Varonis debuts trailblazing features for securing Salesforce. Learn More

Varonis named a Leader in The Forrester Wave™: Data Security Platforms, Q1 2023

Read the report
Blog / Active Directory

How Can I Find Out Which Active Directory Groups I’m a Member Of?

1 min read
Last updated Jun 30, 2022

Contents

    The ability to administer and maintain up-to-date user lists and groups is critical to the security of an organization.

    Using the GUI

    There are a number of different ways to determine which groups a user belongs to. First, you can take the GUI approach:

    1. Go to “Active Directory Users and Computers”.
    2. Click on “Users” or the folder that contains the user account.
    3. Right click on the user account and click “Properties.”
    4. Click “Member of” tab.

    Using the Command Line

    Not so fun clicking around, is it? How about some command line options?

    1. Open up a command promt (cmd.exe or PowerShell)
    2. Run: gpresult /V

    You’ll get output that looks like this (I’ve truncated it to only include the group info):

    output

    You could also run whoami /groups to get similar info. This command will also list distribution groups and nesting (i.e., if you’re in Group A which is itself a member of Group B, it’ll display Group B).

    Not satisfied yet?  Try net user [username] domain as yet another option.

    The Bigger Question

    As you can see, there are plenty of ways to ascertain Active Directory group membership, manually and programmatically. But the question that almost always goes unanswered is: “What exactly does this group give access to?”

    This is an especially tricky question to answer when you have poorly named groups, but even with pristine group names, mistakes are made and you’ll almost always find that groups give unwarranted access to data.

     

    You found your group member, now what?

    Varonis can find, model and automatically fix AD group and permission issues. Reach out to make your admin life easier.

    What you should do now

    Below are three ways we can help you begin your journey to reducing data risk at your company:

    1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
    2. Download our free report and learn the risks associated with SaaS data exposure.
    3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Twitter, Reddit, or Facebook.
    Michael Buckbee
    Michael Buckbee

    Michael has worked as a sysadmin and software developer for Silicon Valley startups, the US Navy, and everything in between.

    Free Data Risk Assessment

    Join 7,000+ organizations that traded data darkness for automated protection. Get started in minutes.

    Get a risk assessment View sample