Friday, January 14, 2011

Windows AD Group - Command line to list users ?

Is there a command line way to list all the users in a particular Active Directory Group ?

I can see who is in the group by going to manage computer --> Local User / Groups --> Groups and double clicking the group.

I just need a command line way to retrieve the data so I can do some other automated tasks.

Thanks in Advance.

From serverfault $pageUsers[$entry.posts[0].author].name

  • try

    dsget group "CN=GroupName,DC=domain,DC=name,DC=com" -members
    duffbeer703 : You probably need to do a little more in order to resolve members and duplicate members in nested groups.
    From pQd

  • Here's a version of the ds command I found more typically useful, especially if you have a complex OU structure and don't necessarily know the full distinguished name of the group.

    dsquery group -samid "Group_SAM_Account_Name" | dsget group -members

    or if you know the CN of the group, usually the same as the SAM ID, quoted in case there are spaces in the name:

    dsquery group -name "Group Account Name" | dsget group -members
    Jim B : I use the first query all the time
    From Ryan Fisher

  • Using PowerShell and Quest Software's Free ActiveRoles Management Shell for Active Directory, you can use:

    (Get-QADGroup "GroupName").Members

    http://www.quest.com/powershell/activeroles-server.aspx

    From Gordon Bell

  • Here's another way from the command prompt, not sure how automatable though: net group /domain groupname

    From $pageUsers[$post.author].name
Posted by Mu Cat at 6:02 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)