Query AD Group Membership Recursively Through SQL

前端未结

关注

 2  1749

暗喜 2020-12-18 01:09

Background

I\'m creating some SQL to assist with security auditing; this will take security info from various systems databases and from Active Dire

2条回答

Happy的楠姐 (楼主)

2020-12-18 01:35

Like this?

--Get all members of a group
SELECT cn,AdsPath 
FROM OPENQUERY (ADSI, ';(&(objectCategory=person)(memberOf:1.2.840.113556.1.4.1941:=CN=Administrators,CN=Builtin,DC=corp,DC=mycorp,DC=com));cn, adspath;subtree')
ORDER BY cn; 

--get all groups a user is a member of
SELECT cn,AdsPath
FROM OPENQUERY (ADSI, ';(&(objectClass=group)(member:1.2.840.113556.1.4.1941:=CN=John Doe,OU=Developers,OU=Staff,DC=corp,DC=mycorp,DC=com));cn, adspath;subtree')
ORDER BY cn;

See http://msdn.microsoft.com/en-us/library/aa746475(VS.85).aspx for recursive search conditions.

0 讨论(0)

查看其它2个回答