Q: see all groups

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Hello,
In Active Directory, I have a Global group: Global1 and MyUser is the member.
This Global1 group is the member of a Domain Local group: DomainLocal1. Now
when I use “net user MyUser /domain� I could not see DomainLocal1 in the
list. If I put MyUser directly to DomainLocal1 group, and run command again,
I see DomainLocal1 in the list.
How can I see all the groups that a user belongs?
Thanks,
Jim.

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

You'd have to write a script that iteratively looks at all groups for a user
object, and then what groups they belong to and so forth. You could use the
memberOf back-ref attributes to do this.

It isn't as simple as simply pulling direct group membership though...



--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

"JIM.H." <JIMH@discussions.microsoft.com> wrote in message
news:A5437CBF-922C-4E72-AE86-98FA74A11601@microsoft.com...
Hello,
In Active Directory, I have a Global group: Global1 and MyUser is the
member.
This Global1 group is the member of a Domain Local group: DomainLocal1. Now
when I use "net user MyUser /domain" I could not see DomainLocal1 in the
list. If I put MyUser directly to DomainLocal1 group, and run command again,
I see DomainLocal1 in the list.
How can I see all the groups that a user belongs?
Thanks,
Jim.

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Paul Thanks,
I am already searching memberof in asp.net, is there any example for me to
check to see searching memberof back-ref. Google did not give me any result
about it.

"ptwilliams" wrote:

> You'd have to write a script that iteratively looks at all groups for a user
> object, and then what groups they belong to and so forth. You could use the
> memberOf back-ref attributes to do this.
>
> It isn't as simple as simply pulling direct group membership though...
>
>
>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
> "JIM.H." <JIMH@discussions.microsoft.com> wrote in message
> news:A5437CBF-922C-4E72-AE86-98FA74A11601@microsoft.com...
> Hello,
> In Active Directory, I have a Global group: Global1 and MyUser is the
> member.
> This Global1 group is the member of a Domain Local group: DomainLocal1. Now
> when I use "net user MyUser /domain" I could not see DomainLocal1 in the
> list. If I put MyUser directly to DomainLocal1 group, and run command again,
> I see DomainLocal1 in the list.
> How can I see all the groups that a user belongs?
> Thanks,
> Jim.
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

I was referring to memberOf. memberOf is a back-link object. That means,
that when you query it, it simply generates the values for you; it's a link.
You cannot add to it. This is what you'll need to access.

There's a good discussion of linked attributes here:
--
http://www.microsoft.com/resources/documentation/WindowsServ/2003/all/techref/en-us/Default.asp?url=/Resources/Documentation/windowsserv/2003/all/techref/en-us/W2K3TR_schem_how.asp?frame=true


And here:
--
http://www.microsoft.com/resources/documentation/windows/2000/server/reskit/en-us/default.asp?url=/resources/documentation/Windows/2000/server/reskit/en-us/distrib/dsbg_dat_dstm.asp?frame=true


--

Paul Williams

http://www.msresource.net/
http://forums.msresource.net/

"JIM.H." <JIMH@discussions.microsoft.com> wrote in message
news:F1F40214-293F-4F38-BE6D-85ABA87641AE@microsoft.com...
Paul Thanks,
I am already searching memberof in asp.net, is there any example for me to
check to see searching memberof back-ref. Google did not give me any result
about it.

"ptwilliams" wrote:

> You'd have to write a script that iteratively looks at all groups for a
> user
> object, and then what groups they belong to and so forth. You could use
> the
> memberOf back-ref attributes to do this.
>
> It isn't as simple as simply pulling direct group membership though...
>
>
>
> --
>
> Paul Williams
>
> http://www.msresource.net/
> http://forums.msresource.net/
>
> "JIM.H." <JIMH@discussions.microsoft.com> wrote in message
> news:A5437CBF-922C-4E72-AE86-98FA74A11601@microsoft.com...
> Hello,
> In Active Directory, I have a Global group: Global1 and MyUser is the
> member.
> This Global1 group is the member of a Domain Local group: DomainLocal1.
> Now
> when I use "net user MyUser /domain" I could not see DomainLocal1 in the
> list. If I put MyUser directly to DomainLocal1 group, and run command
> again,
> I see DomainLocal1 in the list.
> How can I see all the groups that a user belongs?
> Thanks,
> Jim.
>
>
>

 

[Guest]

Archived from groups: microsoft.public.win2000.active_directory (More info?)

Take a look at my memberof tool. You can find it on the free windows tools
section of my website, www.joeware.net.

joe



--
Joe Richards Microsoft MVP Windows Server Directory Services
www.joeware.net


JIM.H. wrote:
> Hello,
> In Active Directory, I have a Global group: Global1 and MyUser is the member.
> This Global1 group is the member of a Domain Local group: DomainLocal1. Now
> when I use "net user MyUser /domain� I could not see DomainLocal1 in the
> list. If I put MyUser directly to DomainLocal1 group, and run command again,
> I see DomainLocal1 in the list.
> How can I see all the groups that a user belongs?
> Thanks,
> Jim.
>