Alan
Guest
|
 Posted: Tue Jan 02, 2007 2:13 pm Post subject: Querying Group Membership in a Trusting Domain |
 |
|
I need to be able to check on whether a user is a member of a group in a
trusting domain.
In ADUC in the trusting domain I can see accounts from the trusted domain.
I've got the following process that finds the target group in the trusting
domain and returns a list of users.
-----------------------------------------------------
strContainer = "cn=Test,ou=Groups,dc=test,dc=co,dc=uk"
Set objRootDSE = GetObject("LDAP://dc=test,dc=co,dc=uk")
' Get the group
Set objGroup = GetObject ("LDAP://" & strContainer)
objGroup.getInfo
arrMemberOf = objGroup.GetEx("member")
' Loop = For Each .... Next
For Each strMember in arrMemberOf
WScript.echo strMember
Next
Wscript.Quit
-----------------------------------------------------
However, when the script returns the accounts from the trusted domain, they
are in the format CN=<something that looks like a
SID>,CN=ForeignSecurityPrincipals,DC=test,dc=co,dc=uk
To find out whether the user is in the grou, it look as though I need to
either find what looks like the SID for the user and compare that with those
returned or get what is returned from the script to come back with user
accounts, as appear in ADUC.
Does anyone have any ideas on how this could be done?
Any advice would be appreciated.
Thanks,
Alan |
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Private messages
Log in
