List Archives

This forum is an archive of all posts to our mailing list over the past few years. The forum is set read only therefore to contribute you will need to join our list community. See more info about this here.

When subscribed to the list you should use your standard email client to send your posts to ActiveDir@mail.activedir.org.

List Archives

Unanswered Active Topics

Forums Search

Forums >ActiveDir Mail List Archive >List Archives

Subject: [ActiveDir] Script for comparing group membership of two users.

Prev Next

You are not authorized to post a reply.

Author

Messages

nidhinck

Posts:64

09/01/2010 5:13 PM
Hi All, I'm looking for a script which will compare all the group membership (including nested groups) of two users. -- Regards, Nidhin.CK Chennai Phone No: +91 9884622467

RickSheikh User is Offline

Posts:373

09/01/2010 5:52 PM
Using Quest AD Cmdlets with PowerShell, something like below should work Compare-Object (Get-QADMemberOf rick.sheikh -Indirect) (Get-QADMemberOf brian.mohr -Indirect) Also see the -ExcludeDifferent and -IncludeEqual switches to add at the end of the one-liner above. On Wed, Sep 1, 2010 at 11:11 AM, nidhin ck <nidhinck@gmail.com> wrote: > Hi All, > > I'm looking for a script which will compare all the group membership > (including nested groups) of two users. > > -- > Regards, > > Nidhin.CK > Chennai > Phone No: +91 9884622467 > > >

listmail

Posts:822

09/01/2010 6:55 PM
Keep in mind that this is likely going to miss primary group membership and any nesting there, it is likely going to miss any memberships cross forest that are in domain local groups. Perhaps a nice way to handle this would be to get a DC for every domain in the forest that is also a GC, query the GC port for the user objects against all of those DCs asking for tokenGroups. Then collect that into a single unique list and output it for each user. joe -- O'Reilly Active Directory Fourth Edition - http://www.joeware.net/win/ad4e.htm Blog: http://blog.joeware.net From: activedir-owner@mail.activedir.org [mailto:activedir-owner@mail.activedir.org] On Behalf Of Rick Sheikh Sent: Wednesday, September 01, 2010 12:51 PM To: activedir@mail.activedir.org Subject: Re: [ActiveDir] Script for comparing group membership of two users. Using Quest AD Cmdlets with PowerShell, something like below should work Compare-Object (Get-QADMemberOf rick.sheikh -Indirect) (Get-QADMemberOf brian.mohr -Indirect) Also see the -ExcludeDifferent and -IncludeEqual switches to add at the end of the one-liner above. On Wed, Sep 1, 2010 at 11:11 AM, nidhin ck <nidhinck@gmail.com> wrote: Hi All, I'm looking for a script which will compare all the group membership (including nested groups) of two users. -- Regards, Nidhin.CK Chennai Phone No: +91 9884622467

You are not authorized to post a reply.

Forums >ActiveDir Mail List Archive >List Archives > [ActiveDir] Script for comparing group membership of two users.

ActiveForums 3.7

Syndicate

Friends

List Archives

List Archives

Friends

Members

Articles

Related Links

Ads