16.14. Viewing a User's Group Membership
You want to view a user's group membership.
Using a graphical user interface
Open the ADUC snap-in.
In the left pane, right-click on the domain and select Find.
Select the appropriate domain beside In.
Type the name of the user beside Name and click Find Now.
In the Search Results, double-click on the user.
Click the Member Of tab.
To view all indirect group membership (from nested groups), you'll need to double-click on each group.
Using a command-line interface
The following command displays the groups
<UserDN> is a member of. Use the
-expand switch to list nested
group membership as well:
> dsget user
' This code displays the group membership of a user. ' It avoids infinite loops due to circular group nesting by ' keeping track of the groups that have already been seen. ' ------ SCRIPT CONFIGURATION ------ strUserDN = "<
UserDN>" ' e.g., cn=jsmith,cn=Users,dc=rallencorp,dc=com ' ------ END CONFIGURATION --------- set objUser = GetObject("LDAP://" & strUserDN) Wscript.Echo "Group membership for " & objUser.Get("cn") & ":" strSpaces = "" set dicSeenGroup = CreateObject("Scripting.Dictionary") DisplayGroups "LDAP://" & strUserDN, strSpaces, dicSeenGroup Function DisplayGroups ( strObjectADsPath, strSpaces, dicSeenGroup) set objObject = GetObject(strObjectADsPath) WScript.Echo strSpaces & objObject.Name on error resume next ' Doing this to avoid an error when memberOf is empty if IsArray( objObject.Get("memberOf") ...