Solved

dsquery to retrieve all computers that is permissioned with an active directory group

Posted on 2010-08-23
9
646 Views
Last Modified: 2012-06-21
Hello all!

can someone give me a dsquery syntax where I can pull all computer names that are permissioned with a particular active directory group?

Thanks!
0
Comment
Question by:monicai
  • 3
  • 2
  • 2
  • +2
9 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33499331
Could you explain it a little bit more (some example) ? :) Thank you in advance.
0
 
LVL 11

Expert Comment

by:Coast-IT
ID: 33499335
That was going to be my suggestion :-)
0
 
LVL 4

Author Comment

by:monicai
ID: 33499352
for example, I have an AD group called ADGroup1.  ADGroup1 is permissioned to server01, server02, server03, etc.  All these servers belongs to a single domain controller called contoso.com.  I want to run a query which will retrieve all servers in contoso.com where ADgroup1 is permissioned.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 4

Author Comment

by:monicai
ID: 33499358
i know this can be quite ambitious but no harm asking.  I got like a gazillion servers and it is tedious to open each one of them to check if the group is permissioned to it.
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33499373
I don't know exaclt what you mean :) You want to check where this group is attached on each server, right? If so, dsquery won't help you.
0
 
LVL 2

Expert Comment

by:zsaurabh
ID: 33499767
Do You want group members ?
0
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 33499778

By "permissioned" you mean you want to find accounts where ADGroup1 has been granted some level of access to the objects Security?

If so, you can find it using a program like DsRevoke (http://www.microsoft.com/downloads/details.aspx?familyid=77744807-c403-4bda-b0e4-c2093b8d6383&displaylang=en).

If you work with a large number of servers you might benefit a lot from a shift into PowerShell options there include:

Get-QADPermission (Quest CmdLets http://www.quest.com/powershell/activeroles-server.aspx)
Get-ADPermission (Exchange 2007 / 2010 CmdLets)
Scripts, like mine :) (http://www.indented.co.uk/index.php/2009/10/02/get-dsacl/)

Output formatting and conditional returns are easier to control there than with a tool like DsRevoke.

Chris
0
 
LVL 2

Expert Comment

by:zsaurabh
ID: 33499814
Download Systemtools Hyena and Get memberships

http://www.systemtools.com/hyena/index.html
0
 
LVL 2

Expert Comment

by:zsaurabh
ID: 33499830
Display the list of all groups, to which pc64 belongs:

C:\> dsget computer cn=pc64,ou=computers,dc=ss64,dc=com -memberof -expand

Display the descriptions of all computers in an organizational unit (OU) named France whose name starts with "pari"

C:\> dsquery computer OU=France,DC=ss64,DC=Com -name pari* | dsget computer -desc
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenerio: You have a server running Server 2003 and have applied a retail pack of Terminal Server Licenses.  You want to change servers or your server has crashed and you need to reapply the Terminal Server Licenses. When you enter the 16-digit lic…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question