Hello!
I have 2 Questions:
1:
How can i get the distinguished Name of the logged on User in a variable? I
need this for our new LogonScript which will be written in Powershell.

2:
How can i get all groupmemberships of a User, including nested Groups?
If it is possible, i don't want to use the tool "ifmember.exe".




Thanks for your help!

Lothar

Question 1.

$root = [ADSI]"LDAP://dc=es,dc=gasnatural,dc=com"
$userWMI = Get-WmiObject win32_ComputerSystem
$user = $userWMI.UserName
$user = $user.split("\")[1] #in case you have a domain logon, just get
the name
$searchAD = new-object DirectoryServices.DirectorySearcher($root)
$searchAD.PageSize = 10000
$searchAD.Filter = "(`&(objectClass=user)(sAMAccountName=$($user)))"
$searchResult = $($searchAD.FindAll()).getDirectoryEntry()
$userDN = $searchResult.distinguishedName

On Dec 12, 10:30 am, Lothar <Lot...@discussions.microsoft.com> wrote:
> Hello!
> I have 2 Questions:
> 1:
> How can i get the distinguished Name of the logged on User in a variable? I
> need this for our new LogonScript which will be written in Powershell.
>
> 2:
> How can i get all groupmemberships of a User, including nested Groups?
> If it is possible, i don't want to use the tool "ifmember.exe".
>
> Thanks for your help!
>
> Lothar

Question 1.

$root = [ADSI]"LDAP://dc=my,dc=company,dc=com"
$userWMI = Get-WmiObject win32_ComputerSystem
$user = $userWMI.UserName
$user = $user.split("\")[1] #in case you have a domain logon, just get
the name
$searchAD = new-object DirectoryServices.DirectorySearcher($root)
$searchAD.PageSize = 10000
$searchAD.Filter = "(`&(objectClass=user)(sAMAccountName=$($user)))"
$searchResult = $($searchAD.FindAll()).getDirectoryEntry()
$userDN = $searchResult.distinguishedName

On Dec 12, 10:30 am, Lothar <Lot...@discussions.microsoft.com> wrote:
> Hello!
> I have 2 Questions:
> 1:
> How can i get the distinguished Name of the logged on User in a variable? I
> need this for our new LogonScript which will be written in Powershell.
>
> 2:
> How can i get all groupmemberships of a User, including nested Groups?
> If it is possible, i don't want to use the tool "ifmember.exe".
>
> Thanks for your help!
>
> Lothar

Thank You very much!

it works fine.


Lothar

"jorgemestre@gmail.com" wrote:

> Question 1.
>
> $root = [ADSI]"LDAP://dc=my,dc=company,dc=com"
> $userWMI = Get-WmiObject win32_ComputerSystem
> $user = $userWMI.UserName
> $user = $user.split("\")[1] #in case you have a domain logon, just get
> the name
> $searchAD = new-object DirectoryServices.DirectorySearcher($root)
> $searchAD.PageSize = 10000
> $searchAD.Filter = "(`&(objectClass=user)(sAMAccountName=$($user)))"
> $searchResult = $($searchAD.FindAll()).getDirectoryEntry()
> $userDN = $searchResult.distinguishedName
>
> On Dec 12, 10:30 am, Lothar <Lot...@discussions.microsoft.com> wrote:
> > Hello!
> > I have 2 Questions:
> > 1:
> > How can i get the distinguished Name of the logged on User in a variable? I
> > need this for our new LogonScript which will be written in Powershell.
> >
> > 2:
> > How can i get all groupmemberships of a User, including nested Groups?
> > If it is possible, i don't want to use the tool "ifmember.exe".
> >
> > Thanks for your help!
> >
> > Lothar
>
>

$user = $user.split("\")[-1]

jorgemestre@gmail.com wrote:
> Question 1.
>
> $root = [ADSI]"LDAP://dc=my,dc=company,dc=com"
> $userWMI = Get-WmiObject win32_ComputerSystem
> $user = $userWMI.UserName
> $user = $user.split("\")[1] #in case you have a domain logon, just get
> the name
> $searchAD = new-object DirectoryServices.DirectorySearcher($root)
> $searchAD.PageSize = 10000
> $searchAD.Filter = "(`&(objectClass=user)(sAMAccountName=$($user)))"
> $searchResult = $($searchAD.FindAll()).getDirectoryEntry()
> $userDN = $searchResult.distinguishedName
>
> On Dec 12, 10:30 am, Lothar <Lot...@discussions.microsoft.com> wrote:
> > Hello!
> > I have 2 Questions:
> > 1:
> > How can i get the distinguished Name of the logged on User in a variable? I
> > need this for our new LogonScript which will be written in Powershell.
> >
> > 2:
> > How can i get all groupmemberships of a User, including nested Groups?
> > If it is possible, i don't want to use the tool "ifmember.exe".
> >
> > Thanks for your help!
> >
> > Lothar

Hello!

Why -1?

DOMAIN\User
[0] \ [1]

isn't it?

On 12 dic, 23:31, "ydroam" <ydr...@gmail.com> wrote:
> $user = $user.split("\")[-1]
>
> jorgemes...@gmail.com wrote:
> > Question 1.
>
> > $root = [ADSI]"LDAP://dc=my,dc=company,dc=com"
> > $userWMI = Get-WmiObject win32_ComputerSystem
> > $user = $userWMI.UserName
> > $user = $user.split("\")[1] #in case you have a domain logon, just get
> > the name
> > $searchAD = new-object DirectoryServices.DirectorySearcher($root)
> > $searchAD.PageSize = 10000
> > $searchAD.Filter = "(`&(objectClass=user)(sAMAccountName=$($user)))"
> > $searchResult = $($searchAD.FindAll()).getDirectoryEntry()
> > $userDN = $searchResult.distinguishedName
>
> > On Dec 12, 10:30 am, Lothar <Lot...@discussions.microsoft.com> wrote:
> > > Hello!
> > > I have 2 Questions:
> > > 1:
> > > How can i get the distinguished Name of the logged on User in a variable? I
> > > need this for our new LogonScript which will be written in Powershell.
>
> > > 2:
> > > How can i get all groupmemberships of a User, including nested Groups?
> > > If it is possible, i don't want to use the tool "ifmember.exe".
>
> > > Thanks for your help!
>
> > > Lothar

"#in case you have a domain logon, just get the name"
#in case you don't have a domain logon, just get the name

If there is no \ in $user, split("\")[1] should give you nothing.
The -1 should give you the last array element which should be the user
name whether there is a "\" or not.


jorgemestre@gmail.com wrote:
> Hello!
>
> Why -1?
>
> DOMAIN\User
> [0] \ [1]
>
> isn't it?
>
> On 12 dic, 23:31, "ydroam" <ydr...@gmail.com> wrote:
> > $user = $user.split("\")[-1]
> >
> > jorgemes...@gmail.com wrote:
> > > Question 1.
> >
> > > $root = [ADSI]"LDAP://dc=my,dc=company,dc=com"
> > > $userWMI = Get-WmiObject win32_ComputerSystem
> > > $user = $userWMI.UserName
> > > $user = $user.split("\")[1] #in case you have a domain logon, just get
> > > the name
> > > $searchAD = new-object DirectoryServices.DirectorySearcher($root)
> > > $searchAD.PageSize = 10000
> > > $searchAD.Filter = "(`&(objectClass=user)(sAMAccountName=$($user)))"
> > > $searchResult = $($searchAD.FindAll()).getDirectoryEntry()
> > > $userDN = $searchResult.distinguishedName
> >
> > > On Dec 12, 10:30 am, Lothar <Lot...@discussions.microsoft.com> wrote:
> > > > Hello!
> > > > I have 2 Questions:
> > > > 1:
> > > > How can i get the distinguished Name of the logged on User in a variable? I
> > > > need this for our new LogonScript which will be written in Powershell.
> >
> > > > 2:
> > > > How can i get all groupmemberships of a User, including nested Groups?
> > > > If it is possible, i don't want to use the tool "ifmember.exe".
> >
> > > > Thanks for your help!
> >
> > > > Lothar

oh, great!
I didn't knew that, thanks!

ydroam ha escrito:

> "#in case you have a domain logon, just get the name"
> #in case you don't have a domain logon, just get the name
>
> If there is no \ in $user, split("\")[1] should give you nothing.
> The -1 should give you the last array element which should be the user
> name whether there is a "\" or not.
>
>
> jorgemestre@gmail.com wrote:
> > Hello!
> >
> > Why -1?
> >
> > DOMAIN\User
> > [0] \ [1]
> >
> > isn't it?
> >
> > On 12 dic, 23:31, "ydroam" <ydr...@gmail.com> wrote:
> > > $user = $user.split("\")[-1]
> > >
> > > jorgemes...@gmail.com wrote:
> > > > Question 1.
> > >
> > > > $root = [ADSI]"LDAP://dc=my,dc=company,dc=com"
> > > > $userWMI = Get-WmiObject win32_ComputerSystem
> > > > $user = $userWMI.UserName
> > > > $user = $user.split("\")[1] #in case you have a domain logon, just get
> > > > the name
> > > > $searchAD = new-object DirectoryServices.DirectorySearcher($root)
> > > > $searchAD.PageSize = 10000
> > > > $searchAD.Filter = "(`&(objectClass=user)(sAMAccountName=$($user)))"
> > > > $searchResult = $($searchAD.FindAll()).getDirectoryEntry()
> > > > $userDN = $searchResult.distinguishedName
> > >
> > > > On Dec 12, 10:30 am, Lothar <Lot...@discussions.microsoft.com> wrote:
> > > > > Hello!
> > > > > I have 2 Questions:
> > > > > 1:
> > > > > How can i get the distinguished Name of the logged on User in a variable? I
> > > > > need this for our new LogonScript which will be written in Powershell.
> > >
> > > > > 2:
> > > > > How can i get all groupmemberships of a User, including nested Groups?
> > > > > If it is possible, i don't want to use the tool "ifmember.exe".
> > >
> > > > > Thanks for your help!
> > >
> > > > > Lothar