Script to extract all the membership of a user via command prompt using DSQUERY & DSGET

7/23/2012 , 0 Comments

Below script will extract group membership of a given user from AD. 

Copy this below code to notepad and save it as .bat file and run from the domain controller. 

When you run it, this script will ask you the type the given name (note this is not the username). After you type the given name of the user you want to extract the "member of " it will create a temp1.txt file on desktop.  This text file will have all the list of security/distribution group a given user belong to.

@echo off
cd %userprofile%\Desktop\
Set /P _username=Please Enter the given name of the user(eg. John Doe) :
dsquery user -name "%_username%" | dsget user -memberof >>temp.txt
setLocal EnableDelayedExpansion
for /f "tokens=1,2 delims=,=" %%A in (temp.txt) do echo %%B >> temp1.txt
DEL temp.txt

Feel free to improve upon this and post it via the comment box.