A Quick Tip To Get A List Of Security Groups A User Belongs To

  • Section(s): Administrator, Admin , Admin
  • Published on Sep 17, 2009.
  • Last Modified on Apr 04, 2009.
  • Last Modified by Nirmal Sharma.
  • Rated 5 out of 5 based on 1 votes.
This article explains a quick tip you can use to get the list of Security Groups a user or users belong/s to.

There is no any Windows native command which can be used to get a list of security groups a user or users belong to. The below command can help you achieve this. You need to download the ADFind.exe, a tool developed by Joeware, from http://www.joeware.net/downloads/files/AdFind.zip. This tool can also be scripted. I will give two examples of this tool as mentioned below:

  • Use this tool to get the security groups of a user. 

To accomplish the above mentioned goal, you need to run the following command:

ADFind.exe -b "CN=Peter, OU=Finance, DC=Contoso,DC=com" -s base -tokengroups -resolvesids -sddl+

The above command will get the list of Security Groups Peter belongs to. You need to know the DN of the Peter so that you can get the Security Groups. In the second example, you don't need to know the DN of the user to achieve the same goal.

  • Use this tool to get the security groups of users from a text file.

Steps:

Run the following command to get the DNs of all users of a Security Group.

DsQery group -name "SecurityGroupName" | DsGet group -members -expand > AllUserNames.txt

The above command will get the list of user accounts from Security Group "SecurityGroupName" and the output of this will be stored in the AllUserNames.txt file with the DN of that user.

Now, you have got the DN of all the users. Next, run the following command to get the Security Groups of each user account mentioned in the AllUserNames.txt and the output of each user's security group will be stored in UserName text file.

For /F "Tokens=*" %a in (AllUserNames.txt) Do ADFind.exe -b %a -s TokenGroups -resolvesids -sddl+ > UserName_%a.txt

 

About Nirmal Sharma

Nirmal is a Microsoft MVP in Directory Services and working as a Technical Architect/Consultant. He has been involved in Microsoft Technologies since 1994 and followed the progression of Microsoft Operating Systems and software. He is specialized in Directory Services, Microsoft Clustering, SQL, MOM, Exchange and Citrix. In his spare time, he likes to help others and write "internal" technical articles, white papers and tips on various Microsoft technologies. You can contact him at nirmal_sharma@mvps.org.


Article not looking right or info is missing? Let us know so that we can fix it: .


Receive all the latest articles by email!

Receive Real-Time & Monthly WindowsNetworking.com article updates in your mailbox. Enter your email below!
Click for Real-Time sample & Monthly sample

Become a WindowsNetworking.com member!

Discuss your network issues with thousands of other network administrators. Click here to join!

Community Area

Log in | Register

Readers' Choice

Which is your preferred Anti Spam Hardware solution?

Follow TechGenix on Twitter