• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 405
  • Last Modified:

See Group Memberships in AD

Can you make a report from ADUC or other built-in tool to see Group's memberships in the fashion easy to understand.  So it will show in kind of hierarcical tree to easy to present and explain.
Please advice.
Thank you.
0
Tiras25
Asked:
Tiras25
  • 5
  • 3
  • 2
  • +2
5 Solutions
 
Steven CarnahanNetwork ManagerCommented:
There are several ways to accomplish this. I personally prefer to use SomarSoft's DumpSec. http://www.systemtools.com/somarsoft/index.html 
It has a nice GUI and plenty of options for gathering information.

There are also a number of scripting methods you could use that I am sure others will point you to.

0
 
Tiras25Author Commented:
What I am loooking for is something like this.  FRor example: the user is part of the Global Group that is part of the Local Group. I don't want that user to be a part of the Local Group directly.  

Is there a way with or withuot a tool that can show me this user is a member of all these groups.  And not like he/she  a member of this group and this group is a member of this group..  

This is what I need....
0
 
Shabarinath RamadasanInfrastructure ArchitectCommented:
One option I see is to list the members (direct and indirect) of the main group.
You can get this by using Quest AD Commandlets.

Get-QADUser -IndirectMemberOf maingroup

If you want to list out the indirect members of a group, you can try

Get-QADGroupMember maingroup -Indirect

Good luck !
Shaba
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
Shabarinath RamadasanInfrastructure ArchitectCommented:
You need to download quest ad command-lets from
http://www.quest.com/powershell/activeroles-server.aspx 
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
Try with free ADInfo. You can define by yourself what you are looking for. Remember when there is more that 25 group members, you need to export results to file to be able to see all of them :)
http://www.cjwdev.co.uk/Software/ADReportingTool/Download.html

Regards,
Krzysztof
0
 
Tiras25Author Commented:
Okay I will try with Quest powershell tool and let you know.  

Is there any way to do it just in ADUC with advanced features or scripts?
0
 
Thomas-MjeldeCommented:
You don't need Quest powershell for this, you can do it with Windows Servers own Active Directory powershell module.

get-adgroupmember "GROUP NAME" -recursive
0
 
Tiras25Author Commented:
Thanks Thomas. I think I would need something from visual reporting for management.  Like to show a membership for one user, all groups (Global and Local) he/she a member of.
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
Did you try ADInfo as I suggested above?

Krzysztof
0
 
Tiras25Author Commented:
Not yet.   I will try sometime this week and will let you know.

Thanks!
0
 
Krzysztof PytkoSenior Active Directory EngineerCommented:
You're welcome :)

Krzysztof
0
 
Tiras25Author Commented:
Sorry for the delay.   Looking at the different options here.  
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

  • 5
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now