01 December, 2010

Using PowerShell to Export a List of all the Users in a Security Group in Active Directory


PowerShell is known with its power of Active Directory management. If you really into simplifying your daily complicated time consuming tasks, this might be very interesting for you. Lately, for a small project I needed to make a list of all the users in a “Security Group” in Active Directory. The security group is called “Color Printing” and we had about 20 users in that “Security Group”. I did not want to write down all the names one by one in a excel sheet so I’ve started to make a research about how to export the list of users in security group. I know that when your users are only in an “Organization Unit”, it’s very easy to do this task, but when it’s a security group, you don’t have the “Export” option.
Here what I found to complete a task of this kind! You can download free cmdlets from http://www.quest.com/powershell/activeroles-server.aspx for “Active Directory” management tasks. Once the right setup is downloaded and installed in your computer (in my case X64 version because I use an X64 computer). You can open “PowerShell” and add the snapin into PowerShell.
1- Open PowerShell and type in “Add-PSSnapin Quest.ActiveRoles.ADManagement” without quotes.
2- Now you can try to run a cmdlet to try if your snapin is installed correctly. To try, type in the command “get-help get-qaduser
If you get the help description, which means that the snapin is installed with no problem. If you close your PowerShell and re-open it, you will notice that the snapin that you added before is no longer available. If you want that snapin to be available all the time when you start your PowerShell, you have to do the following instructions…
1- Open PowerShell and type in “new-item -itemtype file -path $profile -force" without quotes.
2- This should create a folder called "WindowsPowerShell" under "C:\Users\%username%\My Documents\" with a file called "Microsoft.PowerShell_profile.ps1"
3- Right click on the file “Microsoft.PowerShell_profile.ps1” and open it with Notepad or any text editor and add your commands that you want them start with your PowerShell! In our case, we will only enter the following command and save the file as it is.
Add-PSSnapin Quest.ActiveRoles.ADManagement
4- Restart your PowerShell and try the “get-help get-qaduser” command to see if your snapin is loaded when you start your PowerShell.
Now that we have everything that we need in order to complete our task, let’s begin…
To export a list of all users in a Security Group in your Active Directory environment, follow the instructions here…
1- Open your PowerShell, and use the following command to export the list. You should modify the command with your organization’s values.
Get-QADGroupMember “Color Printing” | Export-CSV -path “C:\colorprinting.csv” -notypeinformation
This command will generate a list of all the members of the “Color Printing” security group in your Active Directory in “C:\colorprinting.csv” file.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.