In this article I will discuss how I use the Get-ADGroupMember cmdlet to get a list of Active Directory Group members and dump it to a csv file. You will need to have the Active Directory Module for PowerShell installed to use this cmdlet. Once you have the Active Directory Module for PowerShell installed you can open PowerShell as Administrator and type the following to import the module (module will be imported automatically when executing the “Get-ADGroupMember” cmdlet in PowerShell 3.0)
Step 1: “Import-Module ActiveDirectory”
After you import the AD module type the following changing the identity to reflect your group name and the path to export group members to a csv file in that directory:
Step 2: Get-ADGroupMember -identity “Name of Group” | select name | Export-csv -path C:\Output\Groupmembers.csv -NoTypeInformation
You should now have a list of members by display name in a csv file located at C:\Output\Groupmembers.csv. If you wanted to list out the users by samaccountname you could just change out “name” after the select statement with “samaccountname”.
Now lets say you are using nested groups. You will notice that your list will reflect the nested group name and no the members of the nested group. All you need to do in this case is add the -recursive parameter to enumerate all the nested group members and add them to the list. This would look as follows:
Step 3 : Get-ADGroupMember -identity “Name of Group” -recursive | select name | Export-csv -path C:\Output\Groupmembers.csv -NoTypeInformation
I hope this helps. If you have any questions or feedback please leave a comment.
Top 20 Active Directory Interview Questions and Answers
Q1: What is Active Directory?
Ans: Active Directory is database services which contains all the information of Objective such as Users, Computers, OU, Printers and so on. It’s enable Authentication and Authorization for Client in domain. It used to manage Centralized security in network.
Q2: What is the location to store Active Directory file?
Ans: %Systemroot%/NDTS/ntds.dit or C:/Windows/ NDTS/ntds.dit Q3: What is file name in which Active Directory file store?
Ans: Ntds.dit
Q4: Which protocol is used by Active directory?
Ans: LDAP
Q5: How many partition in Active Directory?
Ans: Schema Partition, Domain Partition, Configuration Partition and Application Partition.
Q6: How to check FSMO Role in window server operating System?
Ans: Netdom query
Q7: How many file are create in NTDS folder? Brief describe about these.
Ans: Ntds.dit : The Active Directory database.
Edb.chk : The checkpoint file.
Edb*.log : The transaction logs; each 10 megabytes (MB) in size.
Res1.log and Res2.log : Reserved transaction logs.
Q8: What is the Sysvol folder?
Ans: Sysvol stand for System volume. It contains all information and share folder copy of domain and also Group Policy security.
Q9: what is the logical/physical structure of AD environment?
Ans: Physical Structure: Domain Controller and Site.
Logical Structure: Domain, Tree, Forest and Organization Unit.
Q10: How to take backup of Active Directory?
Ans: System State data where all the Active Directory file and information store. Utility for backup Ntbackup and wbadmin
Q11: What is Stand for DC, CDC, ADC and RODC?
Ans: DC Stand for Domain controller.
CDC stand for Child domain controller
ADC stand for Additional domain controller
RODC stand for Read only domain controller.
Q12: What is object and example of distinguished name?
Ans: Objects are located within Active Directory domains according to a hierarchical path, which includes the labels of the Active Directory domain name and each level of container objects. The full path to the object is defined by the distinguished name (also known as a "DN"). The name of the object itself, separate from the path to the object, is defined by the relative distinguished name.
Example: CN=Smith,OU=Sales,DC=ABC,DC=COM
Q13: What is OU?
Ans: OU stand for Organization Unit. It is collection of users and group and it give us platform to apply group policy security on users and group in OU.
Q14: Why do we create OU?
Ans: OU stand for Organization Unit, It helps to mange user and group of user according to department and give us platform to apply group policy security.
Q15: What is domain?
Ans: Domain is collection of users, group, computers, printers and so on in a network. These objects share a common directory database, security policies, and security relationships with other domains. After install Active Directory domain service for using centralized security in a domain on objects.
Q16: What is distinguish between Domain and Domain controller?
Ans: Domain: Domain is collection of users, group, computers, printers and so on in a network. These objects share a common directory database, security policies, and security relationships with other domains.
Domain Controller: It is used to denote a computer within the domain that controls the rest of the computers in the domain. From the domain controller, a network administrator can access networked computers, create or delete accounts, or manage privileges and security.
Q17: What is Forest?
Ans: Forest is a collection of Tree in domain that share a common global catalog, directory schema, logical structure and directory configuration. At the top forest represents the security boundary within user, group and other object are accessible.
Q18: What is Tree?
Ans: Tree is Collection of Domain which use contiguous name hierarchal in Domain (such as abc.com>it.abc.com>South.it.abc.com).
Q19: What is different between Role transfer and Seizing?
Ans: When Primary Domain controller (DC) server is going into maintain task and another servicing then FSMO role transfer task perform with Domain Controller (DC) and Additional Domain Controller (ADC) whereas Domain Controller(DC) dead and it’s not usable for future in that case Seize task perform on Additional Domain Controller (ADC) to become Domain Controller (DC) .
Q20: How to recover deleted Active directory users?
Ans: In Window server 2012: Open Run and type “dsac.exe” then new wizard open Active Directory Administrative Center then click on Domain name(like abc.com) and then go to OU then you see deleted user now recover that. In window server 2008: LDP used to recover deleted active directory user.
How to backup of system state on domain controller?
Please follow step by step to take backup of system state on domain controller:
Log on to the domain controller by using an account that has Domain Admins, local Administrator, or Backup Operator credentials.
Start the Windows NT Backup Wizard by choosing one of the following options:
Open a command prompt, type ntbackup and press ENTER.
Click Start, point to Programs, then point to Accessories, then point to System Tools, and then click Backup.
Click the Backup Wizard button, and then click Next.
Select Only back up the system state data.
In the Where to Store the Backup box, select the Backup Media Type by choosing one of the following options:
Choose File if you want to back up to a file. If you do not have a tape backup unit installed, File is selected automatically.
Choose a tape device if you want to back up to tape.
In the Backup Media or File Name box, choose one of the following options:
If you are backing up to a file, type a path and file name for the backup (.bkf) file, or click the Browse button to find a folder or file. If the destination folder or file does not exist, the system creates it.
If you are backing up to a tape unit, choose the tape that you want to use.
After you click Next, the Completing the Backup Wizard screen appears. This screen summarizes the options selected for this backup job. Verify that Prompt to replace data is listed in the How category. If it is not, click the Advanced button, click Next until you reach the Media Options screen, and then select Replace the data on the media with this backup.
Complete the remaining wizard screens, and click Finish to begin the backup operation. When a Replace Data dialog box appears, click Yes to overwrite the existing backup on this tape or file path with this backup. A progres
How to uninstall Active Directory Domain Service from Windows Server?
Firstly open Run wizard so press “Ctrl+R” button on keyboard otherwise press window button and then type Run on search bar and the press Enter.
Type dcpromo or dcpromo /forcefully in Run wizard and then press Enter button
Active Directory Installation wizard will be shown on your Desktop screen and then click Next at welcome screen.
Delete the domain because this server is the last domain controller in the domain check mark will be displayed on your screen so don’t check on that option and click on Next
Application Directory Partitions and Applications create these directory partitions to store and replicate data will be displayed on your screen and the click on Next
Confirm Deletion Removing Active Directory Domain Services will delete all application partitions from this active directory domain controller. Check mark on deletion wizard and press Next
Window security wizard open on your screen put user name and password and then ok
Confirm password and then summary wizard open so verify all the information is correct and then click Next
Now uninstall wizard proceeds to uninstall Active Directory and click on Finish to close wizard.
Click on Restart and Window Restart …….
Now you have successfully uninstalled Active Directory.
