How to Display the Groups a User is a Member of

I”ve been trying to work more and more with scripts and today I”m sharing a simple but useful one. How to display the groups a user account is a member of. To display a user”s groups via the command prompt you need to use the dsget command with the -memberof and -expand switches. The -expand command will list all of the groups that you belong to that are nested in other groups.

Below is an example of how this would look:

dsget user “CN=Brian W. McCann,OU=Users,OU=Sales,DC=Adminprep,DC=com” -memberof -expand

The output would look similar to this:
“CN=GG Sales,OU=Groups,OU=Sales,DC=Adminprep,DC=com”
“CN=Domain Admins,CN=Users,DC=Adminprep,DC=com”
“CN=Domain Users,CN=Users,DC=Adminprep,DC=com”
“CN=GG Inside Sales,OU=Groups,OU=Sales,DC=Adminprep,DC=com”
“CN=GG Outside Sales,OU=Groups,OU=Sales,DC=Adminprep,DC=com”
“CN=Administrators,CN=Builtin,DC=Adminprep,DC=com”
“CN=Users,CN=Builtin,DC=Adminprep,DC=com”

1 Comment

  1. Nick says:

    If you use ADUC LDAP Querys you can save the query so each time you refresh the query it will automatically update any changes. This also allows you to export a list with out the LDAP formatting.

    Go into ADUC querys, Advanced Querys, paste in the below query (Modify for your enviroment!).

    (&(&(objectCategory=computer)(memberOf=CN=Test Group,OU=All RBA Users & Desktops,DC=test,DC=com)))

Leave a comment

*