Gets one or more Active Directory groups.



Example: Get a group by SAM account name

Get-ADGroup -Identity Administrators


Example: Get a group and filter the results

Get-ADGroup -Filter 'GroupCategory -eq "Security" -and GroupScope -ne "DomainLocal"'


Example: Groups created in the last two days, including all attributes

$Days = (Get-Date).AddDays(-2)

Get-ADGroup -Filter {WhenCreated -ge $Days} -Properties * | Select-Object * | Sort-Object -Property Name


Example: Export the AD groups created in the last two days to a CSV file

$Days = (Get-Date).AddDays(-2)

$Timestamp = Get-Date -Format "yyyyMMdd_HHmmss"


# GET THE CURRENT DIRECTORY WHERE THE SCRIPT IS RUNNING

$ScriptPath = Get-Location

$ExportPath = "$ScriptPath\ADGroups_Created_$Timestamp.csv"  # USE THE SCRIPT'S DIRECTORY


# DEFINE THE PROPERTIES TO INCLUDE

$Properties = @(

    "Name"

    "SamAccountName"

    "Description"

    "WhenCreated"

    "WhenChanged"

    "DistinguishedName"

    "Description"

    "GroupCategory"

    "GroupScope"

    "info"

    "ManagedBy"            # EXAMPLE OF BUILT-IN ATTRIBUTE

    "ExtensionAttribute1"  # EXAMPLE OF A CUSTOM ATTRIBUTE

    "CustomAttributeX"     # Replace with actual custom attribute name

    #"ObjectGUID"          # EXAMPLE OF EXCLUSION, JUST COMMENT IT OUT

)


# GET AD GROUPS, SORT BY NAME, AND EXPORT TO CSV IN ONE PIPELINE

Get-ADGroup -Filter { WhenCreated -ge $Days } -Properties $Properties | Sort-Object Name | Select-Object $Properties | Export-Csv -Path $ExportPath -NoTypeInformation -Encoding UTF8


Write-Host "Export completed: $ExportPath"



Gets the members of an Active Directory group.


Example: Get all Administrators group members

Get-ADGroupMember -Identity Administrators


Example: Get members of a group including the members of child groups

Get-ADGroupMember -Identity "Enterprise Admins" -Recursive


-Recursive

Specifies that the cmdlet get all members in the hierarchy of a group that do not contain child objects.

If the specified group does not have any members, then nothing is returned.



Gets the Active Directory groups that have a specified user, computer, group, or service account.


Example: Get group memberships for the user account (Administrator)

Get-ADPrincipalGroupMembership -Identity Administrator


Example: Get group memberships for the computer account (DC001$)

Get-ADPrincipalGroupMembership -Identity Administrator