Using the net user command, I have scripted GetGroups.bat to return a comma delimited string containing a domains user's local or global group membership.
The syntax for using GetGroups.bat is:
call GetGroups User L|G
Where User is the User Name (sAMAccountName) and L|G is an L if you wish to return Local group membership, or a G if you wish to return Global group membership.
The output is displayed on the console, but can be redirected to a file, or processed with a FOR command. A global membership string might look like:
"Domain Admins","accountants","Schema Admins","Enterprise Admins"
GetGroups.bat contains:
@echo off
setlocal
if \{%2\}==\{\} goto syntax
set user=%1
set gt=%2
if /i "%gt%" EQU "L" goto OK
if /i "%gt%" NEQ "G" goto syntax
:OK
set grps=
set ft=NONE
for /f "Tokens=1-3 Delims=*" %%g in ('net user %user% /domain^|find "*"') do (
set wrk=%%g#
call :group
set wrk=%%h#
call :group
set wrk=%%i#
call :group
)
@echo %grps%
endlocal
goto :EOF
:syntax
@echo Syntax: GetGroups User L^|G
endlocal
goto :EOF
:group
if /i "%wrk:~0,5%" EQU "Local" set ft=L&goto :EOF
if /i "%wrk:~0,6%" EQU "Global" set ft=G&goto :EOF
if /i "%ft%" NEQ "%gt%" goto :EOF
if "%wrk:~0,1%" EQU "#" goto :EOF
if "%wrk:~0,1%" EQU " " goto :EOF
set grp=%wrk: =%
set grp=%grp: #=%
set grp=%grp:#=%
if defined grps set grps=%grps%,
set grps=%grps%"%grp%"
0 comments
Hide comments
