Get user's non-truncated Active Directory groups from command line

get-user mailbox
get-aduser
get list of active directory users powershell
get-msoluser
get-azureaduser
get user wordpress
set-user
get-aduser samaccountname

I often use the net user command to have a look at AD groups for a user:

net user /DOMAIN <username>

This works well, however the group names are truncated to around 20 characters. And in my organization, most group names are much longer than this.

Does anyone know of a way to get non-truncated AD groups through the command line?

You could parse the output from the GPRESULT command.

Get-ADUser, You can get the user information for the signed-in user by replacing /users/{id | userPrincipalName} with /me . Request. HTTP; C#; JavaScript  get-user [--user-name <value>] [--cli-input-json <value>] [--generate-cli-skeleton <value>] --user-name (string) The name of the user to get information about. This parameter is optional. If it is not included, it defaults to the user making the request. This parameter allows (through its regex pattern ) a string of characters consisting of

GPRESULT is the right command, but it cannot be run without parameters. /v or verbose option is difficult to manage without also outputting to a text file. E.G. I recommend using

gpresult /user myAccount /v > C:\dev\me.txt--Ensure C:\Dev\me.txt exists

Another option is to display summary information only which may be entirely visible in the command window:

gpresult /user myAccount /r

The accounts are listed under the heading:

The user is a part of the following security groups
---------------------------------------------------

Get a user, get-user¶. Description¶. Retrieves information about the specified IAM user, including the user's creation date, path, unique ID, and ARN. Retrieve list of users matching criteria. (array) (Optional) Arguments to retrieve users. See WP_User_Query::prepare_query (). for more information on accepted arguments. (array) List of users. A basic example to display all subscribers in an unordered list. // Array of WP_User objects. An example using the ‘search’ field.

A little stale post, but I figured what the heck. Does "whoami" meet your needs?

I just found out about it today (from the same Google search that brought me here, in fact). Windows has had a whoami tool since XP (part of an add on toolkit) and has been built-in since Vista.

whoami /groups

Lists all the AD groups for the currently logged-on user. I believe it does require you to be logged on AS that user, though, so this won't help if your use case requires the ability to run the command to look at another user.

Get-User, GetUser. PDF. Retrieves information about the specified IAM user, including the user's creation date, path, unique ID, and ARN. If you do not specify a user name​  The Get-ADUser cmdlet gets a user object or performs a search to retrieve multiple user objects. The Identity parameter specifies the Active Directory user to get. You can identify a user by its distinguished name (DN), GUID, security identifier (SID), Security Accounts Manager (SAM) account name or name. You can also set the parameter to a user object variable, such as $&lt;localUserObject&gt

Or you could use dsquery and dsget:

dsquery user domainroot -name <userName> | dsget user -memberof

To retrieve group memberships something like this:

Tue 09/10/2013 13:17:41.65
C:\
>dsquery user domainroot -name jqpublic | dsget user -memberof
"CN=Technical Support Staff,OU=Acme,OU=Applications,DC=YourCompany,DC=com"
"CN=Technical Support Staff,OU=Contosa,OU=Applications,DC=YourCompany,DC=com"
"CN=Regional Administrators,OU=Workstation,DC=YourCompany,DC=com"

Although I can't find any evidence that I ever installed this package on my computer, you might need to install the Remote Server Administration Tools for Windows 7.

get-user, Parameter name, Value, Description. Path parameters. userKey, string, Identifies the user in the API request. The value can be the user's  Interested in functions, hooks, classes, or methods? Check out the new WordPress Code Reference!

Use Powershell: Windows Powershell Working with Active Directory

Quick Tip – Determining Group AD Membership Using Powershell

GetUser, GetUser takes as input the eBay user ID for the user whose data you want to review, or the item ID of a successfully concluded listing in which the requestor and  Get-User -Filter "distinguishedName -like 'CN=*,OU=This-one,OU=OU,DC=domain,DC=local'" Failing that the get-aduser cmd-let allows you to set the scope of the search

Users: get | Directory API, Apps using older versions of the API can get this field until January 8, 2019. Apps installed by the User on or after May 1st, 2018, cannot get this field. Deprecated. Get-ADUser gets a user object or performs a search to retrieve multiple user objects. The -Identity parameter specifies the AD user to get. Identify a user with a distinguished name (DN), GUID, security identifier (SID), Security Accounts Manager (SAM) account name or name.

GetUser - API Reference - Trading API, /users/{userId}. A Zoom account can have one or more users. Use this API to view information of a specific user on a Zoom account. Scopes: user:read:admin  This method of matching users to SIDs will only show those users who are logged in or have logged in and switched users. To continue to use the registry method for determining other user's SIDs, you'll need to log in as each user on the system and repeat these steps.

Graph API User, A Zoom account can have one or more users. Use this API to view information of a specific user on a Zoom account. Scopes: user:read:admin user:read. Rate Limit Label: Light. Note: If a user's status is pending, only `id` and `created_at` fields will be returned. The value of `created_at` will be the time at which the API call was made until the

Comments
  • Based on the date of this question, I'd guess that the 20 character truncation is no longer a thing as running that command returned groups with larger names. The answer below whoami /groups is also a good one. But it only lists the currently logged in user's groups. Impersonation and slick programming could get around that though ;)
  • Ran it for a user on domain at my org; 20 character truncation is still an issue.
  • Good question, Aguado!
  • Without an example this is a useless answer
  • But it is the correct useless answer... apparently.
  • It doesn't show the AD groups. It shows a LOT of other stuff, but not the AD groups.
  • Guys, at the time (asked, and answered in 2009), this may have been the only way to actually do what the OP needed. Notice he mentions truncation after 20 characters in the group name.
  • @RichardBarker: Truncation is still happening with NET USER in 2019.
  • This one should be the answer
  • If you are looking for a specific string you can use findstr instead of redirecting output to a file and then searching the file. For example, gpresult /user myAccount /r | findstr mySearchString.
  • When I run this for my user account, it's great and I can see the security groups. When I run it for another user account, command returns: The user "userNameHere" does not have RSOP data.
  • I have been using WhoAmI to get my username for a very long time only to realize TODAY that you can do much more with it! Thank you.