Solved

dsquery to retrieve all computers that is permissioned with an active directory group

Posted on 2010-08-23
9
648 Views
Last Modified: 2012-06-21
Hello all!

can someone give me a dsquery syntax where I can pull all computer names that are permissioned with a particular active directory group?

Thanks!
0
Comment
Question by:monicai
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33499331
Could you explain it a little bit more (some example) ? :) Thank you in advance.
0
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33499335
That was going to be my suggestion :-)
0
 
LVL 4

Author Comment

by:monicai
ID: 33499352
for example, I have an AD group called ADGroup1.  ADGroup1 is permissioned to server01, server02, server03, etc.  All these servers belongs to a single domain controller called contoso.com.  I want to run a query which will retrieve all servers in contoso.com where ADgroup1 is permissioned.
0
Ransomware: The New Cyber Threat & How to Stop It

This infographic explains ransomware, type of malware that blocks access to your files or your systems and holds them hostage until a ransom is paid. It also examines the different types of ransomware and explains what you can do to thwart this sinister online threat.  

 
LVL 4

Author Comment

by:monicai
ID: 33499358
i know this can be quite ambitious but no harm asking.  I got like a gazillion servers and it is tedious to open each one of them to check if the group is permissioned to it.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33499373
I don't know exaclt what you mean :) You want to check where this group is attached on each server, right? If so, dsquery won't help you.
0
 
LVL 2

Expert Comment

by:zsaurabh
ID: 33499767
Do You want group members ?
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 33499778

By "permissioned" you mean you want to find accounts where ADGroup1 has been granted some level of access to the objects Security?

If so, you can find it using a program like DsRevoke (http://www.microsoft.com/downloads/details.aspx?familyid=77744807-c403-4bda-b0e4-c2093b8d6383&displaylang=en).

If you work with a large number of servers you might benefit a lot from a shift into PowerShell options there include:

Get-QADPermission (Quest CmdLets http://www.quest.com/powershell/activeroles-server.aspx)
Get-ADPermission (Exchange 2007 / 2010 CmdLets)
Scripts, like mine :) (http://www.indented.co.uk/index.php/2009/10/02/get-dsacl/)

Output formatting and conditional returns are easier to control there than with a tool like DsRevoke.

Chris
0
 
LVL 2

Expert Comment

by:zsaurabh
ID: 33499814
Download Systemtools Hyena and Get memberships

http://www.systemtools.com/hyena/index.html
0
 
LVL 2

Expert Comment

by:zsaurabh
ID: 33499830
Display the list of all groups, to which pc64 belongs:

C:\> dsget computer cn=pc64,ou=computers,dc=ss64,dc=com -memberof -expand

Display the descriptions of all computers in an organizational unit (OU) named France whose name starts with "pari"

C:\> dsquery computer OU=France,DC=ss64,DC=Com -name pari* | dsget computer -desc
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Ms Filer Server Migration toolkit issues 2 97
Event ID: 1008 / Source: Microsoft-Windows-Perflib 2 225
HP Printer on Windows 2003 Terminal Server 4 65
BgInfo help 5 66
The HP utility "HP Lights-Out Online Configuration Utility for Windows Server 2003/2008" could be of great use when it comes to remotely configure a HP servers ILO WITHOUT rebooting the server. We would only need to create and run scripts using thi…
This may not be a text book method to resolve VSS backup issues but it seemed to have worked on few of the Windows 2003 servers we had issues while performing a Volume Shadow Copy backup. If you have issues while performing a shadow copy backup usin…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question