Home > Active Directory, Batch Scripting, Scripting > List Members (and email addresses) of an Active Directory group.

List Members (and email addresses) of an Active Directory group.

Recently i was asked to list a: all members of an active directory group, and b: pull their primary email address, leaving me with an end report of username and primary email address.

I used dsget to pull the user information from the group, below is the command i used:

dsget group “cn=Groupname,ou=DLs,ou=Exchange Recipients,dc=ie,dc=domain,dc=company,dc=com” -members >> 1.txt

the above command enumerates the “groupname” group in an ou called dls, in an ou called exchange recipients in the domain ie.domain.company.com. if your ou or domain structure is different trim out (or add) what you need.  The -members at the end of the file will dump only the usernames in FQDN format.

Once the script is run check the current directory for a textfile called 1.txt.  This text file will contain the usernames you need in FQDN format like below:

“CN=Tom Thumb (IE),ou=Dublin,dc=ie,dc=domain,dc=company,dc=com”
“CN=Mike Hunt (IE),ou=Dublin,dc=ie,dc=domain,dc=company,dc=com”

In order to get the email address’es i decided not to try and read from the file, instead i just ran the same command again and piped the results to another dsget query.

dsget group “cn=Groupname,ou=DLs,ou=Exchange Recipients,dc=ie,dc=domain,dc=company,dc=com” -members | dsget user -email >> 2.txt

The above will pull the results we saw in 1.txt, but instead it passes it straight into another query (dsget user -email) and sends those results to a text file. 2.txt should contain the users primary email address:

tom.thumb@company.com
mike.hunt@company.ie

Now simply copy the contents on both text files into neighboring columns in excel and you have your report 🙂

Update: 13/08/2012

An old friend of mine Rob reminded me that this post existed and wondered how to do it with powershell. Luckily This is much, much easier to do with Windows Powershell!

On a server with the active directory module for powershell installed (normally a domain controller), run the following commands: (replace the group name with your own one).

 


#######Change the below values#######
$groupname = "My Group Name"
$exportfile = c:\temp\report.csv
#####################################

if (!(get-module -ListAvailable | where {$_.name -eq "ActiveDirectory1"} -ea 0)){
        write-warning "The ActiveDirectory PowerShell module is Not Installed!"
        break}
else{
        write-host "Importing Active directory module";import-module activedirectory -ea 0
        Get-ADGroupmember $groupname | %{get-aduser $_.samaccountname -properties cn,samaccountname,emailaddress | select cn,samaccountname,emailaddress | export-csv -notypeinformation $exportfile}
}
  1. Cosmin
    July 10, 2009 at 9:00 am

    Hi,

    You can run dsget only once in order to generate the list containing username and e-mail address. You just have to use -fn and -ln parameters:

    dsget group “cn=Groupname,ou=DLs,ou=Exchange Recipients,dc=ie,dc=domain,dc=company,dc=com” -members | dsget user -fn -ln -email >> 2.txt

    If you are interseted in other parameters just use dsget user /?

    Does anyone know how to run dsget command from *.bat file?
    I tried this command…

    dsquery group -limit 0 | dsget group “CN=GroupName,OU=Groups,OU=user management,DC=dn,DC=local” -members -expand >c:\GroupName.csv

    and received the following error:

    The process cannot access the file because it is being used by another process.

    I apreciate any help on this issue. Thanks!

  2. October 17, 2012 at 8:35 am

    thanks

  3. Gepa
    February 27, 2013 at 7:11 am

    I need to do the same export, however, my group membership consists of user objects as well as contact objects… How do I get the dsquery to recognize and parse both object types?

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: