Using the DSGET Active Directory command-line tool, I have scripted SAMIDGrpMbrs.bat to retrieve the members of a domain group.

The syntax for using SAMIDGrpMbrs.bat is:

\[call\] SAMIDGrpMbrs GroupID

Where GroupID is the sAMAccountName (SAMID) of the group.

To process the output in a script:

for /f "Tokens=1* Delims=;" %%a in ('SAMIDGrpMbrs GroupID') do (
set UserDN=%%a
set UserSAMID=%%b
NOTE: Imbedded domain groups are recursively expanded to arrive at a complete set of domain members.

NOTE: SAMIDGrpMbrs.bat usesĀ  DNGrpMbrs.bat.

SAMIDGrpMbrs.bat contains:

@echo off
if \{%1\}==\{\} @echo Syntax: SAMIDGrpMbrs GroupID&goto :EOF
setlocal enabledelayedexpansion
set samid=%1
set samid=%samid:"=%
set qry=dsquery * domainroot -filter "(&(objectCategory=Group)(objectClass=group)(sAMAccountName=%samid%))" -attr distinguishedName -Limit 0
for /f "Skip=1 Tokens=*" %%g in ('%qry%') do (
set grp="%%g"
set grp=!grp: =!
call DNGrpMbrs !grp!