Mayank,
Sorry no I haven't resolved this myself and I got no reponse. I developed
around it by assuming the groups exist in all master domains.
I think I should clarify the problem because looking back at this post I
think maybe it wasn't clear and that's why noone else responded.
Say I have a multi-master domain with Master1, Master2, Master3, Resource1,
Resource2, and Resource3. I have a user account in Master1 and I'm logged
into a machine in Resource1. Each Resource domain trusts all three Master
domains. I can get perl to enumerate the groups in any resource domain and
Master1 using Win32::Lanman and Win32API. But, when I try to enumerate the
groups in any other master domain, I see an 'Access Denied' error. This
is to be expected because the other master domains do not trust my user
account.
However, explorer can enumerate groups from any master domain from my
machine. You can see all groups and users are displayed when you grant
permissions with the permissions dialogue box (Right-Click the folder of
your choice, select 'Properties->Security->Permissions->Add...->List Names
From') choose any master domain and, boom! there they are.
How can perl do that?
Tony
"Mayank D.
Upadhyay" To: <[EMAIL PROTECTED]>
<mupadhyay@cran cc:
ite.com> Subject: How to enumerate groups
08/22/01 01:22
PM
Tony,
Did you ever receive an answer to this? I'd like to be able to call
netgroupenum on both trusted and trusting domains. Any clues will be
greatly appreciated.
Thanks.
-Mayank
Tony OQuinn [EMAIL PROTECTED]
<mailto:tony_oquinn%40email.mobil.com>
Fri, 23 Feb 2001 10:00:22 -0600
Correction:
I was wrong when I said Administrator permission is required to execute
Win32::Lanman::NetGroupEnum and Win32API::Net::GroupEnum, they both work
with
normal user. However the user account must be in a trusted domain.
These
functions can't enum groups in a trusted domain if that domain does not
trust
the user's domain.
Explorer can list groups and users from any trusted domain when a user
grants
NTFS or share permissions. How does it do that? Can anyone suggest a
way to
enum groups in any trusted domain?
Thanks in advance,
Tony
---------------------- Forwarded by Tony OQuinn/C/Dallas/Mobil-Notes on
02/23/2001 09:53 AM ---------------------------
From: Tony OQuinn on 02/22/2001 04:36 PM
To: [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
cc:
Subject: How to enumerate groups with a normal user account
How can I enumerate the global groups on a master domain with a normal
user
account?
In a multiple master domain model, my script runs on a machine in a
resource
domain and grants share permission to groups in several trusted domains.
Win32::Lanman::NetGroupEnum and Win32API::Net::GroupEnum both require
administrator access, but the script will not have admin access in the
master
domains.
There is an API call to do this because if I right click on a folder on
my hard
drive, under properties->security->permissions->Add..., there I can list
the
domain groups and users from any trusted domain even when I don't have
an
account in that domain. What API call is that? And can that be done
with perl?
Tony
_______________________________________________
Perl-Win32-Admin mailing list
[EMAIL PROTECTED]
http://listserv.ActiveState.com/mailman/listinfo/perl-win32-admin
