Home » Dsquery » Dsquery to find user group membership

Dsquery to find user group membership

by

Using the dsquery and dsget command, we can find user group membership or get all AD groups user is a memberof.

Active Directory groups contain user, computer, or service account as a member. Using the dsquery user command, we can find the user object and the dsget user command is used to get active directory groups membership for a specified user.

In this tutorial, we will discuss how to use the dsquery user command to find user group membership and get all ad groups user is a memberof.

Table of Contents hide
1 Dsquery to find user group membership
2 Using Dsquery to get group membership for log on user
3 Conclusion

Dsquery to find user group membership

Use the dsquery user command-line interface to the active directory to query and find all groups a user is memberof.

To get user group membership using dsquery, use the dsquery user command to find a user by attribute samid that matches the specified username. dsget user command is used to get all groups user is a memberof.

dsquery user -samid chrisd | dsget user -memberof

The output of the above dsquery command is to get group membership for a specified user is:

dsquery to get user group membership
dsquery to get user group membership

In the above output, it can be seen that user chrisd is a member of SALESLeader and Domain Users active directory group.

To get active directory groups the user is a memberof without DistinguishedName, run the below command.

dsquery user -samid chrisd | dsget user -memberof | dsget group -samid

The output of the above command displays the user ad group membership as given below.

dsquery to find user group membership
dsquery to find user group membership

Using Dsquery to get group membership for log on user

Using the dsquery user command and %USERNAME% env variable, we can get group membership of the log-on user.

dsget user -memberof command gets all groups distinguishedName user is a member of.

dsquery user -samid %USERNAME% | dsget user -memberof | dsget group -samid

The output of the above dsquery command gets ad groups the user is a memberof.

dsquery all groups a user is member of
dsquery all groups a user is a memberof

Cool Tip: How to get all users in a group using dsquery!

Conclusion

I hope the above article on how to get all groups a user is a memberof using the dsquery and dsget user command is helpful to you.

You can find more topics about PowerShell Active Directory commands and PowerShell basics on the ShellGeek home page.