Solved

Testing group membership

Posted on 2011-09-27
6
234 Views
Last Modified: 2014-04-25
Hi guys, hope you are all well and can assist.

We want to work on a process of testing group membership scenarios.

Basically, we want to do the following:

1) User Bob is a member of 15 groups > Export all groups to a text file called exportedgroups.txt

2) Remove all groups from User Bob's account, except for domain users.

3) Do testing with User Bob's account.

4) After testing, readd all groups that were removed by step 2) above, back to user Bob's account.

Status:

Step 1) is done via:

dsquery user -name <username> -d <domainname> | dsget user -memberof > exportedgroups.txt

Format of exportedgroups.txt is as follows:

"CN=d_AN_Users,OU=domain Groups,DC=ori,DC=domain,DC=net"
"CN=w_ho_cor_hr_services_c,OU=Groups,OU=AN,OU=Migrated Objects,DC=ori,DC=domain,DC=net"
"CN=w_ho_cor_payr_proj_c,OU=Groups,OU=AN,OU=Migrated Objects,DC=ori,DC=domain,DC=net"

Step 2) is not done:
We need a way to remove all groups from his account EXCEPT for domain users.

Step 3) does not need to be done (we will do this).

Step 4) is not done.

Any help on this greatly appreciated.
0
Comment
Question by:Simon336697
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 2
6 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36715084
I would also use DS Tools as you did it and

AD1)
dsquery user -name "Bob" | dsget user -memberof c:\exportedgroups.txt

Now, remove "Domain Users" group from that text file

AD2)
for /f %i in (c:\exportedgroups.txt) do dsquery user -name "Bob" | dsmod group %i -rmmbr

Bob will be removed from all of those groups, except Domain Users (because you deleted it from text file)

AD3)
as you mentioned :]

AD4)
for /f %i in (c:\exportedgroups.txt) do dsquery user -name "Bob" | dsmod group %i -addmbr

And re-add Bob into groups from text file :)

If you need more assistance, just let me know

Regards,
Krzysztof
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36715087
Sorry forget about ">" in this syntax, should be

dsquery user -name "Bob" | dsget user -memberof >c:\exportedgroups.txt

Krzysztof
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 36715122
OK, if your groups or OUs have space in names, you need to modify AD2 and AD4

First, in text file add at the end of each line ";" (semicolon)

and use this syntax

AD2)
for /f %i "tokens=* delims=;" in (c:\exportedgroups.txt) do dsquery user -name "Bob" | dsmod group %i -rmmbr

AD4)
for /f %i "tokens=* delims=;" in (c:\exportedgroups.txt) do dsquery user -name "Bob" | dsmod group %i -addmbr

Krzysztof
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:Simon336697
ID: 36946264
Thanks so much iSiek. I will test this now. Sorry about the delay.
0
 
LVL 39

Accepted Solution

by:
Krzysztof Pytko earned 500 total points
ID: 36947142
Hi,
you're welcome :) That's no problem. If you need further assistance, please let me know

Krzysztof
0
 
LVL 1

Author Comment

by:Simon336697
ID: 37034803
Thanks iSiek sorry about the delay getting back to you.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Let's recap what we learned from yesterday's Skyport Systems webinar.
The viewer will learn how to count occurrences of each item in an array.
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question