Windows – List all user accounts in a Windows Domain group via Command Line

cmd.execommand linewindows 10windows-server-2012-r2wmic

I would like to find\create a command to list all user accounts with all details on a Windows Domain Controller (Server 2012 R2) from a specified group.

Using "net users" would be perfect, but I have no idea how to do output of this command for all users in one action (i.e. I need to write this command for each user separately if I want to get to know details).

If there is no way to use "Net users" then

WMIC USERACCOUNT

would be nice too. But I also need to get information from the specified group (Enterprise Admins, Domain Admins etc.).
I know that I can use PowerShell, but I'm trying to find a solution for CMD.

Best Answer

You can just use PowerShell within a batch script to run the needed logic in cmd to get the best of both worlds. I placed a simple example below that you just change the GroupName variable value to be the group which you need to query and it will provide you a list of the members of that group in cmd just as you expect.

Since you said you are running this on a domain controller, just use Get-ADGroupMember and get the task done with simple ease while using cmd as you desire.

Batch Script (members of a group only)

Note: Add the -Recursive switch to get members of other nested group members if applicable.

@ECHO OFF

SET "GroupName=Domain Admins"
CALL :DynamicPSScriptBuild

SET PowerShellDir=C:\Windows\System32\WindowsPowerShell\v1.0
CD /D "%PowerShellDir%"
Powershell -ExecutionPolicy Bypass -Command "& '%PSScript%'"
PAUSE
EXIT /B

:DynamicPSScriptBuild
SET PSScript=%temp%\~tmp%~n0.ps1
IF EXIST "%PSScript%" DEL /Q /F "%PSScript%"
ECHO Get-ADGroupMember -Identity "%GroupName%" ^| Select-Object Name>>"%PSScript%"
GOTO :EOF

Output Example

Furthermore, if you need to get more than just the group members of the group you query, you can save that detail to a variable and then pipe that variable array object over to a ForEach-Object loop and then iterate over the Get-ADUser and pull out the specific properties from there as needed.

Batch Script (group members plus other detail)

@ECHO OFF

SET "GroupName=Domain Admins"
CALL :DynamicPSScriptBuild

SET PowerShellDir=C:\Windows\System32\WindowsPowerShell\v1.0
CD /D "%PowerShellDir%"
Powershell -ExecutionPolicy Bypass -Command "& '%PSScript%'"
PAUSE
EXIT /B

:DynamicPSScriptBuild
SET PSScript=%temp%\~tmp%~n0.ps1
IF EXIST "%PSScript%" DEL /Q /F "%PSScript%"
ECHO $m = Get-ADGroupMember -Identity "domain admins" ^| Select-Object SamAccountName>>"%PSScript%"
ECHO $m ^| %% {Get-ADUser $_.SamAccountName -Properties * ^| Select SamAccountName, DisplayName, Description, accountExpires, ScriptPath, HomeDrive ^| fl }>>"%PSScript%"
GOTO :EOF

Output Example

Further Resources

Get-ADGroupMember
Get-ADUser
ForEach-Object

Standard Aliases for Foreach-Object: the '%' symbol, ForEach
Format-List

Standard Aliases for Format-List: fl

Related Solutions

Windows – List members of a Windows group using command line

To list users, use the net user command:

net user

Your output will look something like this:

User accounts for \\LOCALHOST

-------------------------------------------------------------------------------
joeuser          administrator                   guest
The command completed successfully.

If you need a list of users in a specific group, the use net localgroup:

net localgroup Users