• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 293
  • Last Modified:

Local Group Membership for AD accounts

We're trying to figure out how to know what local groups an AD account has access to on a specific computer, but the only commands I can seem to find deal with group membership when it comes to AD groups, but not local groups.

Does anyone know of a command, whether through the command prompt, or Powershell, that can return the list of which local groups an AD user is a part of??

I'm sure it's something easy that's eluding me - any help is appreciated!!
1 Solution
Regrettably, you cannot find out what local groups an Active Directory group or user is a member of.  Memberships can only be seen inside the Active Directory Domain itself - and external members (like forest trusts or remote computers) are not backlinked, and therefore not traceable.

On the specific computer, you can list the local group members by using NET LOCALGROUP to view it's members - this will list all group members, and will include domain groups or domain users, as long as it can talk to the domain to resolve the member SIDs.


Featured Post

Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now