|
Brian, When you say view a users
memberships in groups does he need to do this programmatically? If his
application is already impersonating the user’s context then he can
simply get this from the users token. If you just want a list of groups
you can do a base search specifying the DN of the user and request the tokengroups
attribute, I suggest doing this against a GC. That will return all of the
SIDs for the groups for which the user is a member. http://msdn.microsoft.com/library/default.asp?url="">,
if you need the friendly names you could resolve them. By default
authenticated users should be able to read this attribute. Thanks, -Steve From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Desmond One of the app groups here told me he needed rights to see users’
membership in groups throughout the forest. Ok, fine. So I go in ADUC and look
at a user which meets this criteria, and I as an ent admin only see the users
groups in the local domain. If I go look at the group in the other domain, it
shows the whole membership from the forest. Is this expected behavior or is
something wrong here? I have no idea, having never tried to do what the guy
wants to do. Thanks, brian |
- RE: [ActiveDir] ADUC Group Viewing Dean Wells
- RE: [ActiveDir] ADUC Group Viewing Almeida Pinto, Jorge de
- [ActiveDir] User Administration Scripts/T... Mark . H . Lunsford
- RE: [ActiveDir] ADUC Group Viewing Mark . H . Lunsford
- RE: [ActiveDir] ADUC Group Viewing Almeida Pinto, Jorge de
- RE: [ActiveDir] ADUC Group Viewing Grillenmeier, Guido
- Re: [ActiveDir] ADUC Group Viewing Phil Renouf
- RE: [ActiveDir] ADUC Group Viewing Steve Linehan
