|
Les, sorry that I did not reply on the dns search suffix.
The search suffix should only be necessary for omitting the domain part machine names.
Also as we are dealing with 10+ and still raising subdomains who shall catch up with the GPO's?
As mentioned I had also a problem with the users description which I solved getting the users object with LDAP lookup.
Playing arround and looking up the other solution I created this little hardcoded script which is enumerating the groups nicely. It is not dealing with nested groups but could be implemented too.
The script uses the LDAP ADSI
When I try to use WINNT:// the script fails. Maybe this help's Ruud to walk trough.
Maybe it had been an illusion trusting that WINS is no longer needed.
Option Explicit
Dim objGroup, objUser
Dim strLDAP
' Commands to bind to AD and extract domain name
' Build the LDAP DN from strUser, strOU and strDNSDomain
strLDAP ="LDAP://CN=admin,CN=Users,DC=SUBA,DC=XYZ,DC=com"
Set objUser = GetObject(strLDAP)
WScript.Echo "Groups for " & objUser.distinguishedName & vbCr
For Each objGroup in objUser.Groups
WScript.Echo objGroup.name
Next
WScript.Quit
| 
