How to Export Active Directory Group Members via PowerShell

Introduction

If you manage Active Directory (AD), you’ve probably been asked more than once: “Which groups is this user a part of?” or “Can you give me a list of everyone in this group?” While GUI tools exist, nothing beats the power and precision of PowerShell. In this guide, we’ll walk through practical scripts to fetch group memberships and user details—perfect for IT admins and helpdesk teams.

Why Group Membership Information Matters

Group memberships in AD directly control access to resources—files, folders, applications, and even cloud services via Azure AD sync. Understanding and documenting this information is key for:

Security audits
User onboarding/offboarding
Compliance requirements
Troubleshooting access issues

PowerShell to the Rescue

PowerShell offers native cmdlets like Get-ADGroupMember, Get-ADUser, and Get-ADPrincipalGroupMembership that allow easy and powerful querying of group data.

Before using these scripts, make sure you have the ActiveDirectory module imported:

Import-Module ActiveDirectory

Script 1: Export All Members of a Specific AD Group

Get-ADGroupMember -Identity "ADGroupName" |
Select-Object Name, ObjectClass, DistinguishedName |
Export-CSV -Path "C:\Users\Desktop\ADGroupMembers.csv"

Explanation:

Get-ADGroupMember: Gets members of the specified group.
Select-Object: Filters to only include name, type (user/computer), and full AD path.
Export-CSV: Saves the result as a .CSV file.

Output Example:

Name	ObjectClass	DistinguishedName
John Smith	user	CN=John Smith,OU=Sales,DC=domain
AdminServer1	computer	CN=AdminServer1,OU=Servers,DC=domain

Script 2: Export All Groups a User Belongs To

Get-ADPrincipalGroupMembership "username" |
Select Name, GroupScope |
Export-CSV -Path "C:\Users\Desktop\AllADGroups.csv"

Explanation:

Get-ADPrincipalGroupMembership: Lists all groups (including nested) a user belongs to.
GroupScope: Shows whether the group is Global, DomainLocal, or Universal.

Output Example:

Name	GroupScope
Domain Admins	Global
HR Shared Folder Users	DomainLocal

Script 3: Detailed Member Info of an AD Group

Get-ADGroup "ADGroupName" -Properties * |
Select-Object -ExpandProperty Member |
Get-ADUser -Properties * |
Select-Object SamAccountName, Name, UserPrincipalName, Mail |
Export-Csv -NoTypeInformation -Append "C:\Users\Desktop\ADGroupMembersWithAdditionalDetails.csv"

Explanation:

Expands group members and fetches user properties in depth.
SamAccountName: Login ID.
UserPrincipalName: Usually the email-style login.

Output Example:

SamAccountName	Name	UserPrincipalName	Mail
jsmith	John Smith	jsmith@domain.com	jsmith@domain.com

Script 4: User’s Groups with ManagedBy, Description, Notes & OU

Get-ADPrincipalGroupMembership "username" |
Get-ADGroup -Properties Info, Description, ManagedBy, DistinguishedName |
Select Name, Info, Description, ManagedBy, DistinguishedName |
Export-CSV -Path "C:\Users\Desktop\ADGroupMembersWithAdditionalDetails.csv"

Explanation:

Adds extra metadata: Notes (Info), Description, and Organizational Unit (OU).
Good for audits and clarity on ownership.

Output Example:

Name	Info	Description	ManagedBy	DistinguishedName
FinanceUsersGroup	Payroll	Finance Team	CN=Manager Name	CN=FinanceUsersGroup,OU=Groups,DC=…

Script 5: Enhanced Script with Error Handling & Formatted Output

$Username = "username"

$user = Get-ADUser -Filter "SamAccountName -eq '$Username'" -ErrorAction SilentlyContinue

if ($user) {
    $user | Get-ADPrincipalGroupMembership |
    Get-ADGroup -Properties Info, Description, ManagedBy, DistinguishedName |
    ForEach-Object {
        $manager = if ($_.ManagedBy) {
            (Get-ADUser -Identity $_.ManagedBy).Name
        } else {
            'Not set'
        }

        [PsCustomObject]@{
            Name        = $_.Name
            Description = $_.Description
            ManagedBy   = $manager
            Notes       = $_.Info
            DistinguishedName = $_.DistinguishedName
        }
    } | Export-Csv -Path (Join-Path -Path 'C:\Users\Desktop\' -ChildPath ("{0:yyyy-MM-dd}-{1}.csv" -f (Get-Date), $user.Name)) -NoTypeInformation
} else {
    Write-Warning "User '$Username' not found."
}

Why this version is better:

Checks if the user exists before proceeding.
Fetches the human-readable name of the ManagedBy property.
Adds timestamps to exported files for clarity.

Sample Output File Name

2025-06-24-JohnSmith.csv

Output Preview:

Name	Description	ManagedBy	Notes	DistinguishedName
FinanceGroup	Finance Team	Alice Johnson	Finance	CN=FinanceGroup,OU=Groups,DC=domain,DC=com

Final Thoughts

These PowerShell scripts not only simplify your AD group management tasks but also improve visibility and traceability across your organization. Whether you’re a system admin, security analyst, or auditor, exporting accurate AD group data is crucial.

Stay tuned for more advanced PowerShell automation tips and feel free to bookmark this blog if you found it helpful.

Don’t forget to share or comment below if these scripts saved you time!