September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
6.14. Viewing a User’s Group Membership
Problem
You want to view the group membership of a user.
Solution
Using a graphical user interface
Open the Active Directory Users and Computers snap-in.
In the left pane, right-click on the domain and select Find.
Select the appropriate domain beside In.
Type the name of the user beside Name and click Find Now.
In the Search Results, double-click on the user.
Click the Member Of tab.
To view all indirect group membership (from nested groups), you’ll need to double-click on each group.
Using a command-line interface
The following command
displays the groups <UserDN> is a
member of. Use the -expand switch to list nested
group membership as well:
> dsget user <UserDN> -memberof [-expand]Using VBScript
' This code displays the group membership of a user.
' It avoids infinite loops due to circular group nesting by
' keeping track of the groups that have already been seen.
' ------ SCRIPT CONFIGURATION ------
strUserDN = "<UserDN>" ' e.g. cn=jsmith,cn=Users,dc=rallencorp,dc=com ' ------ END CONFIGURATION --------- set objUser = GetObject("LDAP://" & strUserDN) Wscript.Echo "Group membership for " & objUser.Get("cn") & ":" strSpaces = "" set dicSeenGroup = CreateObject("Scripting.Dictionary") DisplayGroups "LDAP://" & strUserDN, strSpaces, dicSeenGroup Function DisplayGroups ( strObjectADsPath, strSpaces, dicSeenGroup) set objObject = GetObject(strObjectADsPath) WScript.Echo strSpaces & objObject.Name on error resume next ' Doing this to avoid an error when ...