How to List Active Directory Group Members (dsforum2wiki)

How to List Active Directory Group Members (dsforum2wiki)

Here are a few different ways to list members of an Active Directory group:

  1. Using built-in Active Directory command-line tools

    Following command will provide you first name and last name of member of a group:

    dsquery group domainroot -name groupname | dsget group -members | dsget user -fn -ln

  2. Using a filter

    The following filter returns the members of a specific group.
    You have to specify the groups distinguishedName.

    ldifde -f groupMembers.txt -r "(&(objectClass=User)(memberOf=CN=myGroup,OU=MyContainer,DC=myOrg,DC=local))" -l "sAMAccountName,givenName,sn"

  3. Using Adfind (Adfind is a free tool that you can download from www.joeware.net)

    TO RETRIEVE THE DN OF THE GROUP

    adfind -default -f "(&(objectCategory=group)(name=<GROUPNAME>))" -dsq

    or

    adfind -default -f "(&(objectCategory=group)(name=<GROUPNAME>))" -dn

    TO RETRIEVE THE PROPERTIES (givenName=firstname, sn=surname sAMAccountName, pre-w2k logon name, description=description, cn=full name, displayName=displayname) OF THE MEMBERS OF THE GROUP

    adfind -b "<DN of group>" -asq member givenName sn sAMAccountName description cn displayName

Related References

This article was derived from the forum post Active Directory Saved Query - Group Member Listing.

Leave a Comment
  • Please add 4 and 5 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Comments
  • Ed Price - MSFT edited Original. Comment: Title casing

Page 1 of 1 (1 items)
Wikis - Comment List
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Ed Price - MSFT edited Original. Comment: Title casing

Page 1 of 1 (1 items)