Solved

Active Directory pull user groups permissions

Posted on 2012-03-21
3
444 Views
Last Modified: 2012-03-26
Experts,

I would like to know if there is some sort of script or method that I can run on my Active directory ( Windows 2003) to find out what is the status of all my users.

In detail, I want to know how many users I have, under what Organizational Unit, and most importantly, what "Group Membership" they have.

Thank you,
R
0
Comment
Question by:RandallVillalobos
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 17

Accepted Solution

by:
Tony Massa earned 500 total points
ID: 37749292
ADFind is the tool you should use:

adfind -default -f "(&(objectCategory=Person)(objectClass=User)(sAMAccountType=805306368))" -c

The -c will provide the count of objects in your query.

You can also do this with oldcmp using:
oldcmp -report -users -age 0 -rsort pwdLastSet -sh

You can use the memberOf utiltiy to get all groups and members

The primary group is not a member of memberOf attribute so it has to be grabbed  specially.

Thanks to Joe Richards for all of his awesome tools!
0
 

Author Comment

by:RandallVillalobos
ID: 37749487
This looks great, let me check it out.  I'll get back to you
0
 

Author Comment

by:RandallVillalobos
ID: 37758784
tmassa99,
from what I see, I need to drop this program on my system32 folder correct?
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question