I wanted to share a simple but effective PowerShell script with you. It is especially useful, if there are a lot of groups distributed in different Organizational Units. They may manage the access to file shares on your file servers and you used only Global Security groups in Active Directory for this purpose. So, we want to export all these Global Security groups in the specific OU, but also all of their members to create a huge table or matrix. You can send this table afterwards to the corresponding manager for example, so he can review the currently set permissions to the file shares.

Feel free to adapt the script or write some interesting ideas how to extend it in the comments 🙂

# Define date, output file and OU
$DateTime = Get-Date -f "yyyy-MM-dd_hh-mm" 
$OutputFile = "C:\scripts\" + $DateTime + "-ADGroupsAndMembers.csv"
$TargetOU = "OU=<SubUnit>,OU=<MainUnit>,DC=<domainName>,DC=com"

# Check OU and set filter for Global Security Groups
$Groups = Get-ADGroup -SearchBase $TargetOU -filter {GroupCategory -eq "Security" -and GroupScope -ne "DomainLocal"}

$Table = @()

$Record = @{
"Group Name" = ""
"Name" = ""
"Username" = ""

Foreach ($Group in $Groups) {
    $Arrayofmembers = Get-ADGroupMember -identity $Group -recursive | Select-Object name,samaccountname
        foreach ($Member in $Arrayofmembers) {
            $Record."Group Name" = $Group
            $Record."Name" = $
            $Record."UserName" = $Member.samaccountname
            $objRecord = New-Object PSObject -property $Record
            $Table += $objrecord

$Table | Sort-Object Name | Export-Csv $OutputFile -NoTypeInformation -Encoding UTF8


Please enter your comment!
Please enter your name here