Testing group membership
Hi guys, hope you are all well and can assist.
We want to work on a process of testing group membership scenarios.
Basically, we want to do the following:
1) User Bob is a member of 15 groups > Export all groups to a text file called exportedgroups.txt
2) Remove all groups from User Bob's account, except for domain users.
3) Do testing with User Bob's account.
4) After testing, readd all groups that were removed by step 2) above, back to user Bob's account.
Status:
Step 1) is done via:
dsquery user -name <username> -d <domainname> | dsget user -memberof > exportedgroups.txt
Format of exportedgroups.txt is as follows:
"CN=d_AN_Users,OU=domain Groups,DC=ori,DC=domain,DC
"CN=w_ho_cor_hr_services_c
"CN=w_ho_cor_payr_proj_c,O
Step 2) is not done:
We need a way to remove all groups from his account EXCEPT for domain users.
Step 3) does not need to be done (we will do this).
Step 4) is not done.
Any help on this greatly appreciated.
We want to work on a process of testing group membership scenarios.
Basically, we want to do the following:
1) User Bob is a member of 15 groups > Export all groups to a text file called exportedgroups.txt
2) Remove all groups from User Bob's account, except for domain users.
3) Do testing with User Bob's account.
4) After testing, readd all groups that were removed by step 2) above, back to user Bob's account.
Status:
Step 1) is done via:
dsquery user -name <username> -d <domainname> | dsget user -memberof > exportedgroups.txt
Format of exportedgroups.txt is as follows:
"CN=d_AN_Users,OU=domain Groups,DC=ori,DC=domain,DC
"CN=w_ho_cor_hr_services_c
"CN=w_ho_cor_payr_proj_c,O
Step 2) is not done:
We need a way to remove all groups from his account EXCEPT for domain users.
Step 3) does not need to be done (we will do this).
Step 4) is not done.
Any help on this greatly appreciated.
Sorry forget about ">" in this syntax, should be
dsquery user -name "Bob" | dsget user -memberof >c:\exportedgroups.txt
Krzysztof
dsquery user -name "Bob" | dsget user -memberof >c:\exportedgroups.txt
Krzysztof
OK, if your groups or OUs have space in names, you need to modify AD2 and AD4
First, in text file add at the end of each line ";" (semicolon)
and use this syntax
AD2)
for /f %i "tokens=* delims=;" in (c:\exportedgroups.txt) do dsquery user -name "Bob" | dsmod group %i -rmmbr
AD4)
for /f %i "tokens=* delims=;" in (c:\exportedgroups.txt) do dsquery user -name "Bob" | dsmod group %i -addmbr
Krzysztof
First, in text file add at the end of each line ";" (semicolon)
and use this syntax
AD2)
for /f %i "tokens=* delims=;" in (c:\exportedgroups.txt) do dsquery user -name "Bob" | dsmod group %i -rmmbr
AD4)
for /f %i "tokens=* delims=;" in (c:\exportedgroups.txt) do dsquery user -name "Bob" | dsmod group %i -addmbr
Krzysztof
ASKER
Thanks so much iSiek. I will test this now. Sorry about the delay.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks iSiek sorry about the delay getting back to you.
AD1)
dsquery user -name "Bob" | dsget user -memberof c:\exportedgroups.txt
Now, remove "Domain Users" group from that text file
AD2)
for /f %i in (c:\exportedgroups.txt) do dsquery user -name "Bob" | dsmod group %i -rmmbr
Bob will be removed from all of those groups, except Domain Users (because you deleted it from text file)
AD3)
as you mentioned :]
AD4)
for /f %i in (c:\exportedgroups.txt) do dsquery user -name "Bob" | dsmod group %i -addmbr
And re-add Bob into groups from text file :)
If you need more assistance, just let me know
Regards,
Krzysztof