Link to home
Start Free TrialLog in
Avatar of HelpdeskJBC
HelpdeskJBCFlag for Austria

asked on

i use dsquery to check groupmembership

I would like to check with a batch script if a user is member of a group

this should work with dsquery instead of ifmember

how can i use dsquery to make a simple if true then goto line xx query?

dsquery * domainroot -filter "(&(objectClass=group)(name=theGroup))" -l -d domain.local -attr member | find /c "Test UserA"

This will give me a value if there is any user in "theGroup"
Test UserA is in the Group one time so the result is 1
if i check for "Test User" it will give me the Result 4, because the text is part of Test UserA
Test UserB... so not a perfect solution any other ideas?
Avatar of oBdA
oBdA

Ony way is to check for the surrounding elements of the DN (the "cn=" at the beginning and the "," at the end:
dsquery * domainroot -filter "(&(objectClass=group)(name=theGroup))" -l -d domain.local -attr member | find /i /c "cn=Test UserA,"

Open in new window

Or do it the other way and query the user's group membership; this will work for nested groups as well:
dsquery user -name "Test UserA" | dsget user -memberof -expand | find /i /c "cn=theGroup,"

Open in new window

Avatar of HelpdeskJBC

ASKER

Ok and how can i use the return value to simply check with the if function?
can I save the result into a variable?
ASKER CERTIFIED SOLUTION
Avatar of oBdA
oBdA

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial