Varonis announces strategic partnership with Microsoft to accelerate the secure adoption of Copilot.

Learn more

How Can I Find Out Which Active Directory Groups I’m a Member Of?

The ability to administer and maintain up-to-date user lists and groups is critical to the security of an organization. There are a number of different ways to determine which groups...
Michael Buckbee
1 min read
Published October 9, 2014
Last updated June 30, 2022

The ability to administer and maintain up-to-date user lists and groups is critical to the security of an organization.

Using the GUI

There are a number of different ways to determine which groups a user belongs to. First, you can take the GUI approach:

  1. Go to “Active Directory Users and Computers”.
  2. Click on “Users” or the folder that contains the user account.
  3. Right click on the user account and click “Properties.”
  4. Click “Member of” tab.

Using the Command Line

Not so fun clicking around, is it? How about some command line options?

  1. Open up a command promt (cmd.exe or PowerShell)
  2. Run: gpresult /V

You’ll get output that looks like this (I’ve truncated it to only include the group info):

output

You could also run whoami /groups to get similar info. This command will also list distribution groups and nesting (i.e., if you’re in Group A which is itself a member of Group B, it’ll display Group B).

Not satisfied yet?  Try net user [username] domain as yet another option.

The Bigger Question

As you can see, there are plenty of ways to ascertain Active Directory group membership, manually and programmatically. But the question that almost always goes unanswered is: “What exactly does this group give access to?”

This is an especially tricky question to answer when you have poorly named groups, but even with pristine group names, mistakes are made and you’ll almost always find that groups give unwarranted access to data.

 

You found your group member, now what?

Varonis can find, model and automatically fix AD group and permission issues. Reach out to make your admin life easier.

What you should do now

Below are three ways we can help you begin your journey to reducing data risk at your company:

  1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
  2. Download our free report and learn the risks associated with SaaS data exposure.
  3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

last-week-in-ransomware:-week-of-august-9th
Last Week in Ransomware: Week of August 9th
This week saw the rise of a new ransomware group called BlackMatter and demonstrated even ransomware groups should worry about disgruntled employees.
9-infamous-apt-groups:-fast-fact-trading-cards
9 Infamous APT Groups: Fast Fact Trading Cards
APT groups consist of capable and elusive members who wreak havoc on their targets — learn about infamous APT groups and their MOs through “trading cards”
varonis-threat-update-#8
Varonis Threat Update #8
Emotet and Ryuk attacks are coming fast and furious, and they’re highly damaging. We’re seeing a huge surge in ransomware worldwide as criminal groups amp up their efforts to grab...
last-week-in-microsoft-teams:-week-of-november-9th
Last Week in Microsoft Teams: Week of November 9th
This week’s review covers new Power BI reporting capabilities, personal account support, and upcoming virtual user group meetings.