?
Solved

dsquery to retrieve all computers that is permissioned with an active directory group

Posted on 2010-08-23
9
Medium Priority
?
650 Views
Last Modified: 2012-06-21
Hello all!

can someone give me a dsquery syntax where I can pull all computer names that are permissioned with a particular active directory group?

Thanks!
0
Comment
Question by:monicai
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33499331
Could you explain it a little bit more (some example) ? :) Thank you in advance.
0
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33499335
That was going to be my suggestion :-)
0
 
LVL 4

Author Comment

by:monicai
ID: 33499352
for example, I have an AD group called ADGroup1.  ADGroup1 is permissioned to server01, server02, server03, etc.  All these servers belongs to a single domain controller called contoso.com.  I want to run a query which will retrieve all servers in contoso.com where ADgroup1 is permissioned.
0
10 Questions to Ask when Buying Backup Software

Choosing the right backup solution for your organization can be a daunting task. To make the selection process easier, ask solution providers these 10 key questions.

 
LVL 4

Author Comment

by:monicai
ID: 33499358
i know this can be quite ambitious but no harm asking.  I got like a gazillion servers and it is tedious to open each one of them to check if the group is permissioned to it.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33499373
I don't know exaclt what you mean :) You want to check where this group is attached on each server, right? If so, dsquery won't help you.
0
 
LVL 2

Expert Comment

by:zsaurabh
ID: 33499767
Do You want group members ?
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 33499778

By "permissioned" you mean you want to find accounts where ADGroup1 has been granted some level of access to the objects Security?

If so, you can find it using a program like DsRevoke (http://www.microsoft.com/downloads/details.aspx?familyid=77744807-c403-4bda-b0e4-c2093b8d6383&displaylang=en).

If you work with a large number of servers you might benefit a lot from a shift into PowerShell options there include:

Get-QADPermission (Quest CmdLets http://www.quest.com/powershell/activeroles-server.aspx)
Get-ADPermission (Exchange 2007 / 2010 CmdLets)
Scripts, like mine :) (http://www.indented.co.uk/index.php/2009/10/02/get-dsacl/)

Output formatting and conditional returns are easier to control there than with a tool like DsRevoke.

Chris
0
 
LVL 2

Expert Comment

by:zsaurabh
ID: 33499814
Download Systemtools Hyena and Get memberships

http://www.systemtools.com/hyena/index.html
0
 
LVL 2

Expert Comment

by:zsaurabh
ID: 33499830
Display the list of all groups, to which pc64 belongs:

C:\> dsget computer cn=pc64,ou=computers,dc=ss64,dc=com -memberof -expand

Display the descriptions of all computers in an organizational unit (OU) named France whose name starts with "pari"

C:\> dsquery computer OU=France,DC=ss64,DC=Com -name pari* | dsget computer -desc
0

Featured Post

Enterprise Mobility and BYOD For Dummies

Like “For Dummies” books, you can read this in whatever order you choose and learn about mobility and BYOD; and how to put a competitive mobile infrastructure in place. Developed for SMBs and large enterprises alike, you will find helpful use cases, planning, and implementation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

So you have two Windows Servers and you have a directory/folder/files on one that you'd like to mirror to the other?  You don't really want to deal with DFS or a 3rd party solution like Doubletake. You can use Robocopy from the Windows Server 200…
by Batuhan Cetin Within the dynamic life of an IT administrator, we hold many information in our minds like user names, passwords, IDs, phone numbers, incomes, service tags, bills and the order from our wives to buy milk when coming back to home.…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question