Export AD groups to text file by command

export ad groups

We were faced with the problem that we needed a list of all Active Directory groups of certain users relatively quickly and wanted to export them to a file . Unfortunately, this is so easy to get out of the ” Active Directory Users and Computers ” console, let alone copy the clipboard into a text file or Excel file.

Then we looked at the different options and came across the following two options.


With the standard Windows command ” Net user ” you can list and export the AD groups relatively easily . This works with the following command:

net user USERNAME / domain> rights.txt

This command writes a lot of information about the specified user in the text file “rights.txt”, including the fields, user name, full name, description, user description, country setting, account active, account expired, last setting of the password, password expires, password changeable , Password Required, User Can Change Password, Allow Workstations, Login Script, User Profile, Home Directory, Last Login, Allowed Login Times, Local and Global Group Memberships.

The only problem is that the group memberships are not shown with the full name, but are simply cut off after 22 characters . If you usually assign longer names to your AD groups, this is only a conditional solution


The better way is through the standard Windows command dsquery query”. The additional information like the “net user” command is omitted, but the list of Active Directory groups is completely complete and visible in its entirety. The corresponding command for this is:

dsquery user -samid USERNAME | dsget user -memberof> rights.txt

All the AD rights are then listed in the file “rights.txt” , just as you requested. You can then process this list accordingly, including of course importing it into Excel.

Below we have listed other interesting reports on the topic of ” Active Directory “.

– The installation of Active Directory failed….
– Active Directory Remote administration program for Windows 7
– Delete organizational units (containers) despite protection in Active Directory
– AD Replication Status Tool (ADRS)
– Virtualize domain controller (DC) (P2V) – Part 1 (backup with UMove)