nestedgroup membership of a user

hi,

i testing functions of powershell in ad. have script works way wanted. trying extract group , nested groups user memebr of user , assumed line here should able provide information  $i.properties.item("memberof").

can me understand how achieve this?

 $domainname = [adsi]""
 $searcher = new-object directoryservices.directorysearcher($domainname)
 $searcher.filter = "(&(objectclass=user)(name=*my*))"
 $user = $searcher.findall()
 $groupn = [adsi] "ldap://cn=ctxgroup,ou=ctx,dc=home,dc=lab"
    foreach ($i in $user)
    {
        $userdn = $i.properties.distinguishedname
        $guserdn = "ldap://$userdn"
        $groupn.add($guserdn)
    }
      
   $i.properties.item("memberof")
  
  

 

hey,

 

the simplest way approach other way around. have query

find groups instead of finding user , processing memberof.

 

e.g.

 

$ldapfilter =

"(&(objectcategory=group)(member:1.2.840.113556.1.4.1941:=$userdn))"

$searcher = new-object directoryservices.directorysearcher($null,

$ldapfilter)

$searcher.findall() | select-object @{n='name';e={

$_.properties["name"][0] }}

 

if stick current method have recursively query each

of groups in memberof. can done it's lot more hard work.

 

the method describe have 1 limitation, directory you're

executing search against must 2003 sp2 or higher (i believe

there's hotfix enables same functionality in 2003 sp1).

 

chris

 

Windows Server  >  Windows PowerShell