Get-ADGroup is a PowerShell cmdlet used to retrieve information about Active Directory (AD) groups.

-Filter

This syntax is used when you want to search for groups based on specific criteria, like group names, descriptions, or other properties.

Get-ADGroup
    -Filter <String>
    [-AuthType <ADAuthType>]
    [-Credential <PSCredential>]
    [-Properties <String[]>]
    [-ResultPageSize <Int32>]
    [-ResultSetSize <Int32>]
    [-SearchBase <String>]
    [-SearchScope <ADSearchScope>]
    [-Server <String>]
    [-ShowMemberTimeToLive]
    [<CommonParameters>]

Parameters Explained:

  • -Filter <String>: Specifies the search criteria for groups. Example: -Filter "Name -like '*Admin*'" finds all groups with “Admin” in their name.
  • -AuthType <ADAuthType>: Specifies the authentication type (Negotiate or Basic).
  • -Credential <PSCredential>: Lets you provide alternate credentials.
  • -Properties <String[]>: Specifies which additional properties to retrieve (like Description or ManagedBy). Default returns only common properties.
  • -ResultPageSize <Int32>: Sets the page size for queries to reduce memory usage in large ADs.
  • -ResultSetSize <Int32>: Limits the number of results returned.
  • -SearchBase <String>: Limits the search to a specific container or OU. Example: "OU=IT,DC=example,DC=com".
  • -SearchScope <ADSearchScope>: Scope of search: Base, OneLevel, or Subtree.
  • -Server <String>: Specifies the domain controller to query.
  • -ShowMemberTimeToLive: Displays how long dynamic membership info is valid.
  • [<CommonParameters>]: Standard PowerShell parameters like -Verbose, -ErrorAction, etc.

-Identity

This is used when you already know the exact group you want to retrieve.

Syntax:

Get-ADGroup
    [-Identity] <ADGroup>
    [-AuthType <ADAuthType>]
    [-Credential <PSCredential>]
    [-Partition <String>]
    [-Properties <String[]>]
    [-Server <String>]
    [-ShowMemberTimeToLive]
    [<CommonParameters>]

Parameters Explained:

  • -Identity <ADGroup>: Specifies the exact group to retrieve. Can be the group name, Distinguished Name (DN), GUID, or SID.
  • -AuthType <ADAuthType>: Specifies the authentication type to use for the query (Negotiate or Basic).
  • -Credential <PSCredential>: Allows you to provide alternate credentials when querying Active Directory.
  • -Partition <String>: Specifies the AD naming context/partition (default is the domain). Useful in multi-domain forests.
  • -Properties <String[]>: Specifies additional attributes to retrieve beyond the default ones, such as Description, ManagedBy, or Members. Using * retrieves all properties.
  • -Server <String>: Specifies the domain controller to query. Can be a server name, FQDN, or IP address.
  • -ShowMemberTimeToLive: Displays how long dynamic group membership information is valid in seconds.
  • [<CommonParameters>]: Standard PowerShell parameters like -Verbose, -ErrorAction, -WarningAction, etc.