Trouble enumerating group membership with dsquery/get
Hi,
I am trying to enumerate the users in several domain groups. The groups contain nested groups, so I need to expand those as well. The output that I need is the RDN of the user object, but I am running into two issues.
This is the command I am attempting to run:
dsquery group -name "GROUPNAME" | dsget group -members -expand | dsquery user -o rdn
It takes the command fine, but just comes back with a full domain list of everyone's RDN.
If I just run: dsquery group -name "GROUPNAME" | dsget group -members -expand, it works fine, but the output is the full DN.
The other issue I am running into is more minor, but the output of the dsget group -expand command also outputs the nested group name. Is there anyway to omit this?
I know there are probably tools to handle this type of reporting, but I am interested in seeing it work in the native command line.
Thank you for any assistance!
I am trying to enumerate the users in several domain groups. The groups contain nested groups, so I need to expand those as well. The output that I need is the RDN of the user object, but I am running into two issues.
This is the command I am attempting to run:
dsquery group -name "GROUPNAME" | dsget group -members -expand | dsquery user -o rdn
It takes the command fine, but just comes back with a full domain list of everyone's RDN.
If I just run: dsquery group -name "GROUPNAME" | dsget group -members -expand, it works fine, but the output is the full DN.
The other issue I am running into is more minor, but the output of the dsget group -expand command also outputs the nested group name. Is there anyway to omit this?
I know there are probably tools to handle this type of reporting, but I am interested in seeing it work in the native command line.
Thank you for any assistance!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I realized that just may be my echo messing up, when I run the full line you sent I receive the following:
dsquery failed:No superior reference has been configured for the directory servi
ce. The directory service is therefore unable to issue referrals to objects outs
ide this forest.
dsquery failed:No superior reference has been configured for the directory servi
ce. The directory service is therefore unable to issue referrals to objects outs
ide this forest.
ASKER
Got it, it was the space. I just got rid of the delims
for /F "delims=" %a in ('dsquery group -name "GROUPNAME" ^| dsget group -members -expand') do @dsquery user %a -o rdn
Works great!
for /F "delims=" %a in ('dsquery group -name "GROUPNAME" ^| dsget group -members -expand') do @dsquery user %a -o rdn
Works great!
ASKER
Thanks again.
ASKER
"CN=McAlister\,
"CN=Waal\,
"CN=Marzano\,
"CN=Pugliese\,
"CN=Giammarino\,
It looks like as soon as it hits the backslash, it is halting because its an escape char.
Is there a way to put it all into double quotes?
Thank you again, so close!