Get user s non-truncated Active Directory groups from command line

Question

I often use the net user command to have a look at AD groups for a user   net user  DOMAIN  lt username gt    This works well  however the group names are truncated to around 20 characters   And in my organization  most group names are much longer than this   Does anyone know of a way to get non-truncated AD groups through the command line

User · Answer

A little stale post  but I figured what the heck   Does  whoami  meet your needs   I just found out about it today  from the same Google search that brought me here  in fact    Windows has had a whoami tool since XP  part of an add on toolkit  and has been built-in since Vista   whoami  groups   Lists all the AD groups for the currently logged-on user   I believe it does require you to be logged on AS that user  though  so this won t help if your use case requires the ability to run the command to look at another user   Group names only   whoami  groups  fo list  findstr  c  Group Name

User · Answer

Or you could use dsquery and dsget   dsquery user domainroot -name  lt userName gt    dsget user -memberof   To retrieve group memberships something like this   Tue 09 10 2013 13 17 41 65 C    gt dsquery user domainroot -name jqpublic   dsget user -memberof  CN Technical Support Staff OU Acme OU Applications DC YourCompany DC com   CN Technical Support Staff OU Contosa OU Applications DC YourCompany DC com   CN Regional Administrators OU Workstation DC YourCompany DC com    Although I can t find any evidence that I ever installed this package on my computer  you might need to install the Remote Server Administration Tools for Windows 7

User · Answer

Use Powershell  Windows Powershell Working with Active Directory   Quick Tip     Determining Group AD Membership Using Powershell

User · Answer

GPRESULT is the right command  but it cannot be run without parameters    v or verbose option is difficult to manage without also outputting to a text file   E G  I recommend using  gpresult  user myAccount  v  gt  C  dev me txt--Ensure C  Dev me txt exists  Another option is to display summary information only which may be entirely visible in the command window   gpresult  user myAccount  r  The accounts are listed under the heading   The user is a part of the following security groups ---------------------------------------------------

User · Answer

You could parse the output from the GPRESULT command

User · Answer

Much easier way in PowerShell    Get-ADPrincipalGroupMembership  lt username gt   Requirement  the account you yourself are running under must be a member of the same domain as the target user  unless you specify -Credential and -Server  untested    In addition  you must have the Active Directory Powershell module installed  which as  dave-lucre says in a comment to another answer  is not always an option   For group names only  try one of these    Get-ADPrincipalGroupMembership  lt username gt   Name Get-ADPrincipalGroupMembership  lt username gt   Select Name

User · Answer

Based on answer by P Brian Mackey-- I tried using gpresult  user  lt UserName gt   r command  but it only seemed to work for my user account  for other users accounts I got this result  The user  userNameHere  does not have RSOP data     So I read through this blog-- https   blog thesysadmins co uk group-policy-gpresult-examples html-- and came upon a solution   You have to know the users computer name    gpresult  s  lt UserComputer gt   r  user  lt UserName gt    After running the command  you have to ENTER a few times for the program to complete because it will pause in the middle of the ouput   Also  the results gave a bunch of data including a section for  COMPUTER SETTINGS gt  Applied Group Policy Objects  and then  COMPUTER SETTINGS gt  Security groups  and finally  USER SETTINGS gt  security groups   this is what we are looking for with the AD groups listed with non-truncated descriptions     Interesting to note that GPRESULT had some extra members not seen in NET USER command   Also  the sort order does not match and is not alphabetical   Any body who can add more insights in the comments that would be great     RESULTS  gpresult  with ComputerName  UserName   For security reasons  I have included only a subset of the membership results    36 TOTAL  12 SAMPLE   The user is a part of the following security groups ---------------------------------------------------     Internet Email   GEVStandardPSMViewers    GcoFieldServicesEditors      AnimalWelfare Readers    Business Objects     Zscaler Standard Access         GCM         GcmSharesEditors     GHVStandardPSMViewers    IntranetReportsViewers   JetDWUsers     --  NOTE  this one was deleted today  the other  Jet  one was added      Time and Attendance Users        RESULTS  net user  DOMAIN  with UserName   For security reasons  I have included only a subset of the membership results    23 TOTAL  12 SAMPLE   Local Group Memberships   Global Group memberships                                      Internet Email        GEVStandardPSMViewers                               GcoFieldServicesEdito AnimalWelfare Readers                               Business Objects      Zscaler Standard Acce                                                                Time and Attendance U GCM                                                                GcmSharesEditors      GHVStandardPSMViewers                               IntranetReportsViewer JetPowerUsers The command completed successfully

[windows] Get user's non-truncated Active Directory groups from command line

Examples related to windows

Examples related to cmd

Examples related to active-directory