Solved

dsquery to retrieve all computers that is permissioned with an active directory group

Posted on 2010-08-23
9
649 Views
Last Modified: 2012-06-21
Hello all!

can someone give me a dsquery syntax where I can pull all computer names that are permissioned with a particular active directory group?

Thanks!
0
Comment
Question by:monicai
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33499331
Could you explain it a little bit more (some example) ? :) Thank you in advance.
0
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33499335
That was going to be my suggestion :-)
0
 
LVL 4

Author Comment

by:monicai
ID: 33499352
for example, I have an AD group called ADGroup1.  ADGroup1 is permissioned to server01, server02, server03, etc.  All these servers belongs to a single domain controller called contoso.com.  I want to run a query which will retrieve all servers in contoso.com where ADgroup1 is permissioned.
0
Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

 
LVL 4

Author Comment

by:monicai
ID: 33499358
i know this can be quite ambitious but no harm asking.  I got like a gazillion servers and it is tedious to open each one of them to check if the group is permissioned to it.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33499373
I don't know exaclt what you mean :) You want to check where this group is attached on each server, right? If so, dsquery won't help you.
0
 
LVL 2

Expert Comment

by:zsaurabh
ID: 33499767
Do You want group members ?
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 33499778

By "permissioned" you mean you want to find accounts where ADGroup1 has been granted some level of access to the objects Security?

If so, you can find it using a program like DsRevoke (http://www.microsoft.com/downloads/details.aspx?familyid=77744807-c403-4bda-b0e4-c2093b8d6383&displaylang=en).

If you work with a large number of servers you might benefit a lot from a shift into PowerShell options there include:

Get-QADPermission (Quest CmdLets http://www.quest.com/powershell/activeroles-server.aspx)
Get-ADPermission (Exchange 2007 / 2010 CmdLets)
Scripts, like mine :) (http://www.indented.co.uk/index.php/2009/10/02/get-dsacl/)

Output formatting and conditional returns are easier to control there than with a tool like DsRevoke.

Chris
0
 
LVL 2

Expert Comment

by:zsaurabh
ID: 33499814
Download Systemtools Hyena and Get memberships

http://www.systemtools.com/hyena/index.html
0
 
LVL 2

Expert Comment

by:zsaurabh
ID: 33499830
Display the list of all groups, to which pc64 belongs:

C:\> dsget computer cn=pc64,ou=computers,dc=ss64,dc=com -memberof -expand

Display the descriptions of all computers in an organizational unit (OU) named France whose name starts with "pari"

C:\> dsquery computer OU=France,DC=ss64,DC=Com -name pari* | dsget computer -desc
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
Many of us need to configure DHCP server(s) in their environment. We can do that simply via DHCP console on server or using MMC snap-in on each computer with Administrative Tools installed in a network. But what if we have to configure many DHCP ser…
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question