net group information

Posted on 2015-01-05
Last Modified: 2015-01-29
There is a usefull command you can run that i thought was accurate i.e. NET GROUP groupname /domain, and it would list all members in a domain AD group, without having to load up AD users and computers. But from some testing it doesnt seem that accurate. For example I ran the command for an AD group, and also checked the group in ADUC, and for nested groups, the NET GROUP command doesnt appear to list them, just accounts. Is this "normal behaviour", or is NET GROUP not always accurate.
Question by:pma111
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
LVL 55

Assisted Solution

McKnife earned 333 total points
ID: 40531117
Net group can't do that.
I bet there's a powershell alternative that can, did you already look into it?

Author Comment

ID: 40531121
can you elaborate - net group cant do what?

I have used net group to get a list of all group members, are you saying it will list accounts listed in a group, but not groups within a group?

I have access to ADUC so I can get the members there, it was just handy to use NET Group in some situations but if it doesnt give a clear picture I will swap to an alternative...
LVL 55

Expert Comment

ID: 40531130
Right, it's incapable of listing groups nested there in. Look for a powershell alternative, if you don't find it googling, I will assist.
Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

LVL 17

Expert Comment

by:Emmanuel Adebayo
ID: 40531131
This is usually correct
net group /dom <Groupname>
I used it so many times.

You can also use dsquery command
LVL 55

Accepted Solution

McKnife earned 333 total points
ID: 40531135 provides the dsquery and powershell syntax that reads out nested groups as well.
LVL 24

Assisted Solution

VB ITS earned 167 total points
ID: 40531197
For example I ran the command for an AD group, and also checked the group in ADUC, and for nested groups, the NET GROUP command doesnt appear to list them, just accounts. Is this "normal behaviour", or is NET GROUP not always accurate.
This appears to be by design when it comes to the net group command. See the explanation for the groupname parameter in this link which states the following:
net group [groupname [/comment:"text"]] [/domain]

groupname: Specifies the name of the group to add, expand, or delete. Specify a group name to view a list of users in a group only.

If you need to see members within the nested groups as well then you'll need to resort to either the dsquery command or PowerShell. Examples are provided in the link McKnife posted above.

Author Comment

ID: 40531200
emmanuel - are you saying that command will aslo list nested groups within groups??

Featured Post

Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Uncontrolled local administrators groups within any organization pose a huge security risk. Because these groups are locally managed it becomes difficult to audit and maintain them.
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question