Home / server / Questions / 639326
Accepted
Mikhail
Asked: 2014-10-24 23:59:24 +0800 CST

How can I quickly check number of groups in my domain?

  • 772

Probably this is simplistic question but it seems that off the top of my head I have no idea how to do this. How can I get number of groups in my domain? In all domains within the forest? What is the easiest way to do it? I understand that that writing some script is an option but just checking if there is easier way to do this without reinventing the wheel...

active-directory

1 Answers

  1. Best Answer

    You can skin this cat a few different ways.

    From a domain member computer run the command net group /domain | clip and a list of all the Global and Universal Security Groups in the domain of the logged-on user. A net localgroup /domain | clip will give you all the Domain Local Security Groups. The legacy net command won't interact with the Global Catalog. In a single domain environment that's fine, but in a multi-domain environment you'll need to use other tools.

    The dsquery tool can query the global catalog. Running the command dsquery group forestroot -gc -limit 0 | clip will return all the Security Groups from all domains in the forest. Unlike the net command, the dsquery command is typically only available on servers, making it slightly more inconvenient to run.

    You could use an LDAP query tool to perform a subtree query of the forest root of the Global Catalog looking for objects with an objectCategory set to group as another viable solution.

    • 3