The WinNT provider will not show same scope nesting. i.e. GG in GG, DLG in DLG, etc
As Brett stated, group membership is something with different answers depending on where you ask in the environment. For instance, DLG memberships in foreign domains will not show in your local interactive token. Ditto for local group memberships on member machines. Those memberships will show in the token only for auths in those scopes... i.e. if you log on to a member machine in a foreign domain, you will get your DLGs from that domain and the LGs from the member that you are part of but won't get DLGs from your home domain (or any other domain for that matter). An easy way to see the differences is to load ADAM on different machines in different domains and take a user with various group memberships at the domain levels and member levels and then query the ADAM rootdse with that ID and look at the tokenGroups attribute. You can also do this with Longhorn DCs. It really depends on how comprehensive an answer you want as to how you go about answering the question, "what groups am I in?" joe -- O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B Allen Sent: Wednesday, October 25, 2006 5:21 PM To: ActiveDir@mail.activedir.org Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [ActiveDir] List Groups I'm In? On Wed, 25 Oct 2006 21:00:24 +0100 "James (njan) Eaton-Lee" <[EMAIL PROTECTED]> wrote: > The vbscript you've written won't tell you if a user is a member of the > cute_pink_bunnies group which is a member of the Enterprise Admins > group, for instance - whoami /groups will. Are you sure? I know the LDAP provider won't expand nested groups but I used the WinNT provider. The WinNT provider returns the primary group. Mike -- Michael B Allen PHP Active Directory SSO http://www.ioplex.com/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir@mail.activedir.org/
