Find Groups in Which a User is a Member
Applies To: Windows Server 2008
There is no minimum group membership required to complete this procedure.
Finding a groups in which a user is a member
Using the Windows interface
Using a command line
To find groups in which a user is a member using the Windows interface
To open Active Directory Users and Computers, click Start, click Control Panel, double-click Administrative Tools, and then double-click Active Directory Users and Computers.
In the console tree, click Users.
Where?
- Active Directory Users and Computers/domain node/Users
Or, click the folder that contains the user account whose group membership you want to view.
In the details pane, right-click a user account, and then click Properties.
Click the Member Of tab.
Additional considerations
Performing this task does not require you to have administrative credentials. Therefore, as a security best practice, consider performing this task as a user without administrative credentials.
Another way to open Active Directory Users and Computers is to click Start, click Run, and then type dsa.msc.
The Member Of tab for a user displays a list of groups in the domain in which the user's account is located. Active Directory Domain Services (AD DS) does not display groups that reside in trusted domains where the user is a member.
Additional references
To find groups in which a user is a member using a command line
To open a command prompt, click Start, click Run, type cmd, and then click OK.
Type the following command, and then press ENTER:
dsget user <UserDN> -memberof
| Parameter | Description |
|---|---|
-memberof |
Specifies group membership. |
<UserDN> |
Specifies the distinguished name of the user object for which you want to display group membership. |
To view the complete syntax for this command, and for information about entering user account information, at a command prompt, type the following command, and then press ENTER:
dsget user /?
Additional considerations
- Performing this task does not require you to have administrative credentials. Therefore, as a security best practice, consider performing this task as a user without administrative credentials.