Skip to content

List an AD user’s group membership

September 12, 2012

Here’s an easy way to list an Active Directory user’s group membership using the dsget and dsquery AD commands.

These commands are only available on your Windows 7 machine if you have installed the Remote Server Administration Tools for AD.

The dsget command requires the UserDN. Use the dsquery command to get the UserDN.

Open a powershell console.

Type:

dsquery user -name “Joe Bloggs”

This will give you back the UserDN:

“CN=Joe Bloggs, OU=Head Office,OU=Users,DC=company, DC=local”

Copy this UserDN and paste it into the following dsget command:

dsget user  “CN=Joe Bloggs, OU=Head Office,OU=Users,DC=company, DC=local” -memberof

This will display the DNs of all the groups that user is a member of.

You can export this to a text /csv file using >C:\joebloggs.txt at the end of the dsget command.

Advertisements

From → Microsoft

Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: