Jump to content
bourny

Query AD Computer groups

Recommended Posts

bourny

I have ran many AD queries in the past using some of the AD functions and includes I found on the forum.

I am trying to now query AD for a list of groups a computer account is a member of. This seems to be defying me,

Can anyone suggest the best way to return a list of groups a computer account is a member of.

Share this post


Link to post
Share on other sites
JLogan3o13

Hi, bourny. It sounds like you're already using the If you take a look at the different functions of the latest UDF, I believe the _AD_RecursiveGetMemberOf function will do what you would like.


√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites
bourny

Thanks, That worked fine. Does not return anything if there is just the Domain computers group but returns any additional groups. Had tried the _AdIsMemberOf and _AdGetUserGroups

Thanks for the time you spent looking at this for me.

Share this post


Link to post
Share on other sites
water

_AD_GetUserGroups should have worked too. If you pass the computer name as SamAccountName you have to add a dollar sign at the end.

$aUser = _AD_GetUserGroups(@ComputerName & "$")
This returns a list of groups the computer is an immediate member of.

To get a recursive list of group membership use _AD_RecursiveGetMemberOf.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-10-19 - Version 1.4.10.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-09-01 - Version 1.3.4.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites
amphoric

How would i use 

$aUser = _AD_GetUserGroups(@ComputerName & "$")

But only show the 'CN' within a list box, not the entire string.

 

Thanks

Share this post


Link to post
Share on other sites
water

_AD_GetuserGroups always returns the FQDN of the group.
But you could use _AD_GetObjectsInOU to query all groups where @ComputerName & "$" is a member and let the function return the Displayname of the group.
Example:

 

Edited by water

My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-10-19 - Version 1.4.10.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-09-01 - Version 1.3.4.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites
amphoric

Thanks Water,

Im struggling to get this to work :/... Could you please give me an example of what the code might be?

I have the following code to bring back all groups within a certain OU, but unsure how I can specify only for a certain ComputerName and bring back the results from the certain OU.

_ad_GetObjectsInOU($sOU , '(&(ObjectsCategory=group) (distinguishedName=*))', 2, "CN")

Cheers

Share this post


Link to post
Share on other sites
water

Example for the current user:

#include <AD.au3>
_AD_Open()
Global $sCN = _AD_SamAccountNameToFQDN(@Username)
Global $aResult = _AD_GetObjectsInOU("", "(&(objectClass=group)(member=" & $sCN & "))", 2, "cn")
_AD_Close()
_ArrayDisplay($aResult)

 


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-10-19 - Version 1.4.10.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-09-01 - Version 1.3.4.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites
amphoric

Ahh perfect! You hero! 

I have got it working now :) thank you very much for your help!!!

How would i specify it to only check within a single OU though?

Thanks

Share this post


Link to post
Share on other sites
water

Specify the OU to check as parameter 1.


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-10-19 - Version 1.4.10.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-09-01 - Version 1.3.4.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites
amphoric

ahh obviously!!! haha my bad

Thanks again Water :)

Share this post


Link to post
Share on other sites
water

:)


My UDFs and Tutorials:

Spoiler

UDFs:
Active Directory (NEW 2018-10-19 - Version 1.4.10.0) - Download - General Help & Support - Example Scripts - Wiki
OutlookEX (2018-09-01 - Version 1.3.4.0) - Download - General Help & Support - Example Scripts - Wiki
ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts
PowerPoint (2017-06-06 - Version 0.0.5.0) - Download - General Help & Support
Excel - Example Scripts - Wiki
Word - Wiki
 
Tutorials:

ADO - Wiki

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×