.Groups object attribute - KiXtart.org - official site

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » COM Scripting » .Groups object attribute

Page 1 of 1

1

Topic Options

#91716 - 2003-03-13 10:38 AM .Groups object attribute
ebiard ebiard Fresh Scripter Registered: 2003-03-13 Posts: 14	The ".Group" attribute is used for example in the GetGroups() UDF by H. Bullock. My question is : this user's or computer's attribute is not listed when you retreive the class attributes of these objects. So what is this ".Groups" and where is it documented ? Second question : how to retreive group memebership for groups ? The ".Groups" does not seem to work for group class. Thanks.
Top

#91717 - 2003-03-14 12:58 AM Re: .Groups object attribute
Lonkero Lonkero KiX Master Guru Registered: 2001-06-05 Posts: 22346 Loc: OK	eh not sure what is not documented. there is no group-property used anywhere in that UDF. all it does is use adsi winNT-provider. documentation for it you can find in http://msdn.microsoft.com/library/default.asp?url=/library/en-us/netdir/adsi/adsi_winnt_provider.asp _________________________ ! download KiXnet
Top

#91718 - 2003-03-13 01:44 PM Re: .Groups object attribute
Howard Bullock Howard Bullock KiX Supporter Registered: 2000-09-15 Posts: 5809 Loc: Harrisburg, PA USA	To enumerate groups and their membership you will have to: 1) bind to the computer $Computer = GetObject(WinNT://$Domain/$Computer,computer") 2) Filter for groups objects $Computer.Filter = "group","" 3) enumerate groups Foreach $group in $Computer 4) get membership $Members = $group.Members 5) enumerate members For each $member in $Members 6) print $member.Name _________________________ Home page: http://www.kixhelp.com/hb/
Top

#91719 - 2003-03-13 02:26 PM Re: .Groups object attribute
ebiard ebiard Fresh Scripter Registered: 2003-03-13 Posts: 14	Maybe i was not clear enough (propbably due to my poor english). What I need is to get all groups (direct and undirect) users are member of. No problem for direct groups a user is member of, but. User member of Group1 WHICH IS member of Group2 (and so on) Thanks for your help.
Top

#91720 - 2003-03-13 03:09 PM Re: .Groups object attribute
Howard Bullock Howard Bullock KiX Supporter Registered: 2000-09-15 Posts: 5809 Loc: Harrisburg, PA USA	This would be a nested process. First you use the format listed above to enumerate the current groups membership. you then need to check the SIDType of each member. If the SIDType is a group then you need to bind to that group and enumerate it. code: SIDTypes - ----------------------- 1 SidTypeUser 2 SidTypeGroup 3 SidTypeDomain 4 SidTypeAlias 5 SidTypeWellKnownGroup 6 SidTypeDeletedAccount 7 SidTypeInvalid 8 SidTypeUnknown 9 SidTypeComputer [ 13. March 2003, 15:09: Message edited by: Howard Bullock ] _________________________ Home page: http://www.kixhelp.com/hb/
Top

#91721 - 2003-03-13 03:23 PM Re: .Groups object attribute
ebiard ebiard Fresh Scripter Registered: 2003-03-13 Posts: 14	I agree whit that way. The only problem is the end of your explanation : "then you need to bind to that group and enumerate it." How to enumerate the groups the binded group is member of ? It's almost easy to get the groups a user or a computer is a member, but the groups a group is a member... That's a functionality we much use in AD : global groups members of other global/local groups.
Top

#91722 - 2003-03-13 05:13 PM Re: .Groups object attribute
Howard Bullock Howard Bullock KiX Supporter Registered: 2000-09-15 Posts: 5809 Loc: Harrisburg, PA USA	You would have to write a UDF (EnumGrp) that enumerates the members of a group. As part of the UDF you would check the SIDType of each member. When you encounter a member that is a group, then you recursively call the EnumGrp UDF passing it the name of the group. The functiona call would enumerate the members of the embedded group. If a member of that group is a group the process again recursively calls the UDF again and so on. At the end of the program you have listed ALL the user account in the group and the groups that that are members of of the group, etc. If you do not have the experience to write this code, I could provide a compiled Perl program or a KiXtart script that accomplishes this task. Unfortunately, I do not know when I get to it. Maybe a couple days? _________________________ Home page: http://www.kixhelp.com/hb/
Top

#91723 - 2003-03-13 05:28 PM Re: .Groups object attribute
ebiard ebiard Fresh Scripter Registered: 2003-03-13 Posts: 14	Thanks for your help. I think you did not understand what i wanted to do, but don't worry, i'll do it another way. I will process all the groups (and all the users) to get their members, and in a second step process these data to obtain the result. After seeking many docs, i think it's not possible to do what i wanted : not get the members of a group but get the "memberOf" of a group. The kix test function InGroup works with all groups (including undirect groups) for the current user because i think it uses the IsMember test method of the ADSgroup object. There is no method to retreive the whole "memberOf" list for groups. Again thanks.
Top

Page 1 of 1

1

Previous Topic

Previous Topic View All Topics

View All Topics

Index Next Topic

Next Topic

Moderator: Shawn, ShaneEP, Ruud van Velsen, Arend_, Jochen, Radimus, Glenn Barnas, Allen, Mart

Hop to:

Shout Box

Who's Online

0 registered and 657 anonymous users online.

Newest Members

M_Moore, BeeEm, min_seow, Audio, Hoschi
17883 Registered Users

Generated in 0.065 seconds in which 0.031 seconds were spent on a total of 12 queries. Zlib compression enabled.

click tracking