Can anyone tell me about a tool that I can use which will list a users security group membership and will also display nested groups? I want a tool for every single security groups that they are a member of. Thanks
Can anyone tell me about a tool that I can use which will list a users security group membership and will also display nested groups? I want a tool for every single security groups that they are a member of. Thanks
There is a simple way by binding the object and get its tokenGroups attribute. You can also easily do this in a script and can easily see the results by using ADFind:
adfind -default -f samacccountname=someaccountname -dsq
After that use the DN returned by the 1st command, list the token groups:
adfind -b "CN=object.dn" -s base tokenGroups -resolvesids -sddl+
Incase you want to find out for logged in user then use "Whoami.exe /all", it will show you nested groups. You might also want to try some other switches available with Whoami for formating of the results. On Windows 2003, it is available by default and you can download it on XP as well.
Bookmarks