Page 1 of 1 1
Topic Options
#130315 - 2004-11-29 08:01 PM ENUMGROUP don't display all group-memberships
Anonymous
Unregistered


I'm making a script, using ENUMGROUP.

Is it correct, that this command won't return all groupmemberships?

I don't get any groups outside the OU of the user, even though the user is member of these groups.

Top
#130316 - 2004-11-29 08:18 PM Re: ENUMGROUP don't display all group-memberships
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
This function should return the groups that the user executing this code is a member of at the time of the last logon.

Could you post your properly formatted code so we could possibly test and comment?

What groups do not show up that you would expect to see?


Edited by Howard Bullock (2004-11-29 08:19 PM)
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#130317 - 2004-11-29 08:23 PM Re: ENUMGROUP don't display all group-memberships
Anonymous
Unregistered


IF InGroup ("PRN_PSERV_EKSP")
? "Your in the group PRN_PSERV_EKSP"
ENDIF

The above code, dosn't return anything.

I can see in my usermanager, that i am a member of this group but it's not returned with ENUMGROUP.

I have a bunch of local groups returned, but only global groups placed in the OU: USERS.

Other groups outside this OU, that i am member of, is not displayed.

Top
#130318 - 2004-11-29 08:24 PM Re: ENUMGROUP don't display all group-memberships
Anonymous
Unregistered


I have tried to restart my computer and using the /F parameter. Nothing happens.
Top
#130319 - 2004-11-29 08:39 PM Re: ENUMGROUP don't display all group-memberships
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
My guess then is that you have security set too tight on AD.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#130320 - 2004-11-29 08:44 PM Re: ENUMGROUP don't display all group-memberships
Anonymous
Unregistered


There isn't any policies set on the useraccount i'm testing with, nor the computer.

The user is member of the Domain admin group.

Top
#130321 - 2004-11-29 09:00 PM Re: ENUMGROUP don't display all group-memberships
Anonymous
Unregistered


If i use this code, i get a list of all groups in the domain, including the one i can't get with ENUMGROUP:

$Computer = GetObject("WinNT://tredom.local")
dim $filter[0]
$filter[0]="Group"
$Computer.filter = $filter

For Each $Group in $Computer
? $Group.Name
Next

Top
#130322 - 2004-11-29 09:39 PM Re: ENUMGROUP don't display all group-memberships
Anonymous
Unregistered


I am using some adsi on advice on another Forum.

Question closed.

Top
#130323 - 2004-11-29 10:38 PM Re: ENUMGROUP don't display all group-memberships
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
Depending on what exactly you were trying to accomplish, you may have gotten the same advice here. We have plenty of KiX ADSI COM code on this board.

Incidentally, the test code you show above using the WinNT:// provider is not user based. The function ENUMGROUPS only enumerates groups that have been attached to your security token at logon. This work is none by your Global Catalog server.


If you want the groups that your account is a member of, then I would suggest using reviewing some other threads such as: http://www.kixtart.org/ubbthreads/showthreaded.php?Cat=&Number=70104

where GetGroups code is posted.
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#130324 - 2004-11-30 09:55 AM Re: ENUMGROUP don't display all group-memberships
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
Did you try using this code example from the manual?

Code:
$Index = 0
DO
$Group = ENUMGROUP($Index)
$Index = $Index + 1
? $Group
UNTIL Len($Group) = 0




Or if you know the LDAP path you could do something similar to this:

Code:
Break On
Dim $SO
$SO=SetOption('Explicit','On')
$SO=SetOption('NoVarsInStrings','On')

Dim $User,$Group
$User = GetObject('LDAP://CN=John\, Doe G.,OU=Users,OU=Finance,OU=WEST,DC=MyCompany,DC=com')
? 'Getting object err was: ' + @ERROR + ' ' + @SERROR
For Each $Group in $User.groups
; ? Join(Split($Group.name,"CN="),"")
; ? $Group.SamAccountName
; ? $Group.name
? $Group.adspath
Next



As Howard mentioned you need to add some error codes if you have problems returning the expected data so that you can determine why.

Top
#130325 - 2004-11-30 11:09 PM Re: ENUMGROUP don't display all group-memberships
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
Well after a little further testing I'm not quite sure why(still need to dig into the ADSI code further) but the first code example from the manual using KiXtart native EnumGroup appears to return many more groups then even the ADSI code does. EnumGroups retrieves even local groups on the workstation, and Distribution groups and even Special groups like: Pre-Windows 2000 Compatible Access

So if this script is run during logon, the native KiXtart enumgroup appears to be able to return many more groups overall.

When I get time I'll try to investigate what is up with the ADSI code and why it does not return all the same Network groups, I realize it won't return the local and distribution groups but would think all other Network groups should match. It does return some Universal but not others, not sure if that is due to some nesting going on or what.

Top
#130326 - 2004-12-02 01:05 AM Re: ENUMGROUP don't display all group-memberships
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
Well, Microsoft code does not return my Primary Group or a couple of other groups I belong to either.
http://www.microsoft.com/technet/scriptcenter/scripts/ad/groups/adgpvb17.mspx


It does return the Primary Group ID but not the name

Top
#130327 - 2006-03-23 08:53 AM Re: ENUMGROUP don't display all group-memberships
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11623
Loc: CA
Quote:

When I get time I'll try to investigate what is up with the ADSI code and why it does not return all the same Network groups





Well I finally got a little time

I have some code that will now enumerate all the groups including the nested groups. I'm still working on a parameter for the UDF but hope to post the UDF sometime tomorrow.

The code currently works but want to allow another option for showing or not showing the nested groups, and or flagging the nested ones.

Top
#130328 - 2006-03-23 04:27 PM Re: ENUMGROUP don't display all group-memberships
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
2 years later?
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
Page 1 of 1 1


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 329 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.06 seconds in which 0.024 seconds were spent on a total of 13 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org