viewing all group memberships??

Local-IT-Dude

Is there an easy way to find out every group that an account is a member of? I want to include every group that the user is a member of, even ones where they are a member because the group they are in is a member.

I swear there was a way to do this but Im not finding it now.

Thank you

willhi1979

Local-IT-Dude wrote: »

Is there an easy way to find out every group that an account is a member of? I want to include every group that the user is a member of, even ones where they are a member because the group they are in is a member.

I swear there was a way to do this but Im not finding it now.

Thank you

Try running gpresult from the command line and see if that helps.

xenodamus

How about:

dsget user <user DN> -memberof

You would run that from a command line and enter the user's distinguished name in the brackets. I think that may do it.

MrAgent

gpresult should show all group membership.

Devilsbane

xenodamus wrote: »

How about:

dsget user <user DN> -memberof

You would run that from a command line and enter the user's distinguished name in the brackets. I think that may do it.

-memberof only gives the explicit memberships. Sounds like he wants both the -memberof switch along with the -expand one. You will also likely want to redirect the output to a text file since there will probably be many groups.

dsget user "CN=Mike Jones,OU=myUsers,DC=Techexams,DC=Net" -memberof -expand > Mike.txt

undomiel

Or to make things a bit easier on yourself to avoid looking up and typing in the DN you could do:

dsquery user -name "User Name" | dsget user -memberof -expand

xenodamus

When I tried to use -memberof and -expand together I think it gave me a list of every object in AD.

It was 527 pages of DNs, anyway

Not sure what went wrong there. This is what I was trying:

dsget user <user DN> -memberof -expand