Recipe16.14.Viewing a User s Group Membership

Previous page
Table of content
Next page

Recipe 16.14. Viewing a User's Group Membership

Problem

You want to view a user's group membership.

Solution

Using a graphical user interface

  1. Open the ADUC snap-in.

  2. In the left pane, right-click on the domain and select Find.

  3. Select the appropriate domain beside In.

  4. Type the name of the user beside Name and click Find Now.

  5. In the Search Results, double-click on the user.

  6. Click the Member Of tab.

  7. To view all indirect group membership (from nested groups), you'll need to double-click on each group.

Using a command-line interface

The following command displays the groups <UserDN> is a member of. Use the -expand switch to list nested group membership as well:

> dsget user <UserDN> -memberof [-expand]

Using VBScript
' This code displays the group membership of a user. ' It avoids infinite loops due to circular group nesting by  ' keeping track of the groups that have already been seen. ' ------ SCRIPT CONFIGURATION ------ strUserDN = "<UserDN>"  ' e.g., cn=jsmith,cn=Users,dc=rallencorp,dc=com ' ------ END CONFIGURATION ---------       set objUser = GetObject("LDAP://" & strUserDN) Wscript.Echo "Group membership for " & objUser.Get("cn") & ":" strSpaces = "" set dicSeenGroup = CreateObject("Scripting.Dictionary") DisplayGroups "LDAP://" & strUserDN, strSpaces, dicSeenGroup       Function DisplayGroups ( strObjectADsPath, strSpaces, dicSeenGroup)          set objObject = GetObject(strObjectADsPath)    WScript.Echo strSpaces & objObject.Name    on error resume next ' Doing this to avoid an error when memberOf is empty    if IsArray( objObject.Get("memberOf") ) then       colGroups = objObject.Get("memberOf")    else       colGroups = Array( objObject.Get("memberOf") )    end if        for each strGroupDN In colGroups       if Not dicSeenGroup.Exists(strGroupDN) then          dicSeenGroup.Add strGroupDN, 1          DisplayGroups "LDAP://" & strGroupDN, strSpaces & " ", dicSeenGroup       end if    next       End Function

Discussion

The memberOf attribute on user objects is multivalued and lists the distinguished names for the groups of which the user is a member. memberOf is actually linked with the member attribute on group objects, which holds the distinguished names of its members. For this reason, you cannot directly modify the memberOf attribute; you must modify the member attribute on the group instead.

The primary group of a user, which the user is technically a member of, will not be shown in either the CLI or VBScript solutions. This is because the primary group is not stored in the memberOf attribute like the rest of the groups.

See Also

Recipe 16.13


Previous page
Table of content
Next page
Windows Server Cookbook
Windows Server Cookbook for Windows Server 2003 and Windows 2000
ISBN: 0596006330
EAN: 2147483647
Year: 2006
Pages: 380
Authors: Robbie Allen
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
Inside Network Security Assessment: Guarding Your IT Infrastructure
Metrics and Models in Software Quality Engineering (2nd Edition)
Managing Enterprise Systems with the Windows Script Host
Cisco IOS Cookbook (Cookbooks (OReilly))
After Effects and Photoshop: Animation and Production Effects for DV and Film, Second Edition
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy