Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Testing group membership

Posted on 2011-09-27
6
Medium Priority
?
237 Views
Last Modified: 2014-04-25
Hi guys, hope you are all well and can assist.

We want to work on a process of testing group membership scenarios.

Basically, we want to do the following:

1) User Bob is a member of 15 groups > Export all groups to a text file called exportedgroups.txt

2) Remove all groups from User Bob's account, except for domain users.

3) Do testing with User Bob's account.

4) After testing, readd all groups that were removed by step 2) above, back to user Bob's account.

Status:

Step 1) is done via:

dsquery user -name <username> -d <domainname> | dsget user -memberof > exportedgroups.txt

Format of exportedgroups.txt is as follows:

"CN=d_AN_Users,OU=domain Groups,DC=ori,DC=domain,DC=net"
"CN=w_ho_cor_hr_services_c,OU=Groups,OU=AN,OU=Migrated Objects,DC=ori,DC=domain,DC=net"
"CN=w_ho_cor_payr_proj_c,OU=Groups,OU=AN,OU=Migrated Objects,DC=ori,DC=domain,DC=net"

Step 2) is not done:
We need a way to remove all groups from his account EXCEPT for domain users.

Step 3) does not need to be done (we will do this).

Step 4) is not done.

Any help on this greatly appreciated.
0
Comment
Question by:Simon336697
  • 4
  • 2
6 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36715084
I would also use DS Tools as you did it and

AD1)
dsquery user -name "Bob" | dsget user -memberof c:\exportedgroups.txt

Now, remove "Domain Users" group from that text file

AD2)
for /f %i in (c:\exportedgroups.txt) do dsquery user -name "Bob" | dsmod group %i -rmmbr

Bob will be removed from all of those groups, except Domain Users (because you deleted it from text file)

AD3)
as you mentioned :]

AD4)
for /f %i in (c:\exportedgroups.txt) do dsquery user -name "Bob" | dsmod group %i -addmbr

And re-add Bob into groups from text file :)

If you need more assistance, just let me know

Regards,
Krzysztof
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36715087
Sorry forget about ">" in this syntax, should be

dsquery user -name "Bob" | dsget user -memberof >c:\exportedgroups.txt

Krzysztof
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36715122
OK, if your groups or OUs have space in names, you need to modify AD2 and AD4

First, in text file add at the end of each line ";" (semicolon)

and use this syntax

AD2)
for /f %i "tokens=* delims=;" in (c:\exportedgroups.txt) do dsquery user -name "Bob" | dsmod group %i -rmmbr

AD4)
for /f %i "tokens=* delims=;" in (c:\exportedgroups.txt) do dsquery user -name "Bob" | dsmod group %i -addmbr

Krzysztof
0
 [eBook] Windows Nano Server

Download this FREE eBook and learn all you need to get started with Windows Nano Server, including deployment options, remote management
and troubleshooting tips and tricks

 
LVL 1

Author Comment

by:Simon336697
ID: 36946264
Thanks so much iSiek. I will test this now. Sorry about the delay.
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 2000 total points
ID: 36947142
Hi,
you're welcome :) That's no problem. If you need further assistance, please let me know

Krzysztof
0
 
LVL 1

Author Comment

by:Simon336697
ID: 37034803
Thanks iSiek sorry about the delay getting back to you.
0

Featured Post

Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

There are times when we need to generate a report on the inbox rules, where users have set up forwarding externally in their mailbox. In this article, I will be sharing a script I wrote to generate the report in CSV format.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
Video by: Mark
This lesson goes over how to construct ordered and unordered lists and how to create hyperlinks.
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question