Skip navigation
Menu
End-User Platforms>Windows 7/8

JSI Tip 9305. How can I list the members of a domain group, security or distribution, given the group distinguished name?

Using the DSGET Active Directory command-line tool, I have scripted DNGrpmbrs.bat to retrieve the members of a domain group.

The syntax for using DNGrpmbrs.bat is:

\[call\] DNGrpmbrs GroupDN

Where GroupDN is the distinguished name of the group.

To process the output in a script:

for /f "Tokens=1* Delims=;" %%a in ('DNGrpmbrs GroupDN') do (
 set UserDN=%%a
 set UserSAMID=%%b
 ...
 ...
)
NOTE: Imbedded domain groups are recursively expanded to arrive at a complete set of domain members.

NOTE: See How can I list the members of a domain group, security or distribution, given the group sAMAccountName (SAMID)?

DNGrpmbrs.bat contains:

@echo off
if \{%1\}==\{\} @echo Syntax: DNGrpMbrs GroupDN&goto :EOF
setlocal ENABLEDELAYEDEXPANSION
for /f "Tokens=*" %%a in ('dsget group %1 -members -expand') do (
 for /f "Skip=1 Tokens=*" %%u in ('dsget user %%a -samid 2^>nul^|FIND /I /V "dsget succeeded"') do (
  set samid=%%u
  set samid=!samid:  =!
  @echo %%a;"!samid!"
 )
)
endlocal



Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish
Recommended Reading
PowerShell screenshot shows Where-Object cmdlet
How to Use the PowerShell Where-Object Cmdlet
Aug 04, 2022
shield_icon_laptop.jpg
What To Do When Windows Defender Is Not Working
Mar 15, 2022
Computer Screen Showing Password Dialog Box
Microsoft Edge Downloads Updated for Azure AD Sign-In & Sync
Aug 22, 2019
mktg-wp-nolabel5
How to Approach the Windows 7 to 10 Migration
Aug 01, 2019