Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

net group information

Posted on 2015-01-05
7
Medium Priority
?
225 Views
Last Modified: 2015-01-29
There is a usefull command you can run that i thought was accurate i.e. NET GROUP groupname /domain, and it would list all members in a domain AD group, without having to load up AD users and computers. But from some testing it doesnt seem that accurate. For example I ran the command for an AD group, and also checked the group in ADUC, and for nested groups, the NET GROUP command doesnt appear to list them, just accounts. Is this "normal behaviour", or is NET GROUP not always accurate.
0
Comment
Question by:pma111
7 Comments
 
LVL 57

Assisted Solution

by:McKnife
McKnife earned 1332 total points
ID: 40531117
Net group can't do that.
I bet there's a powershell alternative that can, did you already look into it?
0
 
LVL 3

Author Comment

by:pma111
ID: 40531121
can you elaborate - net group cant do what?

I have used net group to get a list of all group members, are you saying it will list accounts listed in a group, but not groups within a group?

I have access to ADUC so I can get the members there, it was just handy to use NET Group in some situations but if it doesnt give a clear picture I will swap to an alternative...
0
 
LVL 57

Expert Comment

by:McKnife
ID: 40531130
Right, it's incapable of listing groups nested there in. Look for a powershell alternative, if you don't find it googling, I will assist.
0
Simplify Active Directory Administration

Administration of Active Directory does not have to be hard.  Too often what should be a simple task is made more difficult than it needs to be.The solution?  Hyena from SystemTools Software.  With ease-of-use as well as powerful importing and bulk updating capabilities.

 
LVL 18

Expert Comment

by:Emmanuel Adebayo
ID: 40531131
This is usually correct
net group /dom <Groupname>
I used it so many times.

You can also use dsquery command
0
 
LVL 57

Accepted Solution

by:
McKnife earned 1332 total points
ID: 40531135
http://serverfault.com/questions/49405/command-line-to-list-users-in-a-windows-active-directory-group provides the dsquery and powershell syntax that reads out nested groups as well.
0
 
LVL 24

Assisted Solution

by:VB ITS
VB ITS earned 668 total points
ID: 40531197
For example I ran the command for an AD group, and also checked the group in ADUC, and for nested groups, the NET GROUP command doesnt appear to list them, just accounts. Is this "normal behaviour", or is NET GROUP not always accurate.
This appears to be by design when it comes to the net group command. See the explanation for the groupname parameter in this link which states the following:
Syntax:
net group [groupname [/comment:"text"]] [/domain]

Parameters
groupname: Specifies the name of the group to add, expand, or delete. Specify a group name to view a list of users in a group only.

If you need to see members within the nested groups as well then you'll need to resort to either the dsquery command or PowerShell. Examples are provided in the link McKnife posted above.
0
 
LVL 3

Author Comment

by:pma111
ID: 40531200
emmanuel - are you saying that command will aslo list nested groups within groups??
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Transferring FSMO roles is done when an admin wants to split roles between certain Domain Controllers or the Domain Controller holding the Roles has been forcefully demoted using dcpromo / forceremoval
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Suggested Courses

783 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question