I have updated the MemberOf utility.
This is just a quickie update as I received requests from like three people in less than a week that were for similar requests I have gotten over the years. I want to rewrite this from scratch again to take advantage of some stuff that I have learned to make it even faster and better but just haven’t had the time. These changes were actually something I could put in fairly quickly and safely as it was added code instead of modifying too much existing code.
The first update is to allow memberof to look up membership for computers. You simply specify -comp domain\computer or just -comp if you want memberof to work out what the current machine is and look up the membership on its own.
The second update is to allow memberof to look up groups that the specified group is a member of. So if, for instance Domain Admins is in the Administrators group, it will list administrators. It won’t list who is in the Domain Admins group. You simply specify domain\group, must specify the group, there is no default value. The flip side of this, a tool to get the membership of a group I have written for companies previously but I have not spent the time rewriting it as joeware yet. Â
The third update is that it outputs the security principal it is looking up, this is especially useful if you are telling it to get info for the current user or current computer.
G:\Temp>memberof -u MemberOf V02.02.00cpp Joe Richards (joe@joeware.net) May 2006 Security Principal: [USER] TEST\\$joe Group Memberships:  [Local Security] [Administrators] CN=Administrators,CN=Builtin,DC=test,DC=loc  [Local Security] [DnsAdmins] CN=DnsAdmins,CN=Users,DC=test,DC=loc  [Global Security] [Domain Admins] CN=Domain Admins,CN=Users,DC=test,DC=loc  [Global Security] [Domain Users] CN=Domain Users,CN=Users,DC=test,DC=loc  [Universal Security] [Enterprise Admins] CN=Enterprise Admins,CN=Users,DC=test,DC=loc  [Universal Security] [Schema Admins] CN=Schema Admins,CN=Users,DC=test,DC=loc  [Local Security] [Users] CN=Users,CN=Builtin,DC=test,DC=loc
Â
Â
Get MemberOf from http://www.joeware.net/win/free/tools/memberof.htm
 joe
Hello Joe, first of all thanks for all the wonderfull utils, I just want to ask you if it is possible with one of your utility’s to query groups to see by whom it is “Managed By”, because if I want to delete a user, I have to make sure the Managed By position is being filled by another user.
And can you please refer me a website or a good source to learn about query’s?
Thanx
KingWolf
Yeah adfind can do that. You just look at the managedby attribute.
As for learning queries, I would recommend picking up Active Directory Third Edition and Active Directory Cookbook. Both from O’Reilly, they should really help out.
Another book I’d recommend is Inside AD: A System Administrator’s Guide by Sakari Kouti
http://www.amazon.com/gp/product/0321228480/sr=8-1/qid=1149123486/ref=pd_bbs_1/002-2468514-2189615?%5Fencoding=UTF8
Joe I hope you get royalties for your nice comment on the front cover 🙂
They have a good LDAP search section in there.
Also sign up for the activedir.org mailing list if you haven’t done so. Joe and a few others will help out with query questions all the time and you learn a lot of cool tricks that way too.
Then practice on your own and you will have it in no time.
I usually hold off and recommend Inside AD only for folks who are already familiar with AD. It is an amazingly great book (I was a technical reviewer for the second edition and one of the people they contacted to get a quote from for the first edition after it was completed) but some of the technical details tend to scare newbies.
I know the first time I read the first edition I got stuck on the security chapter reading and rereading it to get all of the details out of it and making sure they aligned with what I knew and literally spent weeks on it. Plus the schema chapters are some of the best in existence. But again, I think it is for the folks with more familiarity already with AD.
No royalties for the comment unfortunately… Just a small “token of thanks” check for the Technical Review. You never make money on a Technical Review, it is entirely not about the money. In the time versus money equation I would make more working at McDonald’s than TR’ing books. Heck, I can make more at McDonald’s than writing books which is sad. That is why so few really great books really exist I think. It is far more lucrative to go out and use your knowledge working with companies than writing.