Ulf B. Simon-Weidner wrote:
Hi Aaron,
this is simple, you can either do a LDAP-Query against the members attribute
of the group using different utilities, or use dsget which does the work for
you:
Using the groups DistinguishedName:
dsget group cn=mygroup,cn=users,dc=mydomain,dc=com -members
or via the groups name
dsquery group domainroot -name mygroup | dsget group -members
But using dsquery in this way Yoou ar not able to un-neast group
membership. You have to make some script around this to be able to track
the group membership of a user through nested groups.
--
Tomasz Onyszko
http://www.w2k.pl
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
