Not sure how you would do that with dsquery... Though
coupled with dsget it could maybe do it but in the piping op I think you
will lose the dn.
adfind will do this fairly easily but since it is also ldap
has the same limitation with cross domain group memberships... You also wouldn't
get the primary group but that is the same as dsquery|dsget.
adfind -b dc=domain,dc=com -f
"&(objectcategory=person)(objectclass=user)" memberof
or if you want the user out of the default domain for the
machine
adfind -default -f
"&(objectcategory=person)(objectclass=user)" memberof
F:\DEV\cpp\SvcUtil>adfind
-default -f "&(objectcategory=person)(objectclass=user)"
memberof
AdFind V01.12.00cpp Joe
Richards ([EMAIL PROTECTED])
May 2003
Using server:
2k3dc01.joe.com
Base DN: DC=joe,DC=com
Base DN: DC=joe,DC=com
dn:CN=Administrator,CN=Users,DC=joe,DC=com
>memberOf: CN=Group Policy Creator Owners,CN=Users,DC=joe,DC=com
>memberOf: CN=Domain Admins,CN=Users,DC=joe,DC=com
>memberOf: CN=Enterprise Admins,CN=Users,DC=joe,DC=com
>memberOf: CN=Schema Admins,CN=Users,DC=joe,DC=com
>memberOf: CN=Administrators,CN=Builtin,DC=joe,DC=com
>memberOf: CN=Group Policy Creator Owners,CN=Users,DC=joe,DC=com
>memberOf: CN=Domain Admins,CN=Users,DC=joe,DC=com
>memberOf: CN=Enterprise Admins,CN=Users,DC=joe,DC=com
>memberOf: CN=Schema Admins,CN=Users,DC=joe,DC=com
>memberOf: CN=Administrators,CN=Builtin,DC=joe,DC=com
dn:CN=Guest,CN=Users,DC=joe,DC=com
>memberOf: CN=Guests,CN=Builtin,DC=joe,DC=com
>memberOf: CN=Guests,CN=Builtin,DC=joe,DC=com
dn:CN=SUPPORT_388945a0,CN=Users,DC=joe,DC=com
>memberOf: CN=HelpServicesGroup,CN=Users,DC=joe,DC=com
>memberOf: CN=HelpServicesGroup,CN=Users,DC=joe,DC=com
dn:CN=krbtgt,CN=Users,DC=joe,DC=com
dn:CN=NormalUser,CN=Users,DC=joe,DC=com
dn:CN=TestUser,OU=TestUsersOU,OU=TestOU,DC=joe,DC=com
dn:CN=TestUser2,OU=TestUsersOU,OU=TestOU,DC=joe,DC=com
9 Objects returned
-------------
http://www.joeware.net (download joeware)
http://www.cafeshops.com/joewarenet (wear joeware)
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Grillenmeier, Guido
Sent: Wednesday, March 31, 2004 10:10 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] AD Query
dsquery (come with 2k3, but also works fine on
2000)
get OU from DN of user objects
get groups from memberOf attribute (will not be complete in
multi-domain forests, but maybe good enough for what you
need)
/Guido
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED]
Sent: Donnerstag, 1. April 2004 00:33
To: [EMAIL PROTECTED]
Subject: [ActiveDir] AD Query
Does anyone know of a was that I can Pull a query of AD that lists each user, what ou they are in and what groups they belong too
