Share via


Find Groups in Which a User is a Member

Applies To: Windows Server 2008

There is no minimum group membership required to complete this procedure.

Finding a groups in which a user is a member

  • Using the Windows interface

  • Using a command line

To find groups in which a user is a member using the Windows interface

  1. To open Active Directory Users and Computers, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.

  2. In the console tree, click Users.

    Where?

    • Active Directory Users and Computers/domain node/Users

    Or, click the folder that contains the user account whose group membership you want to view.

  3. In the details pane, right-click a user account, and then click Properties.

  4. Click the Member Of tab.

Additional considerations

  • Performing this task does not require you to have administrative credentials. Therefore, as a security best practice, consider performing this task as a user without administrative credentials.

  • Another way to open Active Directory Users and Computers is to click Start, click Run, and then type dsa.msc.

  • The Member Of tab for a user displays a list of groups in the domain in which the user's account is located. Active Directory Domain Services (AD DS) does not display groups that reside in trusted domains where the user is a member.

Additional references

To find groups in which a user is a member using a command line

  1. To open a command prompt, click Start, click Run, type cmd, and then click OK.

  2. Type the following command, and then press ENTER:

dsget user <UserDN> -memberof
Parameter Description

-memberof

Specifies group membership.

<UserDN>

Specifies the distinguished name of the user object for which you want to display group membership.

To view the complete syntax for this command, and for information about entering user account information, at a command prompt, type the following command, and then press ENTER:

dsget user /? 

Additional considerations

  • Performing this task does not require you to have administrative credentials. Therefore, as a security best practice, consider performing this task as a user without administrative credentials.

Additional references