Options

Looking for a way to export users from AD to a txt file

Repo ManRepo Man Member Posts: 300
in Off-Topic
Appreciate any help or links someone can provide.

I'm trying to find a way to export members of domain local groups which span multiple domains. I'm able to use dsquery/dsget for global groups but using the same syntax and domain local groups the exported file only shows users in the domain in which I'm a member of. Does this need to be done in powershell, do I need additional permissions or am I missing something all together?
· Share on FacebookShare on Twitter

Comments

  • Options
    EveryoneEveryone Member Posts: 1,661
    Try the Quest AD PowerShell tools... PowerShell Commands (CMDLETs) for Active Directory by Quest Software

    The "Get-QADGroupMember" command should do what you want... pipe it into an Out-File command to **** it into a text file.

    Also sounds like you need to get a better understanding of AD groups...
    Group scope: Active Directory
    www.fixtheexchange.com
    · Share on FacebookShare on Twitter
  • Options
    RobertKaucherRobertKaucher Member Posts: 4,299 ■■■■■■■■■■
    Everyone wrote: »
    Try the Quest AD PowerShell tools... PowerShell Commands (CMDLETs) for Active Directory by Quest Software

    The "Get-QADGroupMember" command should do what you want... pipe it into an Out-File command to **** it into a text file.

    Also sounds like you need to get a better understanding of AD groups...
    Group scope: Active Directory
    LEARN POWERSHELL!!!!!! ALL OF YOU!!!! I COMMAND IT!!! icon_cheers.gif

    I think what he means is that he has query accross multiple domains to find users in the domain local groups of said domains. His misunderstanding is more about how membership is stored in AD (I think).

    @OP - You will need to query accross all domains to get the groups in those domains.
    · Share on FacebookShare on Twitter
  • Options
    DevilsbaneDevilsbane Member Posts: 4,214 ■■■■■■■■□□
    Repo Man wrote: »
    Appreciate any help or links someone can provide.

    I'm trying to find a way to export members of domain local groups which span multiple domains. I'm able to use dsquery/dsget for global groups but using the same syntax and domain local groups the exported file only shows users in the domain in which I'm a member of. Does this need to be done in powershell, do I need additional permissions or am I missing something all together?

    I've never attempted this on a local group, but I've always found it to work on groups. The dsquery returns the distinguished name for the group and should be able to return users that are in another domain. I can't recall a time when I intentionally queried a domain local, but I have received results from other domains before.
    dsquery group -d company.com -name GroupName | dsget group -members -expand > Output.txt

    Substitute the name of your domain for company.com and the name of the group for GroupName. This will then output the distinguished names for each user in that group. After the command has completed, you can use notepad or word with find/replace to filter out the junk that you don't need.

    I have also piped this to another dsget -user command to return whether the accounts are enabled or disabled.
    Decide what to be and go be it.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.