Is there a way to view the members of an Active Directory group if you aren't a domain admin and can't log into to a domain controller?
Is there a way to view the members of an Active Directory group if you aren't a domain admin and can't log into to a domain controller?
Absolutely. From a computer that's a member of the domain, open a command-prompt and run a:
Unless your administrators have changed the stock permissions on the group object you will be able to view the membership that way.
You can use AD Users and Computers even if you're not an administrator, but this, at least, can be done w/o installing anything.
Well, you certainly don't have to be a Domain Admin to view the members of a group in AD - you can do it from "My Network Places -> Search Active Directory" in XP, or "Network -> Search Active Directory" in Vista/7.
However, you aren't going to be able to query for this information if you don't have access to a DC. By access here I mean a network connection - you don't need to be able to logon to a DC to get this information - as you just use the directory search tool mentioned above.
You should still be able to use Active Directory Users and Computers to see group memberships, assuming your PC is a member of the domain and you are logged in with a domain account. You just won't be able to modify said group memberships.
If not, then the domain admins have set security such that you're restricted from viewing the memberships in which case you won't be able to see memberships.
BTW - What exactly do you mean by "don't have access to the domain controller"?
EDIT: Evan Anderson is right, that you would need to install the admin tools to get AD Users & Computers.