Wednesday, April 2, 2014

Gather information on a domain user (including last logon time, password status, NTFS group membership) without having to use ADUC

From command prompt type:

net user /do logonname

output will be similar to:

C:\Users\username>net user /do usernameexample
The request will be processed at a domain controller for domain thdm.local

User name                    usernameexample
Full Name                    FirstnameLastname
Comment                      
User's comment
Country code                 000 (System Default)
Account active               Yes
Account expires              Never

Password last set            1/1/2014 01:26:20 AM
Password expires             2/1/2014 01:26:20 AM
Password changeable          2/2/2014 01:26:20 AM
Password required            Yes
User may change password     Yes

Workstations allowed         All
Logon script                 logon.cmd
User profile
Home directory
Last logon                   2/4/2014 7:51:17 AM

Logon hours allowed          All

Local Group Memberships
Global Group memberships     *ACCESS-EVERYTHING

The command completed successfully.