Find what groups I’m in on Windows

17 September 2025

Run whoami /groups in a Windows Terminal to find out what AD (Entra) groups you’re part of.

It outputs something like this:

Group Name                                   Type             SID  Attributes
============================================ ================ ==== ==========
Everyone                                     Well-known group
PCW100100\docker-users                       Alias
BUILTIN\Performance Log Users                Alias
BUILTIN\Users                                Alias
BUILTIN\Administrators                       Alias
NT AUTHORITY\INTERACTIVE                     Well-known group
CONSOLE LOGON                                Well-known group
NT AUTHORITY\Authenticated Users             Well-known group
NT AUTHORITY\This Organization               Well-known group
LOCAL                                        Well-known group
NICECO\IntermediaryAdministrators            Group
NICECO\TPIAdministrators                     Group
NICECO\RBAC-NC-.Net-Developer                Group
NICECO\Niceco-MFA-VPN-Users                  Group
NICECO\Niceco-Local-Workstation-Admins       Group
NICECO\RBAC-NC-Testing-Lead                  Group
NICECO\Web-Tech-NC-Users                     Group
Authentication authority asserted identity   Well-known group
...

(Columns and rows snipped for brevity - PCW100100 is a machine name)

This is useful if you’re doing some Entra-based auth in a corporate env, to find out what groups you could authorise in a web app.

There’s also this other command: net localgroup

Which, as the name suggests, outputs just your machine-local groups, like this:

Aliases for \\PCW100100

-------------------------------------------------------------------------------
*Access Control Assistance Operators
*Administrators
*Backup Operators
*Cryptographic Operators
*Device Owners
*Distributed COM Users
*docker-users
*Event Log Readers
*Guests
*Hyper-V Administrators
*IIS_IUSRS
*Network Configuration Operators
*Performance Log Users
*Performance Monitor Users
*Power Users
*Remote Desktop Users
*Remote Management Users
*Replicator
*System Managed Accounts Group
*Users

That’s probably useful for something else.