members
Using PowerShell is an option for AD administration, provided you are really good with scripting and have the time to spend on it. For example, you can use one of the Active Directory PowerShell commands, Get-ADGroupMember cmdlet, to get a list of Active Directory group members. However, the results are provided in a format that’s very hard to read and not really suitable for analysis. Moreover, what if you need to get a list of the members of each of multiple security groups? After all, for any security-cautious company, regular review of the membership of all privileged Active Directory groups is a basic security practice. Do you have time to run a Windows PowerShell script for each group you need to review on a regular basis and pore through the cryptic output?
Netwrix Auditor for Active Directory enables you to get a list of AD group members in just a few clicks. You can get information about every group in your domain, or filter the results to detail just the one you are interested in. The information is provided in a human-readable format and can be easily understood by any business user in your company, so you can share the report with department managers and get them involved into privilege attestation.
Moreover, Netwrix Auditor for Active Directory also reports on changes and logon events, as well as the configuration of your Active Directory system, such as effective group membership, inactive user and computer accounts, effective permissions to Active Directory objects, and more. It can also alert you about threat activity to speed detection and response. And it provides an interactive search to streamline investigations, and predefined and custom reports with filtering, exporting and subscription options. This broad functionality streamlines a wide range of tasks, from change and access monitoring to privilege attestation to detection of anomalous activity.
Even better, Netwrix Auditor for Active Directory is a part of the Netwrix Auditor platform, which provides visibility into 12 additional on-premises and cloud-based systems, including Microsoft Exchange, SharePoint, Office 365, Azure AD, SQL Server and network devices.