Solved

Active Directory pull user groups permissions

Posted on 2012-03-21
3
440 Views
Last Modified: 2012-03-26
Experts,

I would like to know if there is some sort of script or method that I can run on my Active directory ( Windows 2003) to find out what is the status of all my users.

In detail, I want to know how many users I have, under what Organizational Unit, and most importantly, what "Group Membership" they have.

Thank you,
R
0
Comment
Question by:RandallVillalobos
  • 2
3 Comments
 
LVL 17

Accepted Solution

by:
Tony Massa earned 500 total points
ID: 37749292
ADFind is the tool you should use:

adfind -default -f "(&(objectCategory=Person)(objectClass=User)(sAMAccountType=805306368))" -c

The -c will provide the count of objects in your query.

You can also do this with oldcmp using:
oldcmp -report -users -age 0 -rsort pwdLastSet -sh

You can use the memberOf utiltiy to get all groups and members

The primary group is not a member of memberOf attribute so it has to be grabbed  specially.

Thanks to Joe Richards for all of his awesome tools!
0
 

Author Comment

by:RandallVillalobos
ID: 37749487
This looks great, let me check it out.  I'll get back to you
0
 

Author Comment

by:RandallVillalobos
ID: 37758784
tmassa99,
from what I see, I need to drop this program on my system32 folder correct?
0

Featured Post

Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now