Best IT Recipes

Get user groups without a link on the command line from the command line

I often use the net user command to view AD groups for a user:

 net user /DOMAIN <username>

This works well, however group names are truncated to about 20 characters. And in my organization, most group names are much longer than this.

Does anyone know a way to get non-truncated AD groups through the command line?

+79
windows cmd active-directory
Sep 22 '09 at 3:45
source share
5 answers

You can analyze the output from the GPRESULT command.

-7
Nov 02 '09 at 18:31
source share

GPRESULT is the correct command, but it cannot be started without parameters. /v or the verbose version is hard to do without output to a text file. EG. I recommend using

gpresult /user myAccount /v > C:\dev\me.txt - Make sure C: \ Dev \ me.txt exists

Another option is to display only summary information, which can be fully visible in the command window:

gpresult /user myAccount /r

The accounts are listed in the header:

 The user is a part of the following security groups ---------------------------------------------------
+99
Mar 11 '14 at 15:10
source share

A bit outdated post, but I realized what the hell it was. "Whoami" meets your needs?

I just found out about it today (from the same google search that brought me here, essentially). Windows had a whoami tool with XP (part of the toolkit addition) and was built in with Vista.

 whoami /groups

Enumerates all AD groups for the current user. I believe that this requires you to be registered in AS, but this will not help if your use case requires the ability to run this command to view another user.

+48
Sep 10 '14 at 15:45
source share

Or you can use dsquery and dsget :

 dsquery user domainroot -name <userName> | dsget user -memberof

To get group membership, follow these steps:

 Tue 09/10/2013 13:17:41.65 C:\ >dsquery user domainroot -name jqpublic | dsget user -memberof "CN=Technical Support Staff,OU=Acme,OU=Applications,DC=YourCompany,DC=com" "CN=Technical Support Staff,OU=Contosa,OU=Applications,DC=YourCompany,DC=com" "CN=Regional Administrators,OU=Workstation,DC=YourCompany,DC=com"

Although I cannot find any evidence that I have ever installed this package on my computer, you may need to install Remote Server Administration Tools for Windows 7 .

+5
Sep 10 '13 at 20:14
source share

Use Powershell: Windows Powershell Working with Active Directory

Quick Tip - Defining AD Group Membership Using Powershell

0
Sep 22 '09 at 3:57
source share


More articles:


All Articles