Using DSquery to find member of in AD


Recommended Posts

I think you want to use dsget. but I don't think it will do what you are looking for. what you want are two different things. One is to scan active directory for group membership the other is to scan folders for directory accessability/permissions. This is where network design really comes into play and understanding how to build one. It sounds as if you are taking over someone elses mess and trying to figure it out, all I can say is get your clicker going. Take a look at what is being shared. You can use the perms command to be able to see what permissions x user has over the computer/server. perms is part of the 2003 resource kit which is free to dl from microsoft.

There is probably a third party tool that has the capability you are looking for, and it will more than likely cost.

How I would do it is look at the groups, find out the members of each group, find out what these members need access to. Look at the shares, see who has access to each share (this can be done by right clicking on my computer and clicking on manage, going into shared folders, then going into shares you can easily see all of the shares on one computer and you can easily manage the shares from here). It is a lot of work, but so is reading a text file and figuring out how to create said text file. Bottom line, it isn't easy, I have done this hundreds of times over (taking over a mess).

you need to pipe your commands... try something like this

dsquery user -name "*UserName*" | dsget user -memberOf

what this will do it query AD for a specific user and take the output of that and list what groups the user is a member of.

if you do dsget user /? it will give you everything you can get about the user as well.

Hope that helps

I think point sc302 was trying to make - is sure you can find the group memberships of a user, but that is not going to tell you where those groups have permissions or what they are, etc.

You might want to check out

http://technet.microsoft.com/en-us/sysinternals/bb664922.aspx

and

http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx

  On 23/06/2010 at 16:12, BudMan said:

I think point sc302 was trying to make - is sure you can find the group memberships of a user, but that is not going to tell you where those groups have permissions or what they are, etc.

You might want to check out

http://technet.microsoft.com/en-us/sysinternals/bb664922.aspx

and

http://technet.microsoft.com/en-us/sysinternals/bb897332.aspx

was I not clear on that?

No you were clear, atleast to me - but I took it as the other poster did not catch the meaning of your post, atleast he made no mention that group membership will not give him what I took as what the user was after.

"permissions, directory access, groups etc."

This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
  • Posts

    • Dude, if that's all your mom does on her computer, then Linux is perfect for her. Your mom is the ideal Linux user, believe it or not. I personally recommend Linux Mint Cinnamon, as it's very Windows-like in terms of UI and UX. https://linuxmint.com/edition.php?id=319 Just pick any mirror and away you go. You can try it as a live image before installing it to see if your mom will actually like it.
    • Even Edge on Android supports extensions like AdGuard and uBlock and it has its own ad blocked integrated as well. Google Chrome is actually the worst mobile browser if you're worried about ads and privacy.
    • I mentioned cable service one pays for yet you still see ads. What's the difference if it's a service or a device? Sure cable and streaming services are optional but your not watching a whole lot in the way of content on your TV without them. No one is required to use Apple Pay/Wallet and the fact it can't be uninstalled is not really relevant to anything. It was mentioned a setting is coming to disable those ads even if one is using the free service. As far as I know those disclaimers are in the end user agreement. No one reads them. LOL It could be a pop-up message but most would just "click" past it. Regardless, everyone already knows they will see ads on their devices at some point and should not be surprised. There is a lot of intrusive advertising out there. Just walk outside your house and go anywhere and your eyes will be assaulted with ads. That is something I wish would be regulated more. TBH I see zero ads on my PCs (Linux and ad-blockers FTW!) and ads on my phone and tablet are very limited. One ad from Apple Pay/Wallet (that I have not seen on my iPad) is not even making my top 100 concerns.
    • Until robo taxis are like "johny cab" in the movie "Total Recall"...I'll pass.
    • I have Windows 11 on only one machine; it will stay that way for the foreseeable future. (Windows Vista and Windows 10 are the predominant operating systems on these machines).
  • Recent Achievements

    • Reacting Well
      pelaird earned a badge
      Reacting Well
    • Mentor
      The Werewolf went up a rank
      Mentor
    • First Post
      Myriachan earned a badge
      First Post
    • Week One Done
      DrRonSr earned a badge
      Week One Done
    • Week One Done
      Sharon dixon earned a badge
      Week One Done
  • Popular Contributors

    1. 1
      +primortal
      600
    2. 2
      ATLien_0
      213
    3. 3
      +FloatingFatMan
      165
    4. 4
      Michael Scrip
      151
    5. 5
      Som
      148
  • Tell a friend

    Love Neowin? Tell a friend!