The Life of Brian
Active Directory, Security, PowerShell and My Life
How to Display the Groups a User is a Member of
I”ve been trying to work more and more with scripts and today I”m sharing a simple but useful one. How to display the groups a user account is a member of. To display a user”s groups via the command prompt you need to use the dsget command with the -memberof and -expand switches. The -expand command will list all of the groups that you belong to that are nested in other groups.
Below is an example of how this would look:
dsget user “CN=Brian W. McCann,OU=Users,OU=Sales,DC=Adminprep,DC=com” -memberof -expand
The output would look similar to this:
“CN=GG Sales,OU=Groups,OU=Sales,DC=Adminprep,DC=com”
“CN=Domain Admins,CN=Users,DC=Adminprep,DC=com”
“CN=Domain Users,CN=Users,DC=Adminprep,DC=com”
“CN=GG Inside Sales,OU=Groups,OU=Sales,DC=Adminprep,DC=com”
“CN=GG Outside Sales,OU=Groups,OU=Sales,DC=Adminprep,DC=com”
“CN=Administrators,CN=Builtin,DC=Adminprep,DC=com”
“CN=Users,CN=Builtin,DC=Adminprep,DC=com”
March 25th, 2007 at 11:01 pm
If you use ADUC LDAP Querys you can save the query so each time you refresh the query it will automatically update any changes. This also allows you to export a list with out the LDAP formatting.
Go into ADUC querys, Advanced Querys, paste in the below query (Modify for your enviroment!).
(&(&(objectCategory=computer)(memberOf=CN=Test Group,OU=All RBA Users & Desktops,DC=test,DC=com)))