Export Groups and Group Types from Active Directory

A quick post on something I had to do at work today.  Luckily it didn’t take too long to research how to do it, but the information wasn’t clearly on one page.

So, are you looking to get a full export of groups and group types from Active Directory?  Look no further!  This is what you need to do in order to get all of the group names and group types from active directory – whether they be built-in groups, domain local security groups, global security groups, universal security groups, domain local distribution groups, global distribution groups, or universal distribution groups.

First of all, you need a Microsoft utility called CSVDE.EXE.  This is a program that will allow you to query the Active Directory LDAP database and return results you need.

Next, here is the command you will use.  If you have multiple domains, you will need to run this query on one server in each of your Active Directory domains to get all groups in Active Directory for each domain:

csvde.exe -s <server> -f <export-filename> -l groupType,name -r “(objectCategory=group)”

This will then export the file to a CSV file with two fields – the name of the group and the type of group. Now, when you open the file, you are going to see a bunch of numbers in the groupType column. Here is the translation for each of those numbers:

Domain Local Security-2147483644
Global Security-2147483646
Universal Security-2147483640
Domain Local Distribution4
Global Distribution2
Universal Distribution8

In Excel, you can quickly replace each of those by hitting Ctrl+H (which opens the Replace window). Start at the top with the Built-In numbers above and then just replace it with the text you want to change it to!

Leave a Comment