Hi,
The “net” builtin commands of Windows have some limitations: It truncates groupnames longer then 20 Characters, it cannot resolve group in group memberships….
dsget/dsquery are (LDAP) command line interfaces for active directory. For using these commands you have to install the Windows RSAT Tools (Remote Server Administration Tools).
Some examples.
Show your distinguished name by samaccount name
C:\> dsquery user -samid %USERNAME%
Or with by a custom LDAP filter
dsquery * -filter "(&(objectClass=User)(sAMAccountName=%USERNAME%))
Get specific LDAP attributes of an User
C:\> dsquery * "CN=myUser Account,OU=UsersOU,DC=yourDomain,DC=org" -attr sAMAccountName displayName department
Get all LDAP attributes of an User
C:\> dsquery * "CN=myUser Account,OU=UsersOU,DC=yourDomain,DC=org" -attr *
Get all distinguished name of Groups you are a member of
C:\> dsquery user -samid %USERNAME% | dsget user -memberof
and more readable with just the sAMAccountname of the groups
C:\> dsquery user -samid %USERNAME% | dsget user -memberof | dsget group -samid
Get distinguished name of a group by sAMAccountname
C:\> dsquery group -samid YourGroupName
Get all members of a Group by its sAMACcountname
C:\> dsquery group -samid YourGroupName | dsget group -members
and recursive if the group contains other groups as member
C:\> dsquery group -samid YourGroupName | dsget group -members -expand
and more readable with more details
C:\> dsquery group -samid YourGroupName | dsget group -members -expand | dsget user -display -samid -email
Michael
For the last one, how can you filter out sub groups?
This is a late response, but just remove the “-expand” parameter, that will disable recursivity