List all user accounts in a Windows Domain group via Command Line?
You can just use PowerShell within a batch script to run the needed logic in cmd to get the best of both worlds. I placed a simple example below that you just change the GroupName variable value to be the group which you need to query and it will provide you a list of the members of that group in cmd just as you expect.
Since you said you are running this on a domain controller, just use Get-ADGroupMember and get the task done with simple ease while using cmd as you desire.
Batch Script (members of a group only)
Note: Add the -Recursive switch to get members of other nested group members if applicable.
@ECHO OFF
SET "GroupName=Domain Admins"
CALL :DynamicPSScriptBuild
SET PowerShellDir=C:\Windows\System32\WindowsPowerShell\v1.0
CD /D "%PowerShellDir%"
Powershell -ExecutionPolicy Bypass -Command "& '%PSScript%'"
PAUSE
EXIT /B
:DynamicPSScriptBuild
SET PSScript=%temp%\~tmp%~n0.ps1
IF EXIST "%PSScript%" DEL /Q /F "%PSScript%"
ECHO Get-ADGroupMember -Identity "%GroupName%" ^| Select-Object Name>>"%PSScript%"
GOTO :EOF
Output Example
Furthermore, if you need to get more than just the group members of the group you query, you can save that detail to a variable and then pipe that variable array object over to a ForEach-Object loop and then iterate over the Get-ADUser and pull out the specific properties from there as needed.
Batch Script (group members plus other detail)
@ECHO OFF
SET "GroupName=Domain Admins"
CALL :DynamicPSScriptBuild
SET PowerShellDir=C:\Windows\System32\WindowsPowerShell\v1.0
CD /D "%PowerShellDir%"
Powershell -ExecutionPolicy Bypass -Command "& '%PSScript%'"
PAUSE
EXIT /B
:DynamicPSScriptBuild
SET PSScript=%temp%\~tmp%~n0.ps1
IF EXIST "%PSScript%" DEL /Q /F "%PSScript%"
ECHO $m = Get-ADGroupMember -Identity "domain admins" ^| Select-Object SamAccountName>>"%PSScript%"
ECHO $m ^| %% {Get-ADUser $_.SamAccountName -Properties * ^| Select SamAccountName, DisplayName, Description, accountExpires, ScriptPath, HomeDrive ^| fl }>>"%PSScript%"
GOTO :EOF
Output Example
Further Resources
Related videos on Youtube
04 : 38
07 : 40
02 : 40
![How To Manage Local Groups & Users For Windows From CMD[Command Prompt]](https://i.ytimg.com/vi/WSTlArxx0J8/hq720.jpg?sqp=-oaymwEcCNAFEJQDSFXyq4qpAw4IARUAAIhCGAFwAcABBg==&rs=AOn4CLDkf-z6-jmDK_lqG0P_5ls9kKDEfQ)
07 : 09
14 : 23
Nick
Updated on September 18, 2022Comments
-
Nick over 1 year
I would like to find\create a command to list all user accounts with all details on a Windows Domain Controller (Server 2012 R2) from a specified group.
Using "net users" would be perfect, but I have no idea how to do output of this command for all users in one action (i.e. I need to write this command for each user separately if I want to get to know details).
If there is no way to use "Net users" then
WMIC USERACCOUNTwould be nice too. But I also need to get information from the specified group (Enterprise Admins, Domain Admins etc.).
I know that I can use PowerShell, but I'm trying to find a solution forCMD. -
Nick over 5 yearsHm. Thanks! I will use PowerShell if i fail to find a solution for CMD. It seems Output is not very informative. Then i use "Net users" i gain a lot of information such as: Comment, Password last update, last logon, Global Group membership etc. I guess i have to change "Select Object name" to "Select" ?
-
Nick over 5 yearsYep. "I would like to find\create a command to list all user accounts with all details" - mb my wording was not really good.
-
Vomit IT - Chunky Mess Style over 5 years@Nick All that detail per account is....Get-ADUser "<username>" -Properties *from what I can tell with testing so you want to know the members of the group and then for each of those members you want all the detail from that command as well? -
Vomit IT - Chunky Mess Style over 5 years@Nick I just updated my answer with more detail and a small example but that's how that works and it's not that difficult either. You can expand on that and get other properties and values, put in a different format if needed, etc. Help me understand more precise what values you need and I'll see if I can help further but this is the logic you could use and getting the rest is trivial from there.
-
Vomit IT - Chunky Mess Style over 5 years@Nick Lastly, FYI in case you are interested... I've used commands such as
ldifde,dsget group, anddsquery groupfor similar purposes in the past but PowerShell is way easier and more robust. Some of those commands get long and ugly and I don't recall if it gives all the detail you require. I too was looking for a cmd solution many years ago and that's what I dug up from an old set of scripts I used in the past.... PowerShell should be the way to go for Windows Domain Admin stuff with this task I think. You can still run it via batch or cmd.exe either way. Good luck regardless!! -
user1686 over 5 yearsUnfortunately it doesn't include nested group memberships (nor even mention that the group has other groups as members, making its output actually somewhat misleading).
