JSI Tip 9306. How can I list the members of a domain group, security or distribution, given the group sAMAccountName (SAMID)?

Using the DSGET Active Directory command-line tool, I have scripted SAMIDGrpMbrs.bat to retrieve the members of a domain group.

The syntax for using SAMIDGrpMbrs.bat is:

\[call\] SAMIDGrpMbrs GroupID

Where GroupID is the sAMAccountName (SAMID) of the group.

To process the output in a script:

for /f "Tokens=1* Delims=;" %%a in ('SAMIDGrpMbrs GroupID') do (
 set UserDN=%%a
 set UserSAMID=%%b
NOTE: Imbedded domain groups are recursively expanded to arrive at a complete set of domain members.

NOTE: SAMIDGrpMbrs.bat uses  DNGrpMbrs.bat.

SAMIDGrpMbrs.bat contains:

@echo off
if \{%1\}==\{\} @echo Syntax: SAMIDGrpMbrs GroupID&goto :EOF
setlocal enabledelayedexpansion
set samid=%1
set samid=%samid:"=%
set qry=dsquery * domainroot -filter "(&(objectCategory=Group)(objectClass=group)(sAMAccountName=%samid%))" -attr distinguishedName -Limit 0
for /f "Skip=1 Tokens=*" %%g in ('%qry%') do (
 set grp="%%g"
 set grp=!grp:  =!
 call DNGrpMbrs !grp!

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.