Get the Members of all Security Groups in Active Directory w/ PowerShell

Update 4 May 2017:

I’ve been contacted by a few people that were having trouble running the code in the Get-GroupMember function. I have replicated the error on one of my DCs but another DC in a different domain the Get-GroupMember function works fine. I’m still not entirely sure why the code works for some but not other. Anyway, I’ve posted an alternate solution below. If anyone knows why the Get-GroupMember function doesn’t always work please let me know.



Have you ever taken over Active Directory Administration duties at an organization that has a fully functional AD architecture? In some cases this is great, just set down in the seat and watch it all work as normal. However, at some point in time, you will need to know what users have what access to what resources, what users are Domain Admins etc…

In a smaller organizational this may not be such a daunting task, simply clicking through ADUC might suffice. In larger organizational with 100’s and users and maybe 100’s of groups, clicking through ADUC is not going to cut it.

Using some PowerShell magic this task is pretty easy no matter what the size of Active Directory, the code and video below will walk you through the process.

Caution: In a large Active Directory environment this script could put a significant workload on Servers. USE AT YOUR OWN RISK.


1 Comment

  1. Mike Adams | | Reply

    I am new to powershell. I put in the script that you wrote for the get members of all AD groups with powershell.
    I put this script into my powershell window and it did not do anything, no errrors, nothing.
    Did I need to make any changes?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.