Início > Active Directory, Security > Querying Active Directory Without Domain Rights

Querying Active Directory Without Domain Rights

Pingback from :

I recently discovered something which I wish I’d found years ago!  Have you ever been in the situation that you need some information regarding a certain Active Directory user or group but you don’t have access to the Active Directory Users and Computers MMC snap-in?  Read on!

The Good Old NET Command

Remember this one?  You may already have seen it in its net use form to create a mapped network drive.  Net use has even gotten a Wikipedia page dedicated to it.  But use is not its only use!

Options of the net command

Let’s look into a couple more interesting uses of this oldie.

Getting User Account Info

As you can see in the screenshot below, you can get some details on an AD user account by running the following command:

net user <account_name> /domain

The output:

Using "net user" to find AD account info

Recently I had a suspicion that a certain account at work was locked out because our nightly job crashed with a weird error.  Using this command I was indeed able to tell that the account was locked.  Can always be interesting to find out first before waking up the local sysadmin.

When an account is locked, the Account active setting will say Locked instead of Yes.

What’s also interesting here is that list of Global Group Memberships.  If you’re experiencing security issues because a certain account does not seem to have access to something while the sysadmin has ensured you that it has been added to the appropriate groups, here’s your quick way to find out for sure!

Getting AD Group Details

The following command can be used to get a list of everyone who’s part of a certain AD group:

net group <group_name /domain

The output looks like this (yes, I’ve hidden the aliases of my colleagues):

Using the "net group" command to find who belongs to the group

Again, practical when you’re troubleshooting security issues.

Stopping And Starting Services

The following command can be used to stop a service on the local machine:

net stop <service_name>

Replace “stop” with “start” to start it again.

Please note: you’ll need to run the DOS box as administrator for this to work.

Here’s me restarting my SSIS 2008 service:

Using "net stop" and "net start" to manipulate local Windows services

Can be useful to create a batch script to stop/start all you SQL Server services on your development PC, especially if you’ve got several versions installed and want all resource available to the one currently in use.  That way you can quickly switch between versions and still keep resources available for other tasks.

In case you’re not sure what the service is called, open up the list (Start > Run > service.msc > enter), double-click your service and have a look at the Service name property:

Finding out the name of a service

Finding the name of your computer

The next command can be used to find the name or your PC, plus some other details:

net config workstation

The output:

Using "net config workstation" to get your computer's name

But I actually use another really simple command for that:


Use "hostname" to get the name of your machine

Yep, as simple as that, hostname prints the name of your PC.


That’s it for this one, a couple of good uses of the long-forgotten net command.

Have fun!


  1. Ainda sem comentários.
  1. No trackbacks yet.

Deixe uma Resposta

Preencha os seus detalhes abaixo ou clique num ícone para iniciar sessão:

Logótipo da

Está a comentar usando a sua conta Terminar Sessão /  Alterar )

Google+ photo

Está a comentar usando a sua conta Google+ Terminar Sessão /  Alterar )

Imagem do Twitter

Está a comentar usando a sua conta Twitter Terminar Sessão /  Alterar )

Facebook photo

Está a comentar usando a sua conta Facebook Terminar Sessão /  Alterar )


Connecting to %s

%d bloggers like this: