2 Replies Latest reply on Sep 20, 2020 2:41 AM by Bentze Perlmutter

    How to get a list of AD Users that belong to AD Groups?

    Bentze Perlmutter
      Share This:

      Hi everyone,

       

      Has anyone written a script that can be used to get the list of AD Users that belong to AD Groups in csv/xlsx format?

      I.e.

      Now that Control-M is integrated with AD, the auditors want to get the list of all the users that belong to any AD groups that are linked to Control-M groups.

      We can get the list of AD Group names out of Control-M but are looking for a script that goes over the groups and for each gets the User IDs of the users in it, from AD.

       

      Thanks,

      Bentze

        • 1. Re: How to get a list of AD Users that belong to AD Groups?
          Haw Kor

          Bentze,

           

          This is a script that we use for the same. It fetches a list of groups that start with Control in our case and prints out each member of each group:

           

          Param (

          #full path to output file

          $outfile

           

          )

           

          $adserver = <your ad server>

           

          Write-output " "

          Write-output "Starting process at $(Get-Date)"

          Write-output "Fetching Members for domain groups"

           

           

          Get-ADGroup -Filter "Name -like 'Control*' -Server $adserver | ForEach {

           

           

              $groupName = $_.Name

              $dn = $_.DistinguishedName

             

              Get-ADGroupMember -Identity $_.SamAccountName -Recursive -Server $adserver |

                  Where {$_.objectClass -eq 'user'} |

                  

                      Get-ADUser -Server $adserver -EA SilentlyContinue |

                          Where {$_.Enabled} |

                              Select @{N='GroupName';E={$groupName}},@{N='Group DN';E={$dn}},SamAccountName, Name, DistinguishedName

           

          } | Sort GroupName,SamAccountName | Export-Csv $outfile -NoTypeInformation