Solved

Active Directory pull user groups permissions

Posted on 2012-03-21
3
441 Views
Last Modified: 2012-03-26
Experts,

I would like to know if there is some sort of script or method that I can run on my Active directory ( Windows 2003) to find out what is the status of all my users.

In detail, I want to know how many users I have, under what Organizational Unit, and most importantly, what "Group Membership" they have.

Thank you,
R
0
Comment
Question by:RandallVillalobos
  • 2
3 Comments
 
LVL 17

Accepted Solution

by:
Tony Massa earned 500 total points
ID: 37749292
ADFind is the tool you should use:

adfind -default -f "(&(objectCategory=Person)(objectClass=User)(sAMAccountType=805306368))" -c

The -c will provide the count of objects in your query.

You can also do this with oldcmp using:
oldcmp -report -users -age 0 -rsort pwdLastSet -sh

You can use the memberOf utiltiy to get all groups and members

The primary group is not a member of memberOf attribute so it has to be grabbed  specially.

Thanks to Joe Richards for all of his awesome tools!
0
 

Author Comment

by:RandallVillalobos
ID: 37749487
This looks great, let me check it out.  I'll get back to you
0
 

Author Comment

by:RandallVillalobos
ID: 37758784
tmassa99,
from what I see, I need to drop this program on my system32 folder correct?
0

Featured Post

Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
NTFS Permissions 6 45
Powershell out file or export to csv 2 46
Creating a Vendor Admin user 23 51
Run Powershell Function as Scheduled Task with Parameters 1 22
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question