2

While easy on Linux, not as easy on Windows from what I've been able to gather so far. I've found the command that kinda does what I want which is:

net user username /domain

However I wish to strip all of the data except for the list of the groups. I think findstr may be the answer but I'm not sure of how to use this to do that. Essentially, I guess the script would do something like this (unless there is a more specific command which would be fabulous):

net user username /domain > temp.txt
findstr (or some other command) file.txt > groups.txt
del temp.txt

The output of the data would be a list like this:

group1; group2; group3

Now, I could be going about this a complicated way, so as I mentioned if there is a command that can output ONLY a user's security groups that would be fantastic.

Thanks guys!

Note: asked this on superuser but just found that this site may be more appropriate.

Smitty
  • 23
  • 1
  • 3
  • Could you please show us an example of `net user username /domain`? – quanta Oct 07 '11 at 06:08
  • Are you trying to do this in some kind of logon script (run as the user, on a workstation) or in some sort of larger automation system on a server OS (2003, 2008)? – David Oct 07 '11 at 07:39
  • I'll have to post an example of the code when I'm back at work next week but I'm performing this as an admin on a workstation with admin pack and exchange tools installed. The output includes local and global security groups as well as login information, like last time logged in if I recall correctly. It's not for a login script, essentially what it's for is sometimes we have to make 2 preexisting users match security groups which can get tedious when some have sometimes 20-30+ groups. I want to be able to output the security groups of one so I can copy/paste it into the other. – Smitty Oct 07 '11 at 11:09
  • From my VM machine, the output of `net user username / domain` is essentially the same. A copy of it can be found [here](http://justpaste.it/iwg) – Smitty Oct 07 '11 at 11:38

2 Answers2

2

Not sure if this is the type of thing you're looking for, but I did this on Windows Server 2003 (member server, not an AD DC):

dsquery user -name "My Full Name" | dsget user -memberof | dsget group -samid

This prints out the list of groups I'm a member of line by line (not separated by semicolon).

If you wanted something fancier, you could use VBScript. Let me know if you want an example of that and I can try and find something.

David
  • 3,337
  • 25
  • 20
  • I played with dsquery before but I think it had a lot of extra information that I couldn't figure out to strip. It was something like that but I don't remember piping twice. Will check it when I get the chance, will test it on my home server possibly and try it out and let you know; thanks for the help! – Smitty Oct 07 '11 at 11:11
  • You sir, are a god. I notice that the samid part removes the extra information, exactly what I wanted! :) I just tested the output now and if I manually insert the semi colon at the end of each group, it'll automatically pick up on them all. Thanks a lot! With the vbscript you mentioned though, what do you mean by "fancy"? You peaked my interest :) – Smitty Oct 07 '11 at 11:53
  • With VBScript, you could use ADSI and then format the data however you wanted very easily -- or since you have actual user and group objects, you could create the new user and apply those groups all within the script. I've done something similar before, but not in a million years. – David Oct 08 '11 at 10:59
0

You would be better off doing this as an LDAP query then using the net command http://technet.microsoft.com/en-us/library/aa996205(EXCHG.65).aspx

Or there is ADSI

http://msdn.microsoft.com/en-us/library/windows/desktop/aa772170(v=vs.85).aspx

but that could be OTT for what you are after

enterzero
  • 453
  • 6
  • 15
  • Thanks it looks really informative! In saying that though, I hate to ask for the answer on a platter so to speak but what would be the required query to pull this information? Looking at the link has somewhat overwhelmed me. I did a google search and pulled up [this](http://forums.techarena.in/active-directory/920173.htm) but the query doesn't work. – Smitty Oct 07 '11 at 06:36