• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 481
  • Last Modified:

Active Directory pull user groups permissions

Experts,

I would like to know if there is some sort of script or method that I can run on my Active directory ( Windows 2003) to find out what is the status of all my users.

In detail, I want to know how many users I have, under what Organizational Unit, and most importantly, what "Group Membership" they have.

Thank you,
R
0
RandallVillalobos
Asked:
RandallVillalobos
  • 2
1 Solution
 
Tony MassaCommented:
ADFind is the tool you should use:

adfind -default -f "(&(objectCategory=Person)(objectClass=User)(sAMAccountType=805306368))" -c

The -c will provide the count of objects in your query.

You can also do this with oldcmp using:
oldcmp -report -users -age 0 -rsort pwdLastSet -sh

You can use the memberOf utiltiy to get all groups and members

The primary group is not a member of memberOf attribute so it has to be grabbed  specially.

Thanks to Joe Richards for all of his awesome tools!
0
 
RandallVillalobosAuthor Commented:
This looks great, let me check it out.  I'll get back to you
0
 
RandallVillalobosAuthor Commented:
tmassa99,
from what I see, I need to drop this program on my system32 folder correct?
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now