I would like to find\create a command to list all user accounts with all details on a Windows Domain Controller (Server 2012 R2) from a specified group.
Using "net users" would be perfect, but I have no idea how to do output of this command for all users in one action (i.e. I need to write this command for each user separately if I want to get to know details).
If there is no way to use "Net users" then
WMIC USERACCOUNT
would be nice too. But I also need to get information from the specified group (Enterprise Admins, Domain Admins etc.).
I know that I can use PowerShell, but I'm trying to find a solution for CMD
.
Best Answer
You can just use PowerShell within a batch script to run the needed logic in cmd to get the best of both worlds. I placed a simple example below that you just change the
GroupName
variable value to be the group which you need to query and it will provide you a list of the members of that group in cmd just as you expect.Since you said you are running this on a domain controller, just use Get-ADGroupMember and get the task done with simple ease while using cmd as you desire.
Batch Script (members of a group only)
Note: Add the
-Recursive
switch to get members of other nested group members if applicable.Output Example
Furthermore, if you need to get more than just the group members of the group you query, you can save that detail to a variable and then pipe that variable array object over to a ForEach-Object loop and then iterate over the Get-ADUser and pull out the specific properties from there as needed.
Batch Script (group members plus other detail)
Output Example
Further Resources
Get-ADGroupMember
Get-ADUser
ForEach-Object
Format-List