Windows Vista Forums

Active Directory
  1. #1


    Lothar Guest

    Active Directory

    Hello!
    I have 2 Questions:
    1:
    How can i get the distinguished Name of the logged on User in a variable? I
    need this for our new LogonScript which will be written in Powershell.

    2:
    How can i get all groupmemberships of a User, including nested Groups?
    If it is possible, i don't want to use the tool "ifmember.exe".




    Thanks for your help!

    Lothar


      My System SpecsSystem Spec

  2. #2


    jorgemestre@gmail.com Guest

    Re: Active Directory

    Question 1.

    $root = [ADSI]"LDAP://dc=es,dc=gasnatural,dc=com"
    $userWMI = Get-WmiObject win32_ComputerSystem
    $user = $userWMI.UserName
    $user = $user.split("\")[1] #in case you have a domain logon, just get
    the name
    $searchAD = new-object DirectoryServices.DirectorySearcher($root)
    $searchAD.PageSize = 10000
    $searchAD.Filter = "(`&(objectClass=user)(sAMAccountName=$($user)))"
    $searchResult = $($searchAD.FindAll()).getDirectoryEntry()
    $userDN = $searchResult.distinguishedName

    On Dec 12, 10:30 am, Lothar <Lot...@discussions.microsoft.com> wrote:
    > Hello!
    > I have 2 Questions:
    > 1:
    > How can i get the distinguished Name of the logged on User in a variable? I
    > need this for our new LogonScript which will be written in Powershell.
    >
    > 2:
    > How can i get all groupmemberships of a User, including nested Groups?
    > If it is possible, i don't want to use the tool "ifmember.exe".
    >
    > Thanks for your help!
    >
    > Lothar



      My System SpecsSystem Spec

  3. #3


    jorgemestre@gmail.com Guest

    Re: Active Directory

    Question 1.

    $root = [ADSI]"LDAP://dc=my,dc=company,dc=com"
    $userWMI = Get-WmiObject win32_ComputerSystem
    $user = $userWMI.UserName
    $user = $user.split("\")[1] #in case you have a domain logon, just get
    the name
    $searchAD = new-object DirectoryServices.DirectorySearcher($root)
    $searchAD.PageSize = 10000
    $searchAD.Filter = "(`&(objectClass=user)(sAMAccountName=$($user)))"
    $searchResult = $($searchAD.FindAll()).getDirectoryEntry()
    $userDN = $searchResult.distinguishedName

    On Dec 12, 10:30 am, Lothar <Lot...@discussions.microsoft.com> wrote:
    > Hello!
    > I have 2 Questions:
    > 1:
    > How can i get the distinguished Name of the logged on User in a variable? I
    > need this for our new LogonScript which will be written in Powershell.
    >
    > 2:
    > How can i get all groupmemberships of a User, including nested Groups?
    > If it is possible, i don't want to use the tool "ifmember.exe".
    >
    > Thanks for your help!
    >
    > Lothar



      My System SpecsSystem Spec

  4. #4


    Lothar Guest

    Re: Active Directory

    Thank You very much!

    it works fine.


    Lothar

    "jorgemestre@gmail.com" wrote:

    > Question 1.
    >
    > $root = [ADSI]"LDAP://dc=my,dc=company,dc=com"
    > $userWMI = Get-WmiObject win32_ComputerSystem
    > $user = $userWMI.UserName
    > $user = $user.split("\")[1] #in case you have a domain logon, just get
    > the name
    > $searchAD = new-object DirectoryServices.DirectorySearcher($root)
    > $searchAD.PageSize = 10000
    > $searchAD.Filter = "(`&(objectClass=user)(sAMAccountName=$($user)))"
    > $searchResult = $($searchAD.FindAll()).getDirectoryEntry()
    > $userDN = $searchResult.distinguishedName
    >
    > On Dec 12, 10:30 am, Lothar <Lot...@discussions.microsoft.com> wrote:
    > > Hello!
    > > I have 2 Questions:
    > > 1:
    > > How can i get the distinguished Name of the logged on User in a variable? I
    > > need this for our new LogonScript which will be written in Powershell.
    > >
    > > 2:
    > > How can i get all groupmemberships of a User, including nested Groups?
    > > If it is possible, i don't want to use the tool "ifmember.exe".
    > >
    > > Thanks for your help!
    > >
    > > Lothar

    >
    >


      My System SpecsSystem Spec

  5. #5


    ydroam Guest

    Re: Active Directory

    $user = $user.split("\")[-1]

    jorgemestre@gmail.com wrote:
    > Question 1.
    >
    > $root = [ADSI]"LDAP://dc=my,dc=company,dc=com"
    > $userWMI = Get-WmiObject win32_ComputerSystem
    > $user = $userWMI.UserName
    > $user = $user.split("\")[1] #in case you have a domain logon, just get
    > the name
    > $searchAD = new-object DirectoryServices.DirectorySearcher($root)
    > $searchAD.PageSize = 10000
    > $searchAD.Filter = "(`&(objectClass=user)(sAMAccountName=$($user)))"
    > $searchResult = $($searchAD.FindAll()).getDirectoryEntry()
    > $userDN = $searchResult.distinguishedName
    >
    > On Dec 12, 10:30 am, Lothar <Lot...@discussions.microsoft.com> wrote:
    > > Hello!
    > > I have 2 Questions:
    > > 1:
    > > How can i get the distinguished Name of the logged on User in a variable? I
    > > need this for our new LogonScript which will be written in Powershell.
    > >
    > > 2:
    > > How can i get all groupmemberships of a User, including nested Groups?
    > > If it is possible, i don't want to use the tool "ifmember.exe".
    > >
    > > Thanks for your help!
    > >
    > > Lothar



      My System SpecsSystem Spec

  6. #6


    jorgemestre@gmail.com Guest

    Re: Active Directory

    Hello!

    Why -1?

    DOMAIN\User
    [0] \ [1]

    isn't it?

    On 12 dic, 23:31, "ydroam" <ydr...@gmail.com> wrote:
    > $user = $user.split("\")[-1]
    >
    > jorgemes...@gmail.com wrote:
    > > Question 1.

    >
    > > $root = [ADSI]"LDAP://dc=my,dc=company,dc=com"
    > > $userWMI = Get-WmiObject win32_ComputerSystem
    > > $user = $userWMI.UserName
    > > $user = $user.split("\")[1] #in case you have a domain logon, just get
    > > the name
    > > $searchAD = new-object DirectoryServices.DirectorySearcher($root)
    > > $searchAD.PageSize = 10000
    > > $searchAD.Filter = "(`&(objectClass=user)(sAMAccountName=$($user)))"
    > > $searchResult = $($searchAD.FindAll()).getDirectoryEntry()
    > > $userDN = $searchResult.distinguishedName

    >
    > > On Dec 12, 10:30 am, Lothar <Lot...@discussions.microsoft.com> wrote:
    > > > Hello!
    > > > I have 2 Questions:
    > > > 1:
    > > > How can i get the distinguished Name of the logged on User in a variable? I
    > > > need this for our new LogonScript which will be written in Powershell.

    >
    > > > 2:
    > > > How can i get all groupmemberships of a User, including nested Groups?
    > > > If it is possible, i don't want to use the tool "ifmember.exe".

    >
    > > > Thanks for your help!

    >
    > > > Lothar



      My System SpecsSystem Spec

  7. #7


    ydroam Guest

    Re: Active Directory

    "#in case you have a domain logon, just get the name"
    #in case you don't have a domain logon, just get the name

    If there is no \ in $user, split("\")[1] should give you nothing.
    The -1 should give you the last array element which should be the user
    name whether there is a "\" or not.


    jorgemestre@gmail.com wrote:
    > Hello!
    >
    > Why -1?
    >
    > DOMAIN\User
    > [0] \ [1]
    >
    > isn't it?
    >
    > On 12 dic, 23:31, "ydroam" <ydr...@gmail.com> wrote:
    > > $user = $user.split("\")[-1]
    > >
    > > jorgemes...@gmail.com wrote:
    > > > Question 1.

    > >
    > > > $root = [ADSI]"LDAP://dc=my,dc=company,dc=com"
    > > > $userWMI = Get-WmiObject win32_ComputerSystem
    > > > $user = $userWMI.UserName
    > > > $user = $user.split("\")[1] #in case you have a domain logon, just get
    > > > the name
    > > > $searchAD = new-object DirectoryServices.DirectorySearcher($root)
    > > > $searchAD.PageSize = 10000
    > > > $searchAD.Filter = "(`&(objectClass=user)(sAMAccountName=$($user)))"
    > > > $searchResult = $($searchAD.FindAll()).getDirectoryEntry()
    > > > $userDN = $searchResult.distinguishedName

    > >
    > > > On Dec 12, 10:30 am, Lothar <Lot...@discussions.microsoft.com> wrote:
    > > > > Hello!
    > > > > I have 2 Questions:
    > > > > 1:
    > > > > How can i get the distinguished Name of the logged on User in a variable? I
    > > > > need this for our new LogonScript which will be written in Powershell.

    > >
    > > > > 2:
    > > > > How can i get all groupmemberships of a User, including nested Groups?
    > > > > If it is possible, i don't want to use the tool "ifmember.exe".

    > >
    > > > > Thanks for your help!

    > >
    > > > > Lothar



      My System SpecsSystem Spec

  8. #8


    jorgemestre@gmail.com Guest

    Re: Active Directory

    oh, great!
    I didn't knew that, thanks!

    ydroam ha escrito:

    > "#in case you have a domain logon, just get the name"
    > #in case you don't have a domain logon, just get the name
    >
    > If there is no \ in $user, split("\")[1] should give you nothing.
    > The -1 should give you the last array element which should be the user
    > name whether there is a "\" or not.
    >
    >
    > jorgemestre@gmail.com wrote:
    > > Hello!
    > >
    > > Why -1?
    > >
    > > DOMAIN\User
    > > [0] \ [1]
    > >
    > > isn't it?
    > >
    > > On 12 dic, 23:31, "ydroam" <ydr...@gmail.com> wrote:
    > > > $user = $user.split("\")[-1]
    > > >
    > > > jorgemes...@gmail.com wrote:
    > > > > Question 1.
    > > >
    > > > > $root = [ADSI]"LDAP://dc=my,dc=company,dc=com"
    > > > > $userWMI = Get-WmiObject win32_ComputerSystem
    > > > > $user = $userWMI.UserName
    > > > > $user = $user.split("\")[1] #in case you have a domain logon, just get
    > > > > the name
    > > > > $searchAD = new-object DirectoryServices.DirectorySearcher($root)
    > > > > $searchAD.PageSize = 10000
    > > > > $searchAD.Filter = "(`&(objectClass=user)(sAMAccountName=$($user)))"
    > > > > $searchResult = $($searchAD.FindAll()).getDirectoryEntry()
    > > > > $userDN = $searchResult.distinguishedName
    > > >
    > > > > On Dec 12, 10:30 am, Lothar <Lot...@discussions.microsoft.com> wrote:
    > > > > > Hello!
    > > > > > I have 2 Questions:
    > > > > > 1:
    > > > > > How can i get the distinguished Name of the logged on User in a variable? I
    > > > > > need this for our new LogonScript which will be written in Powershell.
    > > >
    > > > > > 2:
    > > > > > How can i get all groupmemberships of a User, including nested Groups?
    > > > > > If it is possible, i don't want to use the tool "ifmember.exe".
    > > >
    > > > > > Thanks for your help!
    > > >
    > > > > > Lothar



      My System SpecsSystem Spec

Active Directory problems?

Similar Threads
Thread Thread Starter Forum Replies Last Post
active directory Walser Mark PowerShell 4 22 Apr 2008
Active Directory Mark D. Hall Vista mail 1 14 Sep 2007
Active Directory Vista General 4 19 Dec 2006
Active Directory Vista networking & sharing 4 19 Dec 2006
active directory Cameron Murray PowerShell 4 16 Nov 2006