Как в AD получить группы, в которые входит рабочая станция, с самой рабочей станции? [закрыто]
Если я нахожусь на контроллере домена (в Active Directory), чтобы узнать, в какие группы входит рабочая станция «XPSP3-A», я делаю:
dsquery computer "CN=XPSP3-A,CN=Computers,DC=pvk,DC=local" -name XPSP3-A | dsget computer -memberof
и получаю следующее:
"CN=Sec Group 001,OU=OU1,DC=pvk,DC=local"
"CN=Domain Computers,CN=Users,DC=pvk,DC=local"
Но как сделать то же самое с рабочей станции "XPSP3-A"?
-4
задан David
11 November 2012 в 21:58
Ссылка
3 ответа
Caution, terrible VBS follows. This is ripped straight from an old VBS script that I wrote to deploy user shortcuts and is essentially untested etc. It doesn't display the DN of the group, but it should be possible to implement.
Option Explicit
Dim elem, UserGroupDict, ComputerGroupDict, currentDomain, currentUser, strComputerName, uCN, cCN
Dim objShell, oRoot, oDomain, fqDomain, objNetwork, objUser, objComputer, objFSO
Dim WshShell, WshNetwork
Set UserGroupDict = CreateObject("Scripting.Dictionary")
UserGroupDict.CompareMode = vbTextCompare
Set ComputerGroupDict = CreateObject("Scripting.Dictionary")
ComputerGroupDict.CompareMode = vbTextCompare
Set objShell = WScript.CreateObject( "WScript.Shell" )
'Obtain FQDN
Set oRoot = GetObject("LDAP://rootDSE")
Set oDomain = GetObject("LDAP://" & oRoot.Get("defaultNamingContext"))
fqDomain = oRoot.Get("defaultNamingContext")
'Obtain netbios username, computername and domainname
Set objNetwork = CreateObject("Wscript.Network")
currentDomain = objNetwork.UserDomain
currentUser = objNetwork.UserName
strComputerName = objNetwork.ComputerName
'Find user DistingishedName and bind to user object
uCN = findDN
Set objUser=GetObject("LDAP://" & uCN)
'Find computers DistingishedName and bind to computer object
cCN = findDNComputer
Set objComputer=GetObject("LDAP://" & cCN)
Set WshShell = WScript.CreateObject("WScript.Shell")
Set WshNetwork = WScript.CreateObject("WScript.Network")
Set objFSO = CreateObject("Scripting.FileSystemObject")
'Get the users group memberships
EnumUserGroups()
'Get the computers group memberships
EnumComputerGroups()
MsgBox("User DN: " + uCN)
MsgBox("Computer DN: " + cCN)
MsgBox("User Groups")
For Each elem In UserGroupDict
MsgBox elem
Next
MsgBox("Computer Groups")
For Each elem In ComputerGroupDict
MsgBox elem
Next
'=========================
'FUNCTIONS
'=========================
'Function to find groups to which user is a *DIRECT* member of.
Function EnumUserGroups()
Dim colGroups, objGroup
Set colGroups = objUser.Groups
For Each objGroup In colGroups
If Not CBool(UserGroupDict.Exists(objGroup.CN)) Then
UserGroupDict.Add objGroup.CN, "-"
GetNested(objGroup)
End If
Next
End Function
'Searches groups recursively to enumerate nested groups
Function GetNested(objGroup)
Dim colMembers, strMember, strPath, objNestedGroup
On Error Resume Next
colMembers = objGroup.GetEx("memberOf")
For Each strMember In colMembers
If Not strMember = "" Then
strPath = "LDAP://" & strMember
Set objNestedGroup = GetObject(strPath)
If Not CBool(UserGroupDict.Exists(objNestedGroup.CN)) Then
UserGroupDict.Add objNestedGroup.CN, "-"
GetNested(objNestedGroup)
End If
End If
Next
Set objNestedGroup = Nothing
End Function
'Function to find groups to which computer is a *DIRECT* member of.
Function EnumComputerGroups()
Dim colGroups, objGroup
Set colGroups = objComputer.Groups
For Each objGroup In colGroups
If Not CBool(ComputerGroupDict.Exists(objGroup.CN)) Then
ComputerGroupDict.Add objGroup.CN, "-"
GetNestedComputer(objGroup)
End If
Next
End Function
'Searches groups recursively to enumerate nested groups
Function GetNestedComputer(objGroup)
Dim colMembers, strMember, strPath, objNestedGroup
On Error Resume Next
colMembers = objGroup.GetEx("memberOf")
For Each strMember In colMembers
If Not strMember = "" Then
strPath = "LDAP://" & strMember
Set objNestedGroup = GetObject(strPath)
If Not CBool(ComputerGroupDict.Exists(objNestedGroup.CN)) Then
ComputerGroupDict.Add objNestedGroup.CN, "-"
GetNested(objNestedGroup)
End If
End If
Next
End Function
'Funtion to find DistinguishedName of User Object using sAMAccountName
Function findDN
Dim objConnection, objCommand, objRecordSet
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
"<LDAP://" & fqDomain & ">;(&(objectCategory=" & "User" & ")" & _
"(samAccountName=" & currentUser & "));samAccountName,distinguishedName;subtree"
Set objRecordSet = objCommand.Execute
If objRecordset.RecordCount = 0 Then
MsgBox("Error: Couldn't get User Groups. Exiting")
WScript.Quit(0)
Else
findDN = objRecordSet.Fields("distinguishedName").Value
objConnection.Close
End If
End Function
'Funtion to find DistinguishedName of Computer Object using name
Function findDNComputer
Dim objConnection, objCommand, objRecordSet
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
"<LDAP://" & fqDomain & ">;(&(objectCategory=" & "Computer" & ")" & _
"(name=" & strComputerName & "));samAccountName,distinguishedName;subtree"
Set objRecordSet = objCommand.Execute
If objRecordset.RecordCount = 0 Then
MsgBox("Error: Couldn't get Computer Groups. Exiting")
WScript.Quit(0)
Else
findDNComputer = objRecordSet.Fields("distinguishedName").Value
objConnection.Close
End If
End Function
2
You can do this exact same command from a workstation as well. You can either grab the dsquery and dsget executables from a DC, or you can install RSAT or the 2003 Admin Toolkit. It's included in both.
3
Do this with PowerShell. VBS is old and busted, PowerShell is the new hotness. Here's a link to a TechNet article that discusses how to code this all out. It also has a lot of good VBS to PS conversion info.
2