How can I list all members from AD group showing enable and disabled users?

Question

I'm trying get a list of all members from a AD Group showing active \ inactive users. The purpose is get all the members on the groups and list the ones with Admin privileges.

I did the following commands:

$GROUPNAME = "Domain Admins" 
Get-ADGroupMember -identity $GROUPNAME -Recursive | Select name, SamAccountName, objectclass | Sort-Object Name

Tried to combine with Get-ADUser -Filter {Enabled -eq $false} but I need the first cmdlet to output for me Users, so I can filter with Get-ADuser.

Tks in advance

Marlon · Accepted Answer · 2017-11-28T23:48:08.453

Did this way:

$groupname = "Domain Admins"
$users = Get-ADGroupMember -Identity $groupname | ? {$_.objectclass -eq "user"}
foreach ($activeusers in $users) { Get-ADUser -Identity $activeusers | ? {$_.enabled -eq $true} | select Name, SamAccountName, UserPrincipalName, Enabled }

If you want disabled just replace last cmdlet:

foreach ($activeusers in $users) { Get-ADUser -Identity $activeusers | ? {$_.enabled -eq $false} | select Name, SamAccountName, UserPrincipalName, Enabled }

score 1 · Answer 2 · answered Jan 12 '21 at 01:43

using Marlon's answer above. if you want to output it as a list to text or CSV you can do this:

$groupname = "Domain Admins"
$users = Get-ADGroupMember -Identity $groupname | ? {$_.objectclass -eq "user"}
$result = @()
foreach ($activeusers in $users) { $result += (Get-ADUser -Identity $activeusers | ? {$_.enabled -eq $true} | select Name, SamAccountName, UserPrincipalName, Enabled) }
$result | Export-CSV  -NoTypeInformation .\active_domain_admins.csv

you can switch the last line to this, if you just want output to a text file:

$result | Out-File .\active_domain_admins.txt

score 1 · Answer 3 · edited Dec 01 '22 at 17:44

1

Are you looking for something like this?

$GrpName = '[Group Name]'
$ExportPath = 'C:\\Temp\\' + $GrpName + '-GroupMembers.csv'
$Grp = Get-ADGroup $GrpName | Get-ADGroupMember -Recursive | Get-ADUser -Properties Name,Mail,Enabled  | Select-Object Name,Mail,Enabled | Where-Object {$_.Enabled -eq $True}
$Grp.Count
$Grp | Export-Csv -NoType $ExportPath

edited Dec 01 '22 at 17:44

Toto

19,304

answered Dec 01 '22 at 16:53

Chris

11

score 1 · Answer 4 · answered Oct 16 '23 at 08:07

1

My "oneliner". Thanks for answers above.

$GROUPNAME = "Domain Admins" 
Get-ADGroupMember $GROUPNAME | Get-ADUser | Where-Object -Property enabled -eq $true | select name

answered Oct 16 '23 at 08:07

Aleksandr Kharkovskiy

11

How can I list all members from AD group showing enable and disabled users?

4 Answers4