I was challenged at work today to determine the number of users in an Active Directory group. I figured the best way was to break out PowerShell and see what I could find (I'm sorry but I'm learning PowerShell so things are going to be very PowerShell centered for a while :-)). I found that in the ActiveDirectory PowerShell module (see http://www.mikepfeiffer.net/2010/01/how-to-install-the-active-directory-module-for-windows-powershell/ for instructions on how to install this) the Get-ADUser cmdlet works really well for running basic searches in AD.

The first step is to import the module:

Import-Module ActiveDirectory

Then you can run a search on the user information you want for example this returns the count of all users in a group:

( get-aduser -filter { memberof -recursivematch "CN=Group,OU=Users,DC=contoso,DC=local" }) . count

This returns the count of all group members who have an expiration date:

( get-aduser -properties AccountExpirationDate -filter { memberof -recursivematch "CN=Group,OU=Users,DC=contoso,DC=local" } | where { $_ . AccountExpirationDate -ne $null }) . count

The cool things about the get-aduser cmdlet is that it automatically pulls common fields (username, surname, etc.) but by adding items to the -property field it will return additional items. If there are other searches you find useful please add them to the comments below.