Looking for a way to export users from AD to a txt file

Appreciate any help or links someone can provide.

I'm trying to find a way to export members of domain local groups which span multiple domains. I'm able to use dsquery/dsget for global groups but using the same syntax and domain local groups the exported file only shows users in the domain in which I'm a member of. Does this need to be done in powershell, do I need additional permissions or am I missing something all together?

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

Everyone

Try the Quest AD PowerShell tools... PowerShell Commands (CMDLETs) for Active Directory by Quest Software

The "Get-QADGroupMember" command should do what you want... pipe it into an Out-File command to **** it into a text file.

Also sounds like you need to get a better understanding of AD groups...
Group scope: Active Directory

RobertKaucher

Everyone wrote: »

Try the Quest AD PowerShell tools... PowerShell Commands (CMDLETs) for Active Directory by Quest Software

The "Get-QADGroupMember" command should do what you want... pipe it into an Out-File command to **** it into a text file.

Also sounds like you need to get a better understanding of AD groups...
Group scope: Active Directory

LEARN POWERSHELL!!!!!! ALL OF YOU!!!! I COMMAND IT!!!

I think what he means is that he has query accross multiple domains to find users in the domain local groups of said domains. His misunderstanding is more about how membership is stored in AD (I think).

@OP - You will need to query accross all domains to get the groups in those domains.

Devilsbane

Repo Man wrote: »

Appreciate any help or links someone can provide.

I'm trying to find a way to export members of domain local groups which span multiple domains. I'm able to use dsquery/dsget for global groups but using the same syntax and domain local groups the exported file only shows users in the domain in which I'm a member of. Does this need to be done in powershell, do I need additional permissions or am I missing something all together?

I've never attempted this on a local group, but I've always found it to work on groups. The dsquery returns the distinguished name for the group and should be able to return users that are in another domain. I can't recall a time when I intentionally queried a domain local, but I have received results from other domains before.

dsquery group -d company.com -name GroupName | dsget group -members -expand > Output.txt

Substitute the name of your domain for company.com and the name of the group for GroupName. This will then output the distinguished names for each user in that group. After the command has completed, you can use notepad or word with find/replace to filter out the junk that you don't need.

I have also piped this to another dsget -user command to return whether the accounts are enabled or disabled.