[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 154
  • Last Modified:

Active Directory / LDAP Question

I have an LDAP query that gathers the memberOf attributes for a particular user.  I want to know if there is a way to distinguish between distribution groups and security groups.  I would like to only gather the security groups for a particular user but I'm currently also getting the distribution groups too, which I don't want.
0
maytawn
Asked:
maytawn
  • 2
1 Solution
 
Chris DentPowerShell DeveloperCommented:

I don't think you could do this with an LDAP query, it's not a distinct property of the group that gives the type. This is a VbScript example of how you distinguish between the two:

Const ADS_GROUP_TYPE_SECURITY_ENABLED = &H80000000

Set objADSystemInfo = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & objADSystemInfo.UserName)

For Each strGroupDN in objUser.GetEx("memberOf")
    Set objGroup = GetObject("LDAP://" & strGroupDN)
    intGroupType = objGroup.Get("groupType")
    If intGroupType And ADS_GROUP_TYPE_SECURITY_ENABLED Then
        WScript.Echo objGroup.Get("name") & ": Security Group"
    Else
        WScript.Echo objGroup.Get("name") & ": Distribution Group"
    End If
Next

HTH

Chris
0
 
maytawnAuthor Commented:
This looks good.  So it looks like I will need to query each group to determine its type.  Can you explain this line a little more.

"If intGroupType And ADS_GROUP_TYPE_SECURITY_ENABLED Then"

Also, can you point me toward some documentation that provides a more detailed explaination of how groups are distinguished.  i.e. why do security groups tend to have long negative numbers as their value.
0
 
maytawnAuthor Commented:
The answer listed above ouputs correct results, but there is no explanation as to how I can distinguish between the two types.  I asked for clarification, but have not received any.  I would be agreeable to awarding partial points... but certainly not full points.
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now