Getting AD Group memebrship from just a username

Posted on 2006-04-10
Last Modified: 2011-08-18
hOw can I get a user's AD group membership form just his username. All the scripts I have seen require a full LDAP name and in the situation I am in I shan't know which OU a user is a member of.
Question by:cescentman
    LVL 11

    Accepted Solution

    You can get the LDAP name from the username. To do that:

    First you will get the distinguished name of the user: For that you have to write the function

    Public Function UserNameDN(sUserName)
         set oRootDSE = GetObject("LDAP://rootDSE")
       Set oConnection = CreateObject("ADODB.Connection")
       oConnection.Open "Provider=ADsDSOObject;"
       Set oCommand = CreateObject("ADODB.Command")
       oCommand.ActiveConnection = oConnection
       oCommand.CommandText = "<LDAP://" & oRootDSE.get("defaultNamingContext") & ">;(&(objectCategory=User)(samAccountName=" & _
                  sUserName & "));distinguishedName;subtree"
       Set oRecordSet = oCommand.Execute
            UserNameDN = oRecordSet.Fields("distinguishedName")
            If Err <> 0 Then
              outFile.WriteLine "There was an error getting the DN for " & strUser & "." & "    " & Err.Num
              strBadCount = strBadCount + 1
            End If
            On error Goto 0

    And after you find the DN name the LDAP name would be
    LDAP://DC Name/UserNameDN
    LVL 23

    Assisted Solution

    Use dsquery and dsget:

    dsquery user -name USERNAME | dsget user -memberof

    the only variable is USERNAME...put in the username of the person you want.  So for Joe Smith:

    dsquery user -name "Joe Smith" | dsget user -memberof
    LVL 1

    Author Comment

    LVL 23

    Expert Comment


    Featured Post

    Top 6 Sources for Identifying Threat Actor TTPs

    Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

    Join & Write a Comment

    The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
    I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
    Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now