|
|
|||||||
I'm making a script, using ENUMGROUP. Is it correct, that this command won't return all groupmemberships? I don't get any groups outside the OU of the user, even though the user is member of these groups. |
||||||||
|
|
|||||||
This function should return the groups that the user executing this code is a member of at the time of the last logon. Could you post your properly formatted code so we could possibly test and comment? What groups do not show up that you would expect to see? |
||||||||
|
|
|||||||
IF InGroup ("PRN_PSERV_EKSP") ? "Your in the group PRN_PSERV_EKSP" ENDIF The above code, dosn't return anything. I can see in my usermanager, that i am a member of this group but it's not returned with ENUMGROUP. I have a bunch of local groups returned, but only global groups placed in the OU: USERS. Other groups outside this OU, that i am member of, is not displayed. |
||||||||
|
|
|||||||
I have tried to restart my computer and using the /F parameter. Nothing happens. |
||||||||
|
|
|||||||
My guess then is that you have security set too tight on AD. |
||||||||
|
|
|||||||
There isn't any policies set on the useraccount i'm testing with, nor the computer. The user is member of the Domain admin group. |
||||||||
|
|
|||||||
If i use this code, i get a list of all groups in the domain, including the one i can't get with ENUMGROUP: $Computer = GetObject("WinNT://tredom.local") dim $filter[0] $filter[0]="Group" $Computer.filter = $filter For Each $Group in $Computer ? $Group.Name Next |
||||||||
|
|
|||||||
I am using some adsi on advice on another Forum. Question closed. |
||||||||
|
|
|||||||
Depending on what exactly you were trying to accomplish, you may have gotten the same advice here. We have plenty of KiX ADSI COM code on this board. Incidentally, the test code you show above using the WinNT:// provider is not user based. The function ENUMGROUPS only enumerates groups that have been attached to your security token at logon. This work is none by your Global Catalog server. If you want the groups that your account is a member of, then I would suggest using reviewing some other threads such as: http://www.kixtart.org/ubbthreads/showthreaded.php?Cat=&Number=70104 where GetGroups code is posted. |
||||||||
|
|
|||||||
Did you try using this code example from the manual? Code: $Index = 0 Or if you know the LDAP path you could do something similar to this: Code: Break On As Howard mentioned you need to add some error codes if you have problems returning the expected data so that you can determine why. |
||||||||
|
|
|||||||
Well after a little further testing I'm not quite sure why(still need to dig into the ADSI code further) but the first code example from the manual using KiXtart native EnumGroup appears to return many more groups then even the ADSI code does. EnumGroups retrieves even local groups on the workstation, and Distribution groups and even Special groups like: Pre-Windows 2000 Compatible Access So if this script is run during logon, the native KiXtart enumgroup appears to be able to return many more groups overall. When I get time I'll try to investigate what is up with the ADSI code and why it does not return all the same Network groups, I realize it won't return the local and distribution groups but would think all other Network groups should match. It does return some Universal but not others, not sure if that is due to some nesting going on or what. |
||||||||
|
|
|||||||
Well, Microsoft code does not return my Primary Group or a couple of other groups I belong to either. http://www.microsoft.com/technet/scriptcenter/scripts/ad/groups/adgpvb17.mspx It does return the Primary Group ID but not the name |
||||||||
|
|
|||||||
Quote: Well I finally got a little time I have some code that will now enumerate all the groups including the nested groups. I'm still working on a parameter for the UDF but hope to post the UDF sometime tomorrow. The code currently works but want to allow another option for showing or not showing the nested groups, and or flagging the nested ones. |
||||||||
|
|
|||||||
2 years later? |