I was challenged at work today to determine  the number of users in an Active Directory group. I figured the best way was to break out PowerShell and see what I could find (I'm sorry but I'm learning PowerShell so things are going to be very PowerShell centered for a while :-)). I found that in the ActiveDirectory PowerShell module (see http://www.mikepfeiffer.net/2010/01/how-to-install-the-active-directory-module-for-windows-powershell/ for instructions on how to install this) the Get-ADUser cmdlet works really well for running basic searches in AD.

The first step is to import the module:

Import-Module ActiveDirectory

Then you can run a search on the user information you want for example this returns the count of all users in a group:

(get-aduser -filter {memberof -recursivematch "CN=Group,OU=Users,DC=contoso,DC=local"}).count

This returns the count of all group members who have an expiration date:

(get-aduser -properties AccountExpirationDate -filter {memberof -recursivematch "CN=Group,OU=Users,DC=contoso,DC=local"} | where {$_.AccountExpirationDate -ne $null}).count

The cool things about the get-aduser cmdlet is that it automatically pulls common fields (username, surname, etc.) but by adding items to the -property field it will return additional items. If there are other searches you find useful please add them to the comments below.

Like this post? Don't forget to follow us on Twitter and Facebook for updates.