JSI Tip 7728. When you inspect the value of a user's primaryGroupID, in DSQUERY, you only see a number?

When you return a user's primaryGroupID using DSQUERY, instead of seeing a group name, like Domain Users, you see a number.

The number you are seeing is the RID (Relative IDentifier), the last string of the group SID.

I have scripted ListGroupRID.bat to display the RID and group name in your domain.

The syntax for using ListGroupRID.bat is:

ListGroupRID

The output is displayed on the CMD console, but you can pipe it to a file using the following syntax:

ListGroupRID>FileName

You can use the output in subsequent commands, as in:

for /f "Tokens=1*" %%i in ('ListGroupRID') do SomeCommand %%i %%j

In my domain, the output looks like:

 512 "Domain Admins" 513 "Domain Users" 514 "Domain Guests" 515 "Domain Computers" 516 "Domain Controllers" 519 "Enterprise Admins" 520 "Group Policy Creator Owners" 544 "Administrators" 545 "Users" 546 "Guests" 548 "Account Operators" 549 "Server Operators" 550 "Print Operators" 551 "Backup Operators" 552 "Replicator" 553 "RAS and IAS Servers" 554 "Pre-Windows 2000 Compatible Access" 555 "Remote Desktop Users" 556 "Network Configuration Operators" 557 "Incoming Forest Trust Builders" 558 "Performance Monitor Users" 559 "Performance Log Users" 560 "Windows Authorization Access Group" 561 "Terminal Server License Servers"1000 "HelpServicesGroup"1002 "TelnetClients"1003 "DHCP Users"1004 "DHCP Administrators"1106 "DnsAdmins"1107 "DnsUpdateProxy"1125 "IIS_WPG"1129 "accountants"1130 "Accounts Payables"1132 "TST DIST"1135 "SharePointAdmins"1140 "OU_TEST Administrators"

ListGroupRID.bat contains:

@echo offsetlocalif exist "%TEMP%%ComputerName%_ListGroupRID_1.tmp" del /q "%TEMP%%ComputerName%_ListGroupRID_1.tmp"if exist "%TEMP%%ComputerName%_ListGroupRID_2.tmp" del /q "%TEMP%%ComputerName%_ListGroupRID_2.tmp"set query=dsquery * domainroot -filter "(&(objectClass=Group))" -attr objectSid sAMAccountName -limit 0for /f "Skip=1 Tokens=1*" %%a in ('%query%') do call :rid %%a "%%b"sort "%TEMP%%ComputerName%_ListGroupRID_1.tmp" /O "%TEMP%%ComputerName%_ListGroupRID_2.tmp"type "%TEMP%%ComputerName%_ListGroupRID_2.tmp"del /q "%TEMP%%ComputerName%_ListGroupRID_1.tmp"del /q "%TEMP%%ComputerName%_ListGroupRID_2.tmp"endlocalgoto :EOF:ridset wrk1=%1set wrk2=%2set wrk2=%Wrk2:  =%set wrk2=%Wrk2: "="%:rid1set wrk3=for /f "Tokens=1* Delims=-" %%x in ('@echo %wrk1%') do ( set wrk3=%%x set wrk1=%%y)if "%wrk1%" NEQ "" goto rid1@echo %wrk3% %wrk2%>>"%TEMP%%ComputerName%_ListGroupRID_1.tmp"  

NOTE: See How can I convert a primaryGroupID to a group name in a script?