.png?width=100&auto=webp&quality=80&disable=upscale "Picture of John Savill")
.png?width=400&auto=webp&quality=80&disable=upscale "John Savill")
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Listing Members of an AD Group
Use this command to list all members of a specified AD Group.
John Savill
September 25, 2008
1 Min Read
Q: How can I list all the members of an Active Directory (AD) group?
A: The Windows Server 2003 Dsget command is useful for getting information about AD objects, including groups. When you use Dsget with the -members switch, it will output the distinguished names (DNs) of all members of a group, as the following command and output shows:
dsget group "cn=Members,ou=Justice League,dc=
savilltech,dc=com" -members"CN=Barry Allen,OU=JusticeLeague,DC=savilltech,DC=com""CN=Kara Zor-El,OU=JusticeLeague,DC=savilltech,DC=com""CN=Helena Bertinelli,OU=Justice
League,DC=savilltech,DC=com""CN=Ted Kord,OU=JusticeLeague,DC=savilltech,DC=com""CN=Jason Todd,OU=JusticeLeague,DC=savilltech,DC=com""CN=Dick Grayson,OU=JusticeLeague,DC=savilltech,DC=com"If you want to display information other than the DN, you can use the the pipe (|) character, which lets you pass the output of one command as input to another command. In this case, you can pipe the output of Dsget to another Dsget query to gather the desired information. For example, if you want the SAM ID, User Principal Name (UPN), and description, you would use the command
dsget group "cn=Members,ou=Justice League,dc=savill
tech,dc=com" -members | dsget
user -samid -upn -descNotice that the code after the pipe character in the command is the second Dsget command, which gathers the account detail displayed in Table 1.
—John Savill
About the Author
You May Also Like
.png?width=700&auto=webp&quality=80&disable=upscale)