List Members (and email addresses) of an Active Directory group.

Recently i was asked to list a: all members of an active directory group, and b: pull their primary email address, leaving me with an end report of username and primary email address.

I used dsget to pull the user information from the group, below is the command i used:

dsget group “cn=Groupname,ou=DLs,ou=Exchange Recipients,dc=ie,dc=domain,dc=company,dc=com” -members >> 1.txt

the above command enumerates the “groupname” group in an ou called dls, in an ou called exchange recipients in the domain ie.domain.company.com. if your ou or domain structure is different trim out (or add) what you need.  The -members at the end of the file will dump only the usernames in FQDN format.

Once the script is run check the current directory for a textfile called 1.txt.  This text file will contain the usernames you need in FQDN format like below:

“CN=Tom Thumb (IE),ou=Dublin,dc=ie,dc=domain,dc=company,dc=com”
“CN=Mike Hunt (IE),ou=Dublin,dc=ie,dc=domain,dc=company,dc=com”

In order to get the email address’es i decided not to try and read from the file, instead i just ran the same command again and piped the results to another dsget query.

dsget group “cn=Groupname,ou=DLs,ou=Exchange Recipients,dc=ie,dc=domain,dc=company,dc=com” -members | dsget user -email >> 2.txt

The above will pull the results we saw in 1.txt, but instead it passes it straight into another query (dsget user -email) and sends those results to a text file. 2.txt should contain the users primary email address:

tom.thumb@company.com
mike.hunt@company.ie

Now simply copy the contents on both text files into neighboring columns in excel and you have your report :)

Update: 13/08/2012

An old friend of mine Rob reminded me that this post existed and wondered how to do it with powershell. Luckily This is much, much easier to do with Windows Powershell!

On a server with the active directory module for powershell installed (normally a domain controller), run the following commands: (replace the group name with your own one).

 

[sourcecode language=”PowerShell”]

#######Change the below values#######
$groupname = "My Group Name"
$exportfile = c:tempreport.csv
#####################################

if (!(get-module -ListAvailable | where {$_.name -eq "ActiveDirectory1"} -ea 0)){
write-warning "The ActiveDirectory PowerShell module is Not Installed!"
break}
else{
write-host "Importing Active directory module";import-module activedirectory -ea 0
Get-ADGroupmember $groupname | %{get-aduser $_.samaccountname -properties cn,samaccountname,emailaddress | select cn,samaccountname,emailaddress | export-csv -notypeinformation $exportfile}
}
[/sourcecode]

Related Posts

Using my Citrix Edgesight Powershell module with A... I received a request on twitter late last night and it was an interesting one. The person in question wanted to use my current edgesight module to imp...
Move objects in active directory which have been i... This is just a quick script I was asked for assistance with recently. The person in question wanted to move all computers and users to defined ou's wh...
Enabling RDP on a server remotely. There's very little more annoying in a windows environment than having to go to a console of a server because some idiot has disabled remote administr...

3 Comments About “List Members (and email addresses) of an Active Directory group.

  1. Cosmin

    Hi,

    You can run dsget only once in order to generate the list containing username and e-mail address. You just have to use -fn and -ln parameters:

    dsget group “cn=Groupname,ou=DLs,ou=Exchange Recipients,dc=ie,dc=domain,dc=company,dc=com” -members | dsget user -fn -ln -email >> 2.txt

    If you are interseted in other parameters just use dsget user /?

    Does anyone know how to run dsget command from *.bat file?
    I tried this command…

    dsquery group -limit 0 | dsget group “CN=GroupName,OU=Groups,OU=user management,DC=dn,DC=local” -members -expand >c:GroupName.csv

    and received the following error:

    The process cannot access the file because it is being used by another process.

    I apreciate any help on this issue. Thanks!

    Reply
  2. Gepa

    I need to do the same export, however, my group membership consists of user objects as well as contact objects… How do I get the dsquery to recognize and parse both object types?

    Reply

Leave a Reply