Using DSquery to find member of in AD

By DodgeViper
in Microsoft (Windows)

 Share

Recommended Posts

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted

I think you want to use dsget. but I don't think it will do what you are looking for. what you want are two different things. One is to scan active directory for group membership the other is to scan folders for directory accessability/permissions. This is where network design really comes into play and understanding how to build one. It sounds as if you are taking over someone elses mess and trying to figure it out, all I can say is get your clicker going. Take a look at what is being shared. You can use the perms command to be able to see what permissions x user has over the computer/server. perms is part of the 2003 resource kit which is free to dl from microsoft.

There is probably a third party tool that has the capability you are looking for, and it will more than likely cost.

How I would do it is look at the groups, find out the members of each group, find out what these members need access to. Look at the shares, see who has access to each share (this can be done by right clicking on my computer and clicking on manage, going into shared folders, then going into shares you can easily see all of the shares on one computer and you can easily manage the shares from here). It is a lot of work, but so is reading a text file and figuring out how to create said text file. Bottom line, it isn't easy, I have done this hundreds of times over (taking over a mess).

Rising Star

-Viper-

Posted
Posted

you need to pipe your commands... try something like this

dsquery user -name "*UserName*" | dsget user -memberOf

what this will do it query AD for a specific user and take the output of that and list what groups the user is a member of.

if you do dsget user /? it will give you everything you can get about the user as well.

Hope that helps

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

I think point sc302 was trying to make - is sure you can find the group memberships of a user, but that is not going to tell you where those groups have permissions or what they are, etc.

You might want to check out

http://technet.microsoft.com/en-us/sysinternals/bb664922.aspx

and

http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx

Grand Master

sc302 Veteran

Posted
  • Veteran
Posted
  On 23/06/2010 at 16:12, BudMan said:

I think point sc302 was trying to make - is sure you can find the group memberships of a user, but that is not going to tell you where those groups have permissions or what they are, etc.

You might want to check out

http://technet.microsoft.com/en-us/sysinternals/bb664922.aspx

and

http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx

was I not clear on that?

Grand Master

+BudMan MVC

Posted
  • MVC
Posted

No you were clear, atleast to me - but I took it as the other poster did not catch the meaning of your post, atleast he made no mention that group membership will not give him what I took as what the user was after.

"permissions, directory access, groups etc."

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.