Export All Dynamic groups with its membership rules

Hello Guys,

I'm in need of a powershell script to get all dynamic groups in our environment with the membership rules. 

I can get the list using the below script but the membership rules i get is the membership rules plus GUID & SID of the OU's with it which makes it difficult to manage

Import-Module ActiveRolesManagementShell
Get-QADGroup -Proxy -Dynamic $true -DontUseDefaultIncludedProperties -IncludedProperties cn, edsaDGConditionsList |
Select-Object -Property cn, edsadgconditionslist |
Export-Csv -Path C:\TEMP\DynamicGroups.csv -NoTypeInformation

the below script can get just the membership rule perfectly but of single groups

$MU = (get-qadgroup $Groupname -Proxy).DirectoryEntry.MembershipRuleCollection

$MU | select base, Filter, Type | fl

How can i combine both the scripts & get the desired inputs, i want the name of the groups and with the exact membership rules starting with e.g. "(&(objectclass= "

  • Try this:

    Get-QADGroup -Proxy -Dynamic $true -DontUseDefaultIncludedProperties -IncludedProperties cn, edsaDGConditionsList | foreach {

    $GroupCN = $_.CN

    $MemberRuleDetails = $_.DirectoryEntry.MembershipRuleCollection | select base, Filter, Type

    # Depending on PoSh version, use ONE of the two following lines to add the CN to the output object:

    $MemberRuleDetails | Add-Member -NotePropertyName CN -NotePropertyValue $GroupCN

    $MemberRuleDetails | Add-Member -MemberType NoteProperty -Value $GroupCN -Name CN

    $MemberRuleDetails | select cn,base,Filter,Type | export-csv C:\TEMP\DynamicGroups.csv -NoTypeInformation -append


  • Thanks Johnny the script works as desired !! Also can we automatically add a membership rule to a group using powershell? If yes, care to share?

  • Hello,

    Managed Unit and Dynamic Groups share the same structure. This code sample which I posted could be use to target a Dynamic Group instead of a Managed Unit, and I just confirmed that it allows you to programmatically update Dynamic Groups with LDAP query rules:

    Title: HOW TO: Create a Managed Unit which shows users who have not logged on in the last 90 days
    Solution: 314193
    URL: support.oneidentity.com/.../314193