• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1684
  • Last Modified:

Unable to retrieve group membership of a Foreign Security Principals account

I'm trying to retrieve the local  group membership (groups in my local domain) from Foreign Security Principals accounts (created after granting access to a resource to an account from a trusted domain) via VBScript.  I'm using the code below but no matter what I do I'm not seeing the group membership.  The code works fine with a normal account.

Set objGroup = GetObject("LDAP://CN=S-1-5-21-466423297-1915321860-2068054413-25636,CN=ForeignSecurityPrincipals,DC=mydomain,DC=root")

arrGroups = objGroup.memberOf

I can see the membership when I look in the AD Users and Computers console.

Any ideas?
0
LonPete67
Asked:
LonPete67
1 Solution
 
Netman66Commented:
If memory serves me, the memberOf attribute is non-existent for Foreign Security Principals - thus no results.

Since these SIDs/GUIDs are objects representing groups/principals in your trusted domain(s), you need to enumerate them to a real domain/group (or user) then go after the memberOf of that result.



0
 
Glen KnightCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Easily Design & Build Your Next Website

Squarespace’s all-in-one platform gives you everything you need to express yourself creatively online, whether it is with a domain, website, or online store. Get started with your free trial today, and when ready, take 10% off your first purchase with offer code 'EXPERTS'.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now