bourny

Query AD Computer groups

12 posts in this topic

I have ran many AD queries in the past using some of the AD functions and includes I found on the forum.

I am trying to now query AD for a list of groups a computer account is a member of. This seems to be defying me,

Can anyone suggest the best way to return a list of groups a computer account is a member of.

Share this post


Link to post
Share on other sites



Hi, bourny. It sounds like you're already using the If you take a look at the different functions of the latest UDF, I believe the _AD_RecursiveGetMemberOf function will do what you would like.


√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites

Thanks, That worked fine. Does not return anything if there is just the Domain computers group but returns any additional groups. Had tried the _AdIsMemberOf and _AdGetUserGroups

Thanks for the time you spent looking at this for me.

Share this post


Link to post
Share on other sites

_AD_GetUserGroups should have worked too. If you pass the computer name as SamAccountName you have to add a dollar sign at the end.

$aUser = _AD_GetUserGroups(@ComputerName & "$")
This returns a list of groups the computer is an immediate member of.

To get a recursive list of group membership use _AD_RecursiveGetMemberOf.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

#5 ·  Posted

How would i use 

$aUser = _AD_GetUserGroups(@ComputerName & "$")

But only show the 'CN' within a list box, not the entire string.

 

Thanks

Share this post


Link to post
Share on other sites

#6 ·  Posted (edited)

_AD_GetuserGroups always returns the FQDN of the group.
But you could use _AD_GetObjectsInOU to query all groups where @ComputerName & "$" is a member and let the function return the Displayname of the group.
Example:

 

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

#7 ·  Posted

Thanks Water,

Im struggling to get this to work :/... Could you please give me an example of what the code might be?

I have the following code to bring back all groups within a certain OU, but unsure how I can specify only for a certain ComputerName and bring back the results from the certain OU.

_ad_GetObjectsInOU($sOU , '(&(ObjectsCategory=group) (distinguishedName=*))', 2, "CN")

Cheers

Share this post


Link to post
Share on other sites

#8 ·  Posted

Example for the current user:

#include <AD.au3>
_AD_Open()
Global $sCN = _AD_SamAccountNameToFQDN(@Username)
Global $aResult = _AD_GetObjectsInOU("", "(&(objectClass=group)(member=" & $sCN & "))", 2, "cn")
_AD_Close()
_ArrayDisplay($aResult)

 


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

#9 ·  Posted

Ahh perfect! You hero! 

I have got it working now :) thank you very much for your help!!!

How would i specify it to only check within a single OU though?

Thanks

Share this post


Link to post
Share on other sites

#10 ·  Posted

Specify the OU to check as parameter 1.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

#11 ·  Posted

ahh obviously!!! haha my bad

Thanks again Water :)

Share this post


Link to post
Share on other sites

#12 ·  Posted

:)


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2017-04-18 - Version 1.4.8.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (NEW 2017-02-27 - Version 1.3.1.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2015-04-01 - Version 0.4.0.0) - Download - General Help & Support - Example Scripts
Excel - Example Scripts - Wiki
Word - Wiki
PowerPoint (2015-06-06 - Version 0.0.5.0) - Download - General Help & Support

Tutorials:
ADO - Wiki

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now