Check AD group membership without being on domain

[kor]

Please guys don't take the easy road and just link me to that adfunction thread. I've already been through it. Those functions only work if you are ALREADY on a domain.

I need to query active directory and check group membership for a user but need to do it without already being on the domain.

I have managed to check if an AD username and password are correct without being on the domain by cheating and using a netdom query command, but nothing I can find in netdom will allow me to check group memberships. Any help?

[PsaltyDS]

Please guys don't take the easy road and just link me to that adfunction thread. I've already been through it. Those functions only work if you are ALREADY on a domain.

I need to query active directory and check group membership for a user but need to do it without already being on the domain.

I have managed to check if an AD username and password are correct without being on the domain by cheating and using a netdom query command, but nothing I can find in netdom will allow me to check group memberships. Any help?

Do you have an account/password with permission to the domain to do this? You just need to use those credentials to connect to the domain and get the info.

If you don't have such an account, then you aren't supposed to be able to see the details of the domain, and I hope you either find no way around it, or that hole gets patched soon.

[kor]

No, I am providing the script a valid AD username and password to check with.

However, here is the basics of the script that I need.

input username

input password

Check AD by using netdom command to see if the ad username and password are valid

If yes, continue

If no, ask again

^^^^ Done (all of that is done)

Now I need to take that valid AD username and password and see what groups it is apart of

Check AD to see what groups the AD user is a part of

If part of GroupX, Continue,

If not, error message then exit