PowerShell Get-ADGroup to List Active Directory Groups

Get Active Directory Groups using Lepide AD Auditor
4 min read | Published On - January 11, 2024
In This Article

Using Groups in your Active Directory (AD) can help you to keep your Active Directory organized and help you to work more efficiently. You can assign permissions or licenses to multiple users via an AD Group rather than having to assign them to individual users which makes network maintenance and administration easier by allowing the group to be managed as a single object.

Get-ADGroup

In PowerShell, the Get-ADGroup cmdlet enables you to search Active Directory for single or multiple groups. This is useful if you need to list all the groups in your Active Directory or you can use it to just find the location of one particular group that is hiding somewhere in an Organization Unit (OU).

The Get-ADGroup filter parameter allows you to search for a list of specific groups such as all global, universal, or domain local groups. You can also search Active Directory for groups by name or list all groups.

The Get-ADGroup cmdlet searches for some of the default properties of a group but to search for specific properties, use the Properties parameter.

The Syntax of Get-ADGroup cmdlet

The syntax of the cmdlet is as follows:

Get-ADGroup [-AuthType ] [-Credential ] [-Identity] -Filter -LDAPFilter [-Properties ]

The following parameters can be used with Get-ADGroup:

  • Identity: Use this to find a group based on the group name. This will return only a single group
  • Filter: Use this to retrieve multiple groups based on a filter query
  • LDAPFilter: Use a LDAP query string to filter the group objects
  • SearchBase: Specify the Active Directory path (OU) to search in
  • SearchScope: Specify how deep you want to search (base level, one level, or complete subtree)

The most common way to get a group is by using the identity parameter. But to do this, you will need to know the name of the group. It will return a single group with the most important properties:

Get-ADGroup -identity Asia Marketing

The above command gets the group with the SAM account name of Asia Marketing

How to Use Get-ADGroup cmdlet

Use the following example to get a single group by its distinguished name. Make sure that the path is in quotes or you will get an error:

Get-ADGroup -Filter 'GroupCategory -eq "Security" -and GroupScope -ne "DomainLocal"'

Get-ADGroup cmdlet syntax

To get all domain groups:
Get-ADGroup -filter *

To get all groups and display the group name, groupscope, and objectclass:
Get-ADGroup -filter * | select Name, groupscope, objectclass

To get all groups that start with Acc in the name:
Get-ADGroup -filter "Name -like 'Acc*'"

To get all groups from a specific OU and display the group name and distinguishedName:
Get-ADGroup -filter * -SearchBase "OU=ADPRO Groups,DC=ad,DC=activedirectorypro,DC=com" | select name, distinguishedName

To get all security groups and display the group name and GroupCategory:
Get-ADGroup -filter "GroupCategory -eq 'Security'" | select name, GroupCategory

To display all of the group properties add the -properties * option:
Get-ADGroup -identity Administrators -Properties *

To get groups by name using a wildcard search:
Get-ADGroup -Filter 'Name -like "*acc*" -or Name -like "*mar*"' | select name

By default, the Get-ADGroup command will only display the following eight group properties:

  • ­DistinguishedName
  • ­GroupCategory
  • ­GroupScope
  • ­Name
  • ­ObjectClass
  • ­ObjectGUID
  • SamAccountName
  • ­SID

How Lepide Helps

This method of finding group members using PowerShell is time-consuming and requires a good knowledge of PowerShell scripting. In addition, the results returned using this method are in a format that’s very hard to read and difficult to analyze.

A more straightforward approach is to use Lepide Auditor for Active Directory. The All Groups Report can be run to show all Active Directory groups:

Lepide AD Groups

To run this report:

  • Click the User & Entity Behavior Analytics icon and select the All Groups Report from the Active Directory Reports
  • Click Generate Report to run the report
  • The report can be filtered to report on a particular Group Name and can be grouped to list all members by their group
  • The report can be saved and exported to CSV, PDF or MHT format

Get Active Directory Groups using Lepide AD Auditor