Active Directory is great for running your organization smoothly but it has almost no way to allow you to pull meta-data from it easily.

A client asked to have the membership of a few distribution and email-enabled objects pulled so that they could review it for accuracy. Here are a few ways to do it.

Command-line

From the command line on a domain controller, type

net group <AD groupname> > report.txt

This will dump the usernames for the members of that group. Useful but not terribly clean.

Alternately, use the csvde command

csvde -f report.txt -r sAMAccountName=<groupname> -l member

You will get a file that has one entry per member. You can clean up the line in Word using the Replace function (to replace the semicolon with a return, use the ^p value).

Scripting

If you like scripting, you can extract using LDIFDE and VBS to clean it up, or you can script against the LDAP services on your domain controller. Microsoft has a good explanation of the LDIFDE method and clean-up here.

Here is a quick example of using VBScript against LDAP:

Set ObjGroup = GetObject("LDAP://cn=TargetGroup,ou=Groups,dc=company,dc=com")
For Each objMember in objGroup.Members
  WScript.Echo objMember.Name
Next

You will need to know where your object is located and alter the LDAP query to match. A good free tool for figuring this out is made by Softerra and is called LDAP Browser 2.6. This type of tool is invaluable for letting your script access into the data held for your employees in Active Directory and Softerra's implementation is easy to use and works well.