Skip to main content

PowerShell to get all users in a specified Active Directory group.

function Get-ADGroupMembers {
        Return all group members for specified groups.

        Active Directory

        Return all group members for specified groups.   Requires .NET 3.5, does not require RSAT

    .PARAMETER Group
        One or more Security Groups to enumerate

    .PARAMETER Recurse
        Whether to recurse groups.  Note that subgroups are NOT returned if this is true, only user accounts

        Default value is $True

        #Get all group members in Domain Admins or nested subgroups, only include samaccountname property
        Get-ADGroupMembers "Domain Admins" | Select-Object -ExpandProperty samaccountname

        #Get members for objects returned by Get-ADGroupMembers
        Get-ADGroupMembers -group "Domain Admins" | Get-Member
        [Parameter(Position=0, ValueFromPipeline=$true)]
            [string[]]$group = 'Domain Admins',

            [bool]$Recurse = $true

    Begin {
        #Add the .net type
            $type = 'System.DirectoryServices.AccountManagement'
                Add-Type -AssemblyName $type -ErrorAction Stop
            Catch {
                Throw "Could not load $type`: Confirm .NET 3.5 or later is installed"

        #set up context type
        # use the 'Machine' ContextType if you want to retrieve local group members
            $ct = [System.DirectoryServices.AccountManagement.ContextType]::Domain

    Process {
        #List group members
            foreach($GroupName in $group){
                Try {
                    $grp = [System.DirectoryServices.AccountManagement.GroupPrincipal]::FindByIdentity($ct,$GroupName)

                    #display results or warn if no results
                            Write-Warning "Could not find group '$GroupName'"
                Catch {
                    Write-Error "Could not obtain members for $GroupName`: $_"
            $ct = $grp = $null