User Group Membership through nested Groups

Discussion in 'Active Directory' started by Ale, Dec 4, 2008.

  1. Ale

    Ale Guest

    Hi to all,
    is there a way to retrieve the group membership through nested groups?

    I'm using the dsget command but as i read on the web there is no possibility
    to do it:
    dsget group "CN=Domain Admins,CN=Users,DC=contoso,DC=com" -members -
    expand

    Thanks in advance
    Regards
     
    Ale, Dec 4, 2008
    #1
    1. Advertisements

  2. Ale

    Marcin Guest

    Ale,
    try adfind from joeware.net. Assuming you are running Windows Server 2003
    SP2 or later, the following should be able to give you what you need:
    :
    adfind -b dc=contoso,dc=com -s subtree -f
    "(&(objectClass=user)(objectCategory=Person)
    (memberOf:1.2.840.113556.1.4.1941:=cn=Domain
    Admins,cn=Users,dc=contoso,dc=com))"

    For more info, refer to
    http://dunnry.com/blog/TransitiveLinkValueFilterEvaluation.aspx

    hth
    Marcin
     
    Marcin, Dec 5, 2008
    #2
    1. Advertisements

  3. Ale

    Ale Guest

    Hi Marcin,

    thanks for the suggestion but the problem is still the same.
    I can't retrieve the users with the Domain Admins group set as "Primary
    Group".
    Is there way to workaround this problem?

    Thanks
     
    Ale, Dec 5, 2008
    #3
  4. Jorge de Almeida Pinto [MVP - DS], Dec 5, 2008
    #4
  5. Meinolf Weber, Dec 5, 2008
    #5
  6. Hello Ale,

    BTW, do you have Macintosh clients or POSIX compliant applications running
    or why did you change the primary group?

    Best regards

    Meinolf Weber
     
    Meinolf Weber, Dec 5, 2008
    #6
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.