Thursday, February 2, 2012

How to find out what Active Directory groups a user is a member of

If you are ever trying to diagnose an issue where you need to confirm what Active Directory (AD) groups a particular user is in. For example you are diagnosing a security issue and you need to confirm the user is a member of the ‘ProjectManagers’ AD group then there is a way to do this without having Active Directory installed on your machine.

Press the windows key and type ‘command’ into the search bar. Locate the ‘Command Prompt’ link, right click on it and select ‘run as administrator’. Not sure if this is required but it makes me feel important J. Also tells UAC to back off if you have this turned on for your machine/server.

In the command prompt window type the following syntax:

net user /domain login_name

Where ‘login_name’ represents the placeholder for the login name for the user you are wanting to check. Hit the enter key and if you have access to read AD you will get some information about the user as demonstrated in the screen shot below.

No comments:

Post a Comment