PowerTip: Use a PowerShell Cmdlet to Find Group Membership

Summary: Learn how to use a Windows PowerShell cmdlet to find group membership.

Hey, Scripting Guy! Question I want to use Windows PowerShell to find all members of a particular group in Active Directory. I would like to do this even if the membership is through other groups (indirect). What can I do?

Hey, Scripting Guy! Answer Use the Get-ADGroupMember cmdlet from the ActiveDirectory module with the –Recursive parameter. The following illustrates this technique.

Get-ADGroupMember -Identity 'Domain Admins' -Recursive

  1. mredwilson says:

    @Pankush You can do the following: Get-ADUser -Identity myusername -Properties memberof

  2. Anonymous says:

    What if you want to find all groups with a specific group member?

  3. Pankush says:

    Hi guys,

    how do i find which group does a user belong to? Recursively.

  4. Pankush says:

    Thanks IamMred.

    yes, that can be used, but that would not be recursive. This list would not give me the membership of any "next level groups" that these groups belong to. Please let me know if i am wrong in saying that.

    For e.g. UserA belongs to a group called XYZ. The XYZ group may further belong to another group ABC. and that ABC might further belong to other groups. How can we get that complete chain?

  5. David says:


    Get-ADAccountAuthorizationGroup -identity <accountname>

    This provides security group memberships recursively for the account.

  6. Mohammed Shareef says:

    Hi Guys,

    Iam new to powershall, i Wanted to know how to pull list of users from a groups.

  7. MiPo says:

    But what todo, if I want to know in which groups is a user member of direct and also indirect.
    For example:
    User Teddy is a group member of ADGroup Bears, an this ADGroup Bears is a group member of the ADGroup wildlife.
    Now I´m looking for a way to show me that user Teddy is group member of ADGroup bears and also group member of ADGroup wildlife (indirect).

  8. Venkatesh says:

    "Get-ADGroupMember -server Server1 -identity “Administrators” -recursive | get-aduser -Properties * |select givenname,surname,samaccountname,mail,Enabled,UserPrincipalName |export-csv -path c:out.csv -NoTypeInformation" This command not pulling Universe
    group members user details and getting "Get-ADUser : A referral was returned from the server" error. Any one can help me.

  9. Adzm says:

    How about getting all the groups that of all computers under a whole OU in AD?

