Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

dsquery to retrieve all computers that is permissioned with an active directory group

Posted on 2010-08-23
9
Medium Priority
?
651 Views
Last Modified: 2012-06-21
Hello all!

can someone give me a dsquery syntax where I can pull all computer names that are permissioned with a particular active directory group?

Thanks!
0
Comment
Question by:monicai
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33499331
Could you explain it a little bit more (some example) ? :) Thank you in advance.
0
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33499335
That was going to be my suggestion :-)
0
 
LVL 4

Author Comment

by:monicai
ID: 33499352
for example, I have an AD group called ADGroup1.  ADGroup1 is permissioned to server01, server02, server03, etc.  All these servers belongs to a single domain controller called contoso.com.  I want to run a query which will retrieve all servers in contoso.com where ADgroup1 is permissioned.
0
Get free NFR key for Veeam Availability Suite 9.5

Veeam is happy to provide a free NFR license (1 year, 2 sockets) to all certified IT Pros. The license allows for the non-production use of Veeam Availability Suite v9.5 in your home lab, without any feature limitations. It works for both VMware and Hyper-V environments

 
LVL 4

Author Comment

by:monicai
ID: 33499358
i know this can be quite ambitious but no harm asking.  I got like a gazillion servers and it is tedious to open each one of them to check if the group is permissioned to it.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33499373
I don't know exaclt what you mean :) You want to check where this group is attached on each server, right? If so, dsquery won't help you.
0
 
LVL 2

Expert Comment

by:zsaurabh
ID: 33499767
Do You want group members ?
0
 
LVL 71

Accepted Solution

by:
Chris Dent earned 2000 total points
ID: 33499778

By "permissioned" you mean you want to find accounts where ADGroup1 has been granted some level of access to the objects Security?

If so, you can find it using a program like DsRevoke (http://www.microsoft.com/downloads/details.aspx?familyid=77744807-c403-4bda-b0e4-c2093b8d6383&displaylang=en).

If you work with a large number of servers you might benefit a lot from a shift into PowerShell options there include:

Get-QADPermission (Quest CmdLets http://www.quest.com/powershell/activeroles-server.aspx)
Get-ADPermission (Exchange 2007 / 2010 CmdLets)
Scripts, like mine :) (http://www.indented.co.uk/index.php/2009/10/02/get-dsacl/)

Output formatting and conditional returns are easier to control there than with a tool like DsRevoke.

Chris
0
 
LVL 2

Expert Comment

by:zsaurabh
ID: 33499814
Download Systemtools Hyena and Get memberships

http://www.systemtools.com/hyena/index.html
0
 
LVL 2

Expert Comment

by:zsaurabh
ID: 33499830
Display the list of all groups, to which pc64 belongs:

C:\> dsget computer cn=pc64,ou=computers,dc=ss64,dc=com -memberof -expand

Display the descriptions of all computers in an organizational unit (OU) named France whose name starts with "pari"

C:\> dsquery computer OU=France,DC=ss64,DC=Com -name pari* | dsget computer -desc
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I guess it is not common knowledge to most Wintel engineers/administrators: If you have an SNMP-based monitoring system in your environment (and it's common to have SNMP or Syslog) it's reasonably easy to enable monitoring of the Windows Event logs,…
Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
In this video, Percona Solution Engineer Dimitri Vanoverbeke discusses why you want to use at least three nodes in a database cluster. To discuss how Percona Consulting can help with your design and architecture needs for your database and infras…
Suggested Courses

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question