|
The users from Domain B in the Domain A groups will be
represented as FSPs (remember you are outside of your forest). So there will be
no direct linkage capability to do this in any single
query.
In order to find the memberships of a Domain B
user (userDomB) in Domain A, you will need to find the FSP
for userDomB in Domain A and then look at the memberships of that FSP. This
you can either do by looking at the memberof attribute of the FSP or doing a
query against Domain B.
So you could do something like
adfind -b DN_FOR_DOM_A -f name=userDomB_SID
memberof
You always hear that SIDs go into groups and that is what
is stored, yes, except for AD groups, those store DNs, that is why you can add
OU's or Contacts or printers or any kind of object you want to an AD group but
can't do the same on a machine that uses a registry based SAM DB and why you
have to use FSPs for references to objects outside of the local
forest.
joe
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Steele Sent: Wednesday, October 11, 2006 4:19 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] Groups membership question I have one for you guys. I have been puzzling over for a
while. Seems simple, but I haven’t found a good solution. Domain A one way trusts Domain B Group in Domain A, contains members from Domain
B. Enumerate groups in Domain A, include membership for all
members in Domain B. Or for the real answer. Find user in Domain B, and tell
me all group memberships from Domain A and Domain B. Any ideas? I’ve tried adfind queries, I’ve visited the
windows scripting center and am at a loss. Thanks for your help. /aaron Aaron
Steele Mobile:
773.580.8099 [EMAIL PROTECTED] Main:
312.334.1900 Fax: 312.224.4789 _____________________ - Microsoft’s
2005 Advanced Infrastructure Partner of the Year - Microsoft’s
2005 Exchange Solution of the Year Winner |
- [ActiveDir] Groups membership question Aaron Steele
- Re: [ActiveDir] Groups membership question Laura E. Hunter
- RE: [ActiveDir] Groups membership question joe
