How can I view information for domain groups from the command line with just core Windows utilities?

The old NET command still has limitations from the Windows NT era that it was created in. To handle longer names you're better off using the various ds... commands dsquery, dsmod, etc, or third-party tools like adfind. You won't have name length limitations there.

Edit:

The ds tools are standalone EXEs that, while present in RSAT, can be freely copied around. Even so, because I want to honor the spirit of your request, here's a Powershell script that relies on the ADSI interface (present in Windows w/o requiring RSAT to be installed-- it's a base OS component) that will enumerate the membership of a group.

# iADSNameTranslate constants
$ADS_NAME_INITTYPE_GC = 3
$DISTINGUISHEDNAME = 1
$DOMAINSIMPLE = 5
$UNKNOWN = 8

if ($args.count -ne 1) { "`nUsage: ./GroupEnum.ps1 <DOMAIN\groupName>`n"; Exit; }

$ns = New-Object -ComObject NameTranslate

[System.__ComObject].InvokeMember(“init”, ”InvokeMethod”, $null, $ns, ($ADS_NAME_INITTYPE_GC, $null))
[System.__ComObject].InvokeMember(“Set”, ”InvokeMethod”, $null, $ns, ($UNKNOWN, $args[0]))
$dn = [System.__ComObject].InvokeMember(“Get”, ”InvokeMethod”, $null, $ns, $DISTINGUISHEDNAME)

$Group = [ADSI]"LDAP://$dn"
if ($Group.SchemaClassName -eq "group") {
    $Group.Member | ForEach-Object { 
        $x = [ADSI]"LDAP://$_" 
        if ($x.SchemaClassName -eq "user") { $x.sAMAccountName }
    }
}

I tested this with a limited user account on a Windows 7 x64 SP1 machine w/ no RSAT installed. I tested with a group named "123456789012345678901234567890123456789012345678901234567890", as well.

There's absolutely no error checking in this script.

Adding another answer, since my current answer is based on the currently logged on user's groups...and the OP stated in a comment:

Example: "MyReallyLongDomainGroupName" is a member of the local Admins group. So, who has admin access to the system? Or "AnotherVerboseDomainGroupName" is in some file share permissions - who has access to that share?

So here you go...I tested this from a regular user's account on a Win7 workstation:

From the RUN line (win+R)

Rundll32 dsquery.dll OpenQueryWindow

That should pop up an AD query window where you can then find the group in question...double click the group...and see the users in the group.

You could use Powershell.

Get-ADGroup -Filter '*'
Get-ADGroup -Filter '*' | Select-Object Name

The first just print a bunch of details on the groups. The second prints only their names.

EDIT: If ActiveDirectory module is available only through RSAT, then here's a .net solution.

$dn = New-Object System.DirectoryServices.DirectoryEntry("LDAP://WM2008R2ENT:389/dc=dom,dc=fr","Username","PWD")
$dsLookFor = new-object System.DirectoryServices.DirectorySearcher($dn)
$dsLookFor.Filter = "(&(objectCategory=group))"; 
$dsLookFor.SearchScope = "subtree"; 
$n = $dsLookFor.PropertiesToLoad.Add("cn"); 
$n = $dsLookFor.PropertiesToLoad.Add("distinguishedName");
$n = $dsLookFor.PropertiesToLoad.Add("sAMAccountName");

$lstUsr = $dsLookFor.findall()
foreach ($usrTmp in $lstUsr) 
{
  Write-Host $usrTmp.Properties["samaccountname"]
}

OK, so knowing you want NON-RSAT tools from a domain computer that isn't your workstation, then I'll make an assumption that you are wanting to figure out the groups that the user on that workstation is a member of.

IF that's the case there's a few options I can think of:

1. you can run WHOAMI /GROUPS
2. You can run mstsc and rdp into your workstation or a DC and use normal tools
3. You could run gpresult /R /SCOPE USER

All of these of course require that you are on the domain with the computer able to query a DC.

Hope that helps...best I can think of at the moment.