In this posting below you will find a script to get an Active Directory User's Group Memberships including nested Group Memberships:
quite a while ago I started this thread: https://www.autoitscript.com/forum/topic/193984-ad-member-of-group-in-group/
#include <AD.au3> _AD_Open() $user=_AD_SamAccountNameToFQDN("ASP") $group=_AD_SamAccountNameToFQDN("daten-Bestellung-QS_lesen") $result=_AD_IsMemberOf($group,$user,false,True) ; $Group is the 1st, $User the 2nd param ConsoleWrite('@@ Debug(' & @ScriptLineNumber & ') : $result = ' & $result & @CRLF & '>Error code: ' & @error & @CRLF) ;### Debug Console _AD_Close() this works fine, thanks for the help in the other thread.
Howto to get the "chain" of groups for nested group memberships?
In AD.AU3 I found the function _AD_RecursiveGetMemberOf(), which might be an approach, (get all the group content then sort out what's needed), just wondering if there is another function that I've overlooked, that directly would give me the "nested membership chain" *ONLY*?
from this posting of @Jos https://www.autoitscript.com/forum/topic/162005-getting-windows-users-account-type/?do=findComment&comment=1176831
I can smoothly check, if a user is a *DIRECT* group member. Has anybody some code to check also, if a user is a *INDIRECT* member of a cascaded group construct? Maybe with @Melba23 's AD UDF?
The required rights are granted to group "Dept_B" User John is member of group "Dept_A" Group "Dept_A" is member of the group "Dept_B" So in the AD / NTFS FS environment John finally has the rights of both groups But when checking his "membership to group Dept_B" the result is "no member". The approach I can think of would be, to check all Group Members of group "Dept_B" whether they are of type group, then check again if "John" is member of than " 2nd level group"
Func UserInGroup($InGroup,$ThisUser=@LogonDomain & "/" & @UserName) Local $objUser = ObjGet("WinNT://" & $ThisUser ) For $oGroup in $objUser.Groups If $oGroup.Name = $InGroup Then Return 1 EndIf Next Return 0 EndFunc Any suggestions appreciated, regards, Rudi.
I'd like to write a piece of tool that would allow me to update a certain field in our Active Directory from a comma separated csv file composed like this:
This file, automatically generated, can hold more than 10k lines.
Thus, I need column A to be in one variable, column B in a second one and column C in a third one.
I'm really missing this part as updating the AD is fairly easy once the 3 variable are populated.
I see things like this:
Here's my attempts at the moment:
#include <File.au3> #include <Array.au3> Global $csv_file = @DesktopDir & "\Book1.csv" Global $aRecords If Not _FileReadToArray($csv_file,$aRecords) Then MsgBox(4096,"Error", " Error reading log to Array error:" & @error) Exit EndIf For $x = 1 to $aRecords Msgbox(0,'Record:' & $x, $aRecords[$x]) ; Shows the line that was read from file $csv_line_values = StringSplit($aRecords[$x], ",",1) ; Splits the line into 2 or more variables and puts them in an array ; _ArrayDisplay($csv_line_values) ; Shows what's in the array you just created. ; $csv_line_values holds the number of elements in array ; $csv_line_values holds the value ; $csv_line_values holds the value ; etc Msgbox(0, 0, $csv_line_values) Next Any help on this please?
Thanks in advance