Get user's non-truncated Active Directory groups from command line
GPRESULT
is the right command, but it cannot be run without parameters. /v
or verbose option is difficult to manage without also outputting to a text file. E.G. I recommend using
gpresult /user myAccount /v > C:\dev\me.txt
--Ensure C:\Dev\me.txt exists
Another option is to display summary information only which may be entirely visible in the command window:
gpresult /user myAccount /r
The accounts are listed under the heading:
The user is a part of the following security groups
---------------------------------------------------
A little stale post, but I figured what the heck. Does "whoami" meet your needs?
I just found out about it today (from the same Google search that brought me here, in fact). Windows has had a whoami tool since XP (part of an add on toolkit) and has been built-in since Vista.
whoami /groups
Lists all the AD groups for the currently logged-on user. I believe it does require you to be logged on AS that user, though, so this won't help if your use case requires the ability to run the command to look at another user.
Group names only:
whoami /groups /fo list |findstr /c:"Group Name:"
Or you could use dsquery and dsget:
dsquery user domainroot -name <userName> | dsget user -memberof
To retrieve group memberships something like this:
Tue 09/10/2013 13:17:41.65
C:\
>dsquery user domainroot -name jqpublic | dsget user -memberof
"CN=Technical Support Staff,OU=Acme,OU=Applications,DC=YourCompany,DC=com"
"CN=Technical Support Staff,OU=Contosa,OU=Applications,DC=YourCompany,DC=com"
"CN=Regional Administrators,OU=Workstation,DC=YourCompany,DC=com"
Although I can't find any evidence that I ever installed this package on my computer, you might need to install the Remote Server Administration Tools for Windows 7.