Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Properly Listing Nested Groups

Status
Not open for further replies.
netsj

netsj

Technical User
Jul 31, 2007
9
US
I have written a script that will allow me to list the local groups a domain user belongs to on a specific machine, and which AD groups a user is a member of, but have not been able to conquer the nesting to allow for a true 'audit' of group membership. Essnetially, I need a script that will, for every server in my domain, list the local groups a user is a member of both specifically and through associated group membership.

In other words; show me on every machine in my domain which groups User.Name is a member of. Then, since User.Name may also be a member of domain groups which are members of local groups, determine which domain groups that users is a member of and subsequently what local groups on the local machine that user 'inherits' access to.

Thank you in advance for your assistance.
 
Sort by date Sort by votes
You need to do what is called a recursive search.

Basically you bind to a group. Enumerate that Groups MemberOf list. Bind to each of the groups in that MemberOf list and repeat the procedure.

Do a search for recursive file list and you should find an example that lists all the sub folders in a folder. The logic is identical, you just have to replace binding to a folder with binding to a group.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Upvote 0 Downvote
there is dll from ms one of guys is using, he rates it. could i write a function to do it quicker? or handle cicrual ref,,,,i would like to think so :) it is funny the amount of ms applications which call themselves ad integrated but dont handle group nesting, does make me laugh. i am in a friends garden, 28 deg, blue sky, wine, burgers...sweet
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

fredmartinmaine
  • Locked
  • Question
Properly closing Outlook
Replies
1
Views
168
fredmartinmaine
fredmartinmaine
jaejunks
  • Locked
  • Question
[WSH] How to properly run non English scripts in English Windows?
Replies
2
Views
260
xwb
xwb
mholz24
  • Locked
  • Question
AD Groups Return to Only single Line
Replies
2
Views
61
mholz24
mholz24
m2244
  • Locked
  • Question
How to use regex and vbscript to work with nested tags
Replies
1
Views
69
Geates
Geates
damienenglish
  • Locked
  • Question
Remove All Security Groups from All Users in an OU
Replies
0
Views
42
damienenglish
damienenglish

Part and Inventory Search

Sponsor

Back
Top