{"id":5087,"date":"2017-12-17T07:07:11","date_gmt":"2017-12-17T06:07:11","guid":{"rendered":"https:\/\/michlstechblog.info\/blog\/?p=5087"},"modified":"2022-05-24T12:00:35","modified_gmt":"2022-05-24T10:00:35","slug":"windows-get-all-groups-a-user-is-memberof-by-dsquerydsget-recursive","status":"publish","type":"post","link":"https:\/\/michlstechblog.info\/blog\/windows-get-all-groups-a-user-is-memberof-by-dsquerydsget-recursive\/","title":{"rendered":"Windows: Get all groups a user is memberof by dsquery\/dsget recursive"},"content":{"rendered":"<div class=\"twoclick_social_bookmarks_post_5087 social_share_privacy clearfix 1.6.4 locale-en_US sprite-en_US\"><\/div><div class=\"twoclick-js\"><script type=\"text\/javascript\">\/* <![CDATA[ *\/\njQuery(document).ready(function($){if($('.twoclick_social_bookmarks_post_5087')){$('.twoclick_social_bookmarks_post_5087').socialSharePrivacy({\"services\":{\"flattr\":{\"uid\":\"Michl\",\"status\":\"on\",\"the_title\":\"Windows%3A%20Get%20all%20groups%20a%20user%20is%20memberof%20by%20dsquery%2Fdsget%20recursive\",\"the_excerpt\":\"Hi%2C%0D%0A%0D%0AThe%20%22net%22%20builtin%20commands%20of%20Windows%20have%20some%20limitations%3A%20It%20truncates%20groupnames%20longer%20then%2020%20Characters%2C%20it%20cannot%20resolve%20group%20in%20group%20memberships....%0D%0A%0D%0Adsget%2Fdsquery%20are%20%28LDAP%29%20command%20line%20interfaces%20for%20active%20directory.%20For%20using%20these%20commands%20you%20have%20to%20install%20the%20Windows%20RSAT%20Tools%20%28Remote%20Server%20Administration%20Tools%29.%20%0D%0A%0D%0ASome%20examples.%20%0D%0A%20%28more%26hellip%3B%29\",\"txt_info\":\"2 clicks for more data protection:\\r\\n\\r\\nOnly when you click here, the button will be come active and you can send your recommendation to Flattr. When activating, data are transmitted to third parties. \",\"perma_option\":\"off\"}},\"txt_help\":\"When you activate these fields by clicking, information to Flattr may be transferred abroad, and probably may also stored there.\",\"settings_perma\":\"Enable permanently and accept data transmission. \",\"info_link\":\"http:\\\/\\\/www.heise.de\\\/ct\\\/artikel\\\/2-Klicks-fuer-mehr-Datenschutz-1333879.html\",\"uri\":\"https:\\\/\\\/michlstechblog.info\\\/blog\\\/windows-get-all-groups-a-user-is-memberof-by-dsquerydsget-recursive\\\/\",\"post_id\":5087,\"post_title_referrer_track\":\"Windows%3A+Get+all+groups+a+user+is+memberof+by+dsquery%2Fdsget+recursive\",\"display_infobox\":\"on\"});}});\n\/* ]]> *\/<\/script><\/div><p>Hi,<\/p>\n<p>The &#8220;net&#8221; builtin commands of Windows have some limitations: It truncates groupnames longer then 20 Characters, it cannot resolve group in group memberships&#8230;.<\/p>\n<p>dsget\/dsquery are (LDAP) command line interfaces for active directory. For using these commands you have to install the Windows <a href=\"https:\/\/support.microsoft.com\/de-de\/help\/2693643\/remote-server-administration-tools-rsat-for-windows-operating-systems\" rel=\"noopener\" target=\"_blank\">RSAT Tools<\/a> (Remote Server Administration Tools). <\/p>\n<p>Some examples.<br \/>\n<!--more--><br \/>\nShow your distinguished name by samaccount name<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nC:\\&gt; dsquery user -samid %USERNAME%\r\n<\/pre>\n<p>Or with by a custom LDAP filter<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\ndsquery * -filter &quot;(&amp;(objectClass=User)(sAMAccountName=%USERNAME%))\r\n<\/pre>\n<p>Get specific LDAP attributes of an User<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nC:\\&gt; dsquery * &quot;CN=myUser Account,OU=UsersOU,DC=yourDomain,DC=org&quot; -attr sAMAccountName displayName department\r\n<\/pre>\n<p>Get all LDAP attributes of an User<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nC:\\&gt; dsquery * &quot;CN=myUser Account,OU=UsersOU,DC=yourDomain,DC=org&quot; -attr *\r\n<\/pre>\n<p>Get all distinguished name of Groups you are a member of<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nC:\\&gt; dsquery user -samid %USERNAME% | dsget user -memberof\r\n<\/pre>\n<p>and more readable with just the sAMAccountname of the groups<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nC:\\&gt; dsquery user -samid %USERNAME% | dsget user -memberof | dsget group -samid\r\n<\/pre>\n<p>Get distinguished name of a group by sAMAccountname <\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nC:\\&gt; dsquery group -samid YourGroupName\r\n<\/pre>\n<p>Get all members of a Group by its sAMACcountname<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nC:\\&gt; dsquery group -samid YourGroupName | dsget group -members\r\n<\/pre>\n<p>and recursive if the group contains other groups as member<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nC:\\&gt; dsquery group -samid YourGroupName | dsget group -members -expand\r\n<\/pre>\n<p>and more readable with more details<\/p>\n<pre class=\"brush: bash; title: ; notranslate\" title=\"\">\r\nC:\\&gt; dsquery group -samid YourGroupName | dsget group -members -expand | dsget user -display  -samid -email\r\n<\/pre>\n<p>Michael<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hi, The &#8220;net&#8221; builtin commands of Windows have some limitations: It truncates groupnames longer then 20 Characters, it cannot resolve group in group memberships&#8230;. dsget\/dsquery are (LDAP) command line interfaces for active directory. For using these commands you have to install the Windows RSAT Tools (Remote Server Administration Tools). Some examples.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[1119,1118,1117,148,261,1120,145],"class_list":["post-5087","post","type-post","status-publish","format-standard","hentry","category-windowsknowhow","tag-by-samaccountname","tag-dsget","tag-dsquery","tag-group","tag-list","tag-recursive","tag-user"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/5087","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/comments?post=5087"}],"version-history":[{"count":10,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/5087\/revisions"}],"predecessor-version":[{"id":5098,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/posts\/5087\/revisions\/5098"}],"wp:attachment":[{"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/media?parent=5087"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/categories?post=5087"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/michlstechblog.info\/blog\/wp-json\/wp\/v2\/tags?post=5087"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}