Show Me Users!
I watched a request go through a service desk setup recently asking for all users who use a particular application. While at first this sounds trivial, the application is a heavily used flat-file system which has security enforced via Group Policy permissions. This means that nested groups among all the various security groups makes this a tedious task going through active directory.
Enter the 2003 active directory commands complete with pipeline example of my end result.
dsquery group -name *funky* “dc=mystery,dc=localzoo” | dsget group -members | dsget user -display
That’ll bring back the nice display name, of all users, who belong to any group that has ‘funky’ in its name.
There is probably a smooth way to list out each group, then list out each user in each of those groups (to include the duplicate names), but that hasn’t been asked for.. i suppose that could be done by taking the first part of the pipe, then running the second and third piped commands against each group that is returned… that’d be the way to do it for say less than 10 groups… any more than that though, I’m sure powershell can come to the rescue.
