Active Directory pull user groups permissions


I would like to know if there is some sort of script or method that I can run on my Active directory ( Windows 2003) to find out what is the status of all my users.

In detail, I want to know how many users I have, under what Organizational Unit, and most importantly, what "Group Membership" they have.

Thank you,
Who is Participating?
Tony MassaConnect With a Mentor Commented:
ADFind is the tool you should use:

adfind -default -f "(&(objectCategory=Person)(objectClass=User)(sAMAccountType=805306368))" -c

The -c will provide the count of objects in your query.

You can also do this with oldcmp using:
oldcmp -report -users -age 0 -rsort pwdLastSet -sh

You can use the memberOf utiltiy to get all groups and members

The primary group is not a member of memberOf attribute so it has to be grabbed  specially.

Thanks to Joe Richards for all of his awesome tools!
RandallVillalobosAuthor Commented:
This looks great, let me check it out.  I'll get back to you
RandallVillalobosAuthor Commented:
from what I see, I need to drop this program on my system32 folder correct?
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.