Estimated reading time: 4 minutes
Managing Active Directory (AD) security groups is a core task for administrators. This PowerShell script provides a user-friendly way to browse AD security groups, display additional options, and export group details to a file. Before using the script, make sure you have the necessary prerequisites in place.
Prerequisites
To successfully run this script, ensure the following prerequisites are met:
- Active Directory Module for Windows PowerShell:
- The
Get-ADGroup
cmdlet is part of the Active Directory module. Install it by:- Windows Server: Install the Active Directory Domain Services (AD DS) role to automatically include the PowerShell module.
- Windows 10/11 or other client OS: Install the Remote Server Administration Tools (RSAT) for Active Directory. On recent versions, you can install RSAT with PowerShell by running:
- The
Add-WindowsFeature -Name RSAT-AD-PowerShell
- Ensure you have network access to the Active Directory domain.
- Permissions:
- You need to have read access to the Active Directory domain to view groups. Typically, standard user accounts can read AD objects, but limited-access environments may require elevated privileges.
- PowerShell Version:
- The script requires PowerShell 5.1 or later for compatibility with the
Out-GridView
cmdlet, which displays a graphical dialog to select groups. Note thatOut-GridView
is only available on Windows with the full GUI version of PowerShell.
- The script requires PowerShell 5.1 or later for compatibility with the
- Graphical User Interface:
- The script uses
Out-GridView
, which requires a graphical user interface (GUI) environment. It will not work on Windows Server Core installations or non-GUI Windows environments.
- The script uses
PowerShell Script for Browsing and Exporting AD Security Groups
Below is the full PowerShell script. Copy and paste it into PowerShell to run it.
# Function to browse for an Active Directory security group
function Browse-ADSecurityGroup {
param (
[string]$Domain
)
# Set the default domain if not provided
if (-not $Domain) {
$Domain = $env:USERDNSDOMAIN
}
# Display a dialog box to select an Active Directory group
$selectedGroup = Get-ADGroup -Filter * -Server $Domain | Out-GridView -Title "Select an AD Security Group" -PassThru
# Check if a group is selected
if ($selectedGroup) {
$selectedGroup | Format-Table -AutoSize
# Display a menu for additional actions
$menuOptions = @{
'1' = 'Export selected data'
'2' = 'Exit'
}
$choice = Show-Menu -Title 'Menu' -Options $menuOptions
# Perform action based on the user's choice
switch ($choice) {
'1' {
Export-SelectedData -Data $selectedGroup
}
'2' {
Write-Host "Exiting..."
}
}
} else {
Write-Host "No group selected."
}
}
# Function to display a menu
function Show-Menu {
param (
[string]$Title,
[hashtable]$Options
)
Write-Host "`n$Title`n"
foreach ($key in $Options.Keys) {
Write-Host "$key. $($Options[$key])"
}
do {
$choice = Read-Host "Enter choice"
} while (-not $Options.ContainsKey($choice))
return $choice
}
# Function to export selected data
function Export-SelectedData {
param (
[object]$Data
)
$exportPath = Join-Path -Path $env:TEMP -ChildPath "SelectedADGroup.txt"
$Data | Select-Object Name, DistinguishedName | Out-File -FilePath $exportPath -Force
Write-Host "Selected data exported to: $exportPath"
}
# Prompt for the domain to search
$selectedDomain = Read-Host -Prompt "Enter the domain to search (press Enter for the current domain)"
# Call the function with the selected domain
Browse-ADSecurityGroup -Domain $selectedDomain
Script Explanation
- Browse-ADSecurityGroup: This function allows you to browse for an AD security group by displaying a list of groups in a graphical dialog box. Once you select a group, it presents options for additional actions.
- Show-Menu: This function displays a simple menu with options, such as exporting the selected group’s data or exiting the script.
- Export-SelectedData: This function exports the selected group’s information (like
Name
andDistinguishedName
) to a text file in the temp folder. - Domain Selection: The script prompts you to specify the domain. If left blank, it defaults to the current domain.
How to Use This Script
- Run PowerShell as Administrator (if necessary for AD access).
- Copy and paste the script into your PowerShell console.
- Specify the domain you wish to search (or press Enter to use the default).
- Select a group from the dialog box.
- Choose an action from the menu to either export the selected data or exit.
Exported Data Location
The selected data is saved to a file called SelectedADGroup.txt in the temporary directory (usually C:\Users\YourUsername\AppData\Local\Temp
). The file includes the Name
and DistinguishedName
of the selected group.
Conclusion
This script is a useful tool for AD administrators who need a quick way to browse, view, and export security group information from Active Directory. With simple adjustments, you can modify the functions to include more group attributes or additional actions.
Let us know if you have any questions or if you’d like further customization!
Share this content: