Investigating Active Directory Users and their Groups

I’m not a Microsoft Windows administrator and I don’t play one on television, but sometimes I need the answer to when I last changed my Windows password, when it will expire, and which Active Directory (AD) groups I belong to.

Here is a command that describes an AD user. Open the Command Prompt app in Windows (either desktop or server) and enter the following:

C:\> net user [username] /domain

For example, to look up AD user dallasmarks type:

C:\> net user dallas.marks /domain

You can also investigate the current user using an environment variable:

C:\> net user %USERNAME% /domain

A potential drawback to the net user command is that long AD group names are truncated. To get around this, open up the PowerShell editor instead of the Command Prompt and type in the following:

PS C:\Windows\system32> Get-ADUser dallas.marks -property MemberOf | Select -ExpandProperty MemberOf

If the term ‘Get-ADUser’ is not recognized as the name of a cmdlet, function, script file, or operable program, you’ll need to install the RSAT (Remote Server Administration Tools) for Active Directory.

PS> Import-Module ServerManager
PS> Install-WindowsFeature -Name RSAT-AD-PowerShell

The output of Get-ADUser will list AD groups in canonical form.

What tricks do you use when working with AD users and groups?

Dallas Marks

Dallas Marks

I am an analytics and cloud architect, author, and trainer. An AWS certified blogger, SAP Mentor Alumni and co-author of the SAP Press book SAP BusinessObjects Web Intelligence: The Comprehensive Guide, I prefer piano keyboards over computer keyboards when not blogging or tweeting.

One thought on “Investigating Active Directory Users and their Groups

  1. In terms of SAP BO I cross fingers and pray -that it may end soon the AD delay – omg i am nearly a poet rhyming pray and delay – so lets stop it here: sometimes the users complain that their ad login is not working – sometimes it is only related to chrome, sometimes only for some part of the users – seems network related then.. So no panic usually it is working fine – and we have an enterprise alias for every ad user 😉

Comments are closed.