Export (0) Print
Expand All

Dsget group

Updated: April 17, 2012

Applies To: Windows Server 2008

Displays the properties of a group in the directory, including its members. There are two variations of this command. The first variation allows you to view the properties of multiple groups. The second variation displays the group membership information of a single group.

Dsget is a command-line tool that is built into Windows Server 2008. It is available if you have the AD DS server role installed. To use dsget, you must run the dsget command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.

For examples of how to use this command, see Examples.

dsget group <GroupDN> [-dn] [-samid] [-sid] [-desc] [-secgrp] [-scope] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-c] [-q] [-l] [{-uc | -uco | -uci}] [-part <PartitionDN> [-qlimit] [-qused]]
dsget group <GroupDN> [{-memberof | -members}] [-expand] [{-s <Server> | -d <Domain>}] [-u <UserName>] [-p {<Password> | *}] [-c] [-q] [-l] [{-uc | -uco | -uci}]

 

Parameter Description

<GroupDN> (first variation)

Required. Specifies the distinguished names of the group objects that you want to view. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command. Compare this parameter with GroupDN in the second variation.

-dn

Displays that distinguished names of the groups.

-samid

Displays the Security Account Manager (SAM) account names of the groups.

-sid

Displays the group security IDs (SIDs).

-desc

Displays the descriptions of the groups.

-secgrp

Displays whether groups are security groups (yes) or distribution groups (no).

-scope

Displays information about whether group scopes are local, global, or universal.

<GroupDN> (second variation)

Required. Specifies the distinguished name of the group that you want to view.

{-memberof | -members}

Displays the immediate list of groups of which the group is a member (-memberof) or displays the immediate list of members of the group (-members).

noteNote
In Windows Server 2008 R2, this option will list members through both the member attribute and primaryGroupID on the users.

The list of members based on primaryGroupID will be incorrect when the group is in a remote domain. To get the correct list of members in this case, you need to include the -server option and specify a domain controller in the domain where the group is located.

-expand

For the -memberof parameter, displays the recursively expanded list of groups in which the group is a member. This option takes the immediate membership list of the group, and then also recursively expands each group in this list to determine its group memberships to arrive at a complete closure set of the groups.

For the -members parameter, displays the recursively expanded list of members of the group. This parameter takes the immediate list of members of the group and then also recursively expands each group in this list to determine its group memberships to arrive at a complete closure set of the members.

{-s <Server>| -d <Domain>}

Connects to a remote server or domain that you specify. By default, dsget connects the computer to the domain controller in the logon domain.

-u <UserName>

Specifies the user name with which the user logs on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name:

  • user name (for example, Linda)

  • domain\user name (for example, widgets\Linda)

  • user principal name (UPN) (for example, Linda@widgets.contoso.com)

-p {<Password> | *}

Specifies to use either a password or an asterisk (*) to log on to a remote server. If you type *, dsget prompts you for a password.

-c

Reports errors, but continues with the next object in the argument list when you specify multiple target objects (continuous operation mode). If you do not supply this parameter, dsget group exits when the first error occurs.

-q

Suppresses all output to standard output (quiet mode).

-l

Displays entries in a list. By default, dsget display entries in a table.

{-uc| -uco| -uci}

Specifies that dsget formats output or input data in Unicode. The following list explains each format.

  • -uc: Specifies a Unicode format for input from or output to a pipe (|).

  • -uco : Specifies a Unicode format for output to a pipe (|) or a file.

  • -uci: Specifies a Unicode format for input from a pipe (|) or a file.

-part <PartitionDN>

Connects a computer to the directory partition with the distinguished name of PartitionDN.

-qlimit

Displays the effective quota of the group within the directory partition that you specify for the -part parameter.

-qused

Displays how much of its quota a group has used in the directory partition that you specify for the -part parameter.

/?

Displays help at the command prompt.

  • If you do not supply a target object at the command prompt, dsget obtains the target object from standard input (stdin). Dsget can accept stdin from the keyboard, from a redirected file, or as piped output from another command. To mark the end of stdin data from the keyboard or in a redirected file, use the end-of-file character (CTRL+Z)..

  • Use dsget to view the properties of a specific object in the directory.

  • As a result of dsquery searches, you can pipe returned objects to dsget and obtain object properties.

  • If a value that you supply contains spaces, use quotation marks around the text, for example, "CN=USA Sales,OU=Distribution Lists,DC=Contoso,DC=Com".

  • If you supply multiple values for a parameter, use spaces to separate the values, for example, a list of distinguished names.

To display the descriptions of all groups in an organizational unit (OU) named Test whose names start with "adm," type:

dsquery group OU=Test,DC=Contoso,DC=Com -name adm* | dsget group -desc

To display the list of members, recursively expanded, of the Backup Operators group, type:

dsget group "CN=Backup Operators,OU=Test,DC=Contoso,DC=Com" -members -expand

Change History

 

Date Revision

May 9, 2011

Added notes to the description of the {-memberof | -members} parameter.

Was this page helpful?
(1500 characters remaining)
Thank you for your feedback

Community Additions

ADD
Show:
© 2014 Microsoft