More than six years ago, I wrote a post, detailing how I could identify users’ Active Directory group memberships. While the method I detailed certainly works, it isn’t as simple as it might have been. Having recently found myself needing to perform that very same task again, I decided to revisit this topic, to show how I did it this time around.
Tag: Active Directory
Last week, I showed you how you can easily find the OU to use when looking for the members of a specific OU. Today, I’d like to show you how I use that information. The background was that we use AD groups to control access to network shares. In order for IT support to know who is authorized to approve requests for access to these shares, we use the Managed By tab, assigning the owner of the network share as manager:
Using PowerShell, I was building a script to identify a subset of the groups in a given organizational unit (OU). As you may know, these are built up of subsections with the prefixes CN (common name) and DC (Domain Component). In order to have the script run successfully, you need to specify the OU using the full path, which looks something like this:
A little while ago, I was asked about when a specific user last logged in with their active directory (AD) user account. While looking up that information was easily done, finding out how to look up the information was a mite more challenging. There are a number of ways of achieving it; including command line and Powershell commands. My preferred way of doing it is using the Attribute Editor in Active Directory Users and Computers (ADUC). Here’s how:
Some time ago, I was asked to provide a list of everyone with access to a specific system. After communicating with the client, it transpired that they were particularly interested in knowing who were the members of a set of Active Directory groups. While this can be done manually, I wanted to try my hand at building a PowerShell-script that returned the information the client was asking for, and which I could reuse at some later point, as such requests pop up with some regularity.
Five years ago, I showed you how to export a list of members of an Active Directory group, using a command line query. One issue I’ve run into using this query, is that I get their user name, not their actual name, which tends to make the resulting list hard to parse. As I had a need to export a relatively large number of group members names as part of a recent ticket, I needed a solution that gave me what I wanted straight out of the box.
Some time ago, I needed to have a list of all Contacts registered in Active Directory. Knowing that there are a lot of them (numbering at least eighty), getting the data manually was not a viable alternative, particularly knowing that the same objective can be achieved through Powershell. I eventually came up with a solution. To make following it logically easier, I’m going to include commentary on each step:
A couple of months ago, a customer sent us a ticket, complaining that a mail group was incomplete. Specifically, his manager was not listed among the recipients. The mail group in question contained all managers, and membership was gained through dedicated active directory (AD) organisational units (OUs), one for the manager of each business unit (BU). I checked the Exchange address book in Outlook, and sure enough; the manager group for his BU was not listed among the recipients.
A month or so ago, I was asked to find a specific attribute (objectGUID, in case you wondered) of a group in Active Directory, for use in some third-party system. Thinking that this would be easily accomplished, I opened my Active Directory Users and Computers-window, and found the group in question. I opened the properties, but found the Attribute Editor tab sorely missing:
Some time ago, I was working on a request to limit access to a folder to members of four AD groups. Following the established practice at my employer, I created the group to grant access to the folder, and the one to control who has access. I made the latter a member of the former, and went to add the members. Two of the AD groups that were to have access were added, no problem. The other two were not. Not only that, I couldn’t even find them when searching for them,