i use dsquery to check groupmembership

Posted on 2012-08-14
Last Modified: 2012-08-15
I would like to check with a batch script if a user is member of a group

this should work with dsquery instead of ifmember

how can i use dsquery to make a simple if true then goto line xx query?

dsquery * domainroot -filter "(&(objectClass=group)(name=theGroup))" -l -d domain.local -attr member | find /c "Test UserA"

This will give me a value if there is any user in "theGroup"
Test UserA is in the Group one time so the result is 1
if i check for "Test User" it will give me the Result 4, because the text is part of Test UserA
Test UserB... so not a perfect solution any other ideas?
Question by:HelpdeskJBC
    LVL 82

    Expert Comment

    Ony way is to check for the surrounding elements of the DN (the "cn=" at the beginning and the "," at the end:
    dsquery * domainroot -filter "(&(objectClass=group)(name=theGroup))" -l -d domain.local -attr member | find /i /c "cn=Test UserA,"

    Open in new window

    Or do it the other way and query the user's group membership; this will work for nested groups as well:
    dsquery user -name "Test UserA" | dsget user -memberof -expand | find /i /c "cn=theGroup,"

    Open in new window


    Author Comment

    Ok and how can i use the return value to simply check with the if function?
    can I save the result into a variable?
    LVL 82

    Accepted Solution

    Sorry, should have mentioned that. "find" will return errorlevel 0 if the string was found, 1 otherwise.
    dsquery user -name "Test UserA" | dsget user -memberof -expand | find /i /c "cn=theGroup,"
    if %ErrorLevel%==0 goto NameFound
    echo No group member
    goto :eof
    echo Group member

    Open in new window


    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    Being a system administrator some time we require to do things remotely, one of them is installing software. Here I am going to tell you how to install software through wmic (Windows management instrument console). I am not at all saying that this i…
    Introduction: Recently, I got a requirement to zip all files individually with batch file script in Windows OS. I don't know much about scripting, but I searched Google and found a lot of examples and websites to complete my task. Finally, I was ab…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    21 Experts available now in Live!

    Get 1:1 Help Now