Solved

net group information

Posted on 2015-01-05
7
162 Views
Last Modified: 2015-01-29
There is a usefull command you can run that i thought was accurate i.e. NET GROUP groupname /domain, and it would list all members in a domain AD group, without having to load up AD users and computers. But from some testing it doesnt seem that accurate. For example I ran the command for an AD group, and also checked the group in ADUC, and for nested groups, the NET GROUP command doesnt appear to list them, just accounts. Is this "normal behaviour", or is NET GROUP not always accurate.
0
Comment
Question by:pma111
7 Comments
 
LVL 53

Assisted Solution

by:McKnife
McKnife earned 333 total points
Comment Utility
Net group can't do that.
I bet there's a powershell alternative that can, did you already look into it?
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
can you elaborate - net group cant do what?

I have used net group to get a list of all group members, are you saying it will list accounts listed in a group, but not groups within a group?

I have access to ADUC so I can get the members there, it was just handy to use NET Group in some situations but if it doesnt give a clear picture I will swap to an alternative...
0
 
LVL 53

Expert Comment

by:McKnife
Comment Utility
Right, it's incapable of listing groups nested there in. Look for a powershell alternative, if you don't find it googling, I will assist.
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 16

Expert Comment

by:Emmanuel Adebayo
Comment Utility
This is usually correct
net group /dom <Groupname>
I used it so many times.

You can also use dsquery command
0
 
LVL 53

Accepted Solution

by:
McKnife earned 333 total points
Comment Utility
http://serverfault.com/questions/49405/command-line-to-list-users-in-a-windows-active-directory-group provides the dsquery and powershell syntax that reads out nested groups as well.
0
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 167 total points
Comment Utility
For example I ran the command for an AD group, and also checked the group in ADUC, and for nested groups, the NET GROUP command doesnt appear to list them, just accounts. Is this "normal behaviour", or is NET GROUP not always accurate.
This appears to be by design when it comes to the net group command. See the explanation for the groupname parameter in this link which states the following:
Syntax:
net group [groupname [/comment:"text"]] [/domain]

Parameters
groupname: Specifies the name of the group to add, expand, or delete. Specify a group name to view a list of users in a group only.

If you need to see members within the nested groups as well then you'll need to resort to either the dsquery command or PowerShell. Examples are provided in the link McKnife posted above.
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
emmanuel - are you saying that command will aslo list nested groups within groups??
0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now