More than six years ago, I wrote a post, detailing how I could identify users’ Active Directory group memberships. While the method I detailed certainly works, it isn’t as simple as it might have been. Having recently found myself needing to perform that very same task again, I decided to revisit this topic, to show how I did it this time around.
A little while ago, I was asked about when a specific user last logged in with their active directory (AD) user account. While looking up that information was easily done, finding out how to look up the information was a mite more challenging. There are a number of ways of achieving it; including command line and Powershell commands. My preferred way of doing it is using the Attribute Editor in Active Directory Users and Computers (ADUC). Here’s how:
Some time ago, I was working on a request to limit access to a folder to members of four AD groups. Following the established practice at my employer, I created the group to grant access to the folder, and the one to control who has access. I made the latter a member of the former, and went to add the members. Two of the AD groups that were to have access were added, no problem. The other two were not. Not only that, I couldn’t even find them when searching for them,
When working in a corporate environment with Active Directory, you may, from time to time, encounter computers that users cannot log on to, as they receive an error message saying: