domainadmins is mapped to "Domain Admins": # net groupmap list Domain Admins (S-1-5-21-3563243952-628324515-3062283235-512) -> domainadmins Domain Users (S-1-5-21-3563243952-628324515-3062283235-513) -> domainusers Domain Guests (S-1-5-21-3563243952-628324515-3062283235-514) -> domainguests smbadmin belongs to domainadmins. domainadmins have some privileges: # net -U smbadmin rpc rights list domainadmins Password: SeRemoteShutdownPrivilege but listing on smbadmin only shows privileges specifically set to smbadmin: # net -U smbadmin rpc rights list smbadmin Password: SeDiskOperatorPrivilege so, when listing users privileges this command should list also privileges of all groups he belongs, for example: # net -U smbadmin rpc rights list smbadmin Password: SeDiskOperatorPrivilege SeRemoteShutdownPrivilege (group domainadmins) SeBackupPrivilege (group domainbackups)
The command works as expected. The rights are added to the user's token at login time.