Active Directory: Find out which users belong to a Group Policy Object

Solution 1:

Group Policies and groups are two completely different things.
And yes, I know the names are misleading.

A Group Policy Object is a set of policies linked to one or more Organizational Units in Active Directory; they will affect all computer and/or users in that container and below (there are exceptions, but this is the core concept).

A group is, just like the name implies, a collection of users, computers or other groups; it can be located anywhere in AD, and its members also can be located anywhere. It's mainly used for security, because assigning permissions to a group is a lot easier than doing the same for each individual user (but it can also act as a mail distribution list where Exchange is in use).

To manage Groups Policies, you use the Group Policy Management Console.

To manage groups (or users, or computers, or Active Directory in general) you use Active Directory Users and Computers.

If you need to check who is member of a given group, ADUC is the right tool to use; GPMC will not tell you anything about that, because it's not its job.

ADUC is always present on Domain Controllers, and can be installed on Windows Server systems as a feature (part of AD DS Tools).

If you want to use it on a client system, you'll need to install Remote Server Administration Tools.


Addendum: the net group command applies to groups, which as I said above are different from GPOs. It doesn't make any sense to run net group my_gpo.