Administrative Tools and Scripts



This utility enables an administrator to run batch files based on the user’s group membership without scripting complex batch files.

Requirements: This tool requires Windows NT4 (with Active Directory Client), Windows 2000, Windows XP or Windows Server 2003.

Note: Active Directory Client can be downloaded from HERE

Read more about the Active Directory Client in the Active Directory Client (dsclient) for Win98/NT page.

Sponsored Content

Maximize Value from Microsoft Defender

In this ebook, you’ll learn why Red Canary’s platform and expertise bring you the highest possible value from your Microsoft Defender for Endpoint investment, deployment, or migration.

Note: If used with /r switch, MDAC must be installed. You can download MDAC from HERE


Download (18kb)

You need to extract the tool/script found in the downloaded file by using WinZip or similar.


Ingroup.exe /u  /g  [/r] [/s] [/h]

/u <’username>

(Optional) specifies the user to query. If omitted, the local user will be used.

/g <group name>

(Optional) specifies a specific group to search for.


(Optional) specifies whether to perform a recursive search or flat search. If not specified, only the group which the user is a direct member of will be returned.


(Optional) If used with /g switch, ”<domain name>’netlogon'<group name>.bat will be executed if the user is a member of the specified group.

If used without /g switch, ”<domain name>’netlogon'<group name>.bat will be executed for each group the user resides in.


(Optional) (only functional with /s switch) Specifies that the scripts should run in hidden mode.

/p <path>

(Optional) Only valid with ‘/s’ switch. Path to scripts’ directory. If omitted, the NETLOGON share will be used.


Brings up the help screen


The command returns an errorlevel of 1 if the user is a member of the specified group (when using /g switch)

When /r switch is not specified, domain local groups will not be processed. In order to process domain local groups as well, you must specify the /r switch (make sure the client computers has MDAC installed.

MDAC can be easily deployed by download the installation file to a common network location and running it with the /q switch through a startup script  using group policy.

For example:

ingroup /s /h /p ''fileserver'public'scripts

This sample would query the domain for the logged on user’s list of groups (Direct groups only). For each group returned, Ingroup will execute ”fileserver’public’scripts'<groupname>.bat in hidden mode.

Ingroup /r /g domain admins

This sample would return an errorlevel of 1 if the user is a member of the domain admins group.

Ingroup /r /s /h /g sales /p ''filesrver'public'scripts

This sample would execute ”filesrver’public’scripts’sales.bat if the current user is a member of the sales group (direct member or indirect).

Ingroup /r /s /h /g sales /u'user1

This sample would execute ”<Logonserver>’netlogon’sales.bat if’user1 is a member of the sales group (direct member or indirect).


No support of any sort will be given for this script/tool or for any other script/tool found on the website for that matter. If you need to contact us with any support issues, feedback or suggestions regarding the tool(s) and script(s) found on this page please write an e-mail to THIS address.


The software available from GanoTools is FREEWARE. It is not in the Public Domain. Asaf Ganot retains the copyright for this work. You can use it freely but do not claim it for your own or charge others money for it.

Use these tools at your own risk. They are provided for your own personal use and enjoyment and Asaf Ganot nor Daniel Petri nor do not provide any warranty for them, nor they will be held responsible for any result allegedly caused by use or misuse of any of the tools found on this page.

Back to the Tools and Scripts page.


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (0)

Leave a Reply

External Sharing and Guest User Access in Microsoft 365 and Teams

This eBook will dive into policy considerations you need to make when creating and managing guest user access to your Teams network, as well as the different layers of guest access and the common challenges that accompany a more complicated Microsoft 365 infrastructure.

You will learn:

  • Who should be allowed to be invited as a guest?
  • What type of guests should be able to access files in SharePoint and OneDrive?
  • How should guests be offboarded?
  • How should you determine who has access to sensitive information in your environment?

Sponsored by:

Live Webinar: Active Directory Security: What Needs Immediate Priority!Live on Tuesday, October 12th at 1 PM ET

Attacks on Active Directory are at an all-time high. Companies that are not taking heed are being punished, both monetarily and with loss of production.

In this webinar, you will learn:

  • How to prioritize vulnerability management
  • What attackers are leveraging to breach organizations
  • Where Active Directory security needs immediate attention
  • Overall strategy to secure your environment and keep it secured

Sponsored by: