I was looking for a script to list all the users in subgroups of a group in Active Directory. The directory structure is like this:
MainGroup---SubGroup1---User1 | | | -User2 | -SubGroup2---User3 | -User4
There are about 10 sub groups in the main group. Each subgroup has 10 to 20 users accounts. I just wanted to get a list of these user accounts’ SAMIDs. There are some articles about how to accomplish something similar to this using Powershell or other programming languages. Those examples are often complicated, and they are not exactly what I want.
I tried to do this in command prompt using the Directory Service command line tools on Windows server 2008. After some trial and error, I came up with this one-liner.
dsquery group -name MainGroup | dsget group -members | dsget group -members | dsget user -samid
If it suits your preference, you can also redirect the output to a file for further processing. You achieve this by adding ” > samid-list.txt” to the end of the command. The resul ts will be saved in a txt file called samid-list.txt. The command line tools (dsquery, dsget) are also available on Windows server 2003 and Windows 7.