List User objects with read access. AD Query.

Roland0 · 13 Dec 2010 at 12:10

Hi Folks,

I'm in a slight pickle here, and the net result is that I need to list all user objects (AD 2k3) with read access to a certain resource (a shared diretory / folder). This would normally be easy, but I also need all the info from all the nested groups, this is a right pain! (lots of resource / security groupings!)

If anybody knows of an easy way of doing this, an AD Query I think is probably the best but I've not done many of these, (or even powershell, VBS etc) i would be eternally grateful, and award you with an e-cookie!

Thanks!

oddjob62 · 13 Dec 2010 at 21:16

Powershell + Quest QAD plugin (basics here)

Get-QADGroup -Name 'Group Name' | Get-QADGroupMember -Indirect
(or something similar, sorry don't have time to get the exact syntax)

Roland0 · 13 Dec 2010 at 21:38

thanks oddjob! I'm suprised theres not a more simple way of doing this tbh

I'll look into this Powershell + Quest addon combo!

oddjob62 · 13 Dec 2010 at 21:46

Stoned_SpaZZZ said:
thanks oddjob! I'm suprised theres not a more simple way of doing this tbh

I'll look into this Powershell + Quest addon combo!

That's the simplest way unless you're pretty good with VB. For a start it's like 3-4 lines just to connect to AD, then you need to set up a recursive loop. PS + QAD is a one liner.

Worth getting to grips with PS anyway, as pretty much everything from MS will be built around it in the future.

brainchylde · 13 Dec 2010 at 23:11

oddjob62 said:
Worth getting to grips with PS anyway, as pretty much everything from MS will be built around it in the future.

Here's hoping - DFS lacks any of this - no powershell and no API to speak of. A few command line utilities only.