I just need group report with list of all AD groups and the first level nesting, so basically I need attributes as groupname and memberof.
I've attached a custom query report that will list the group name and it's members. It has an additional column which indicates the depth of the member in the group.
I.e. 0 indicates immediate member,1 indicates child of the immediate member and so on..
The report also takes the depth as a parameter, so you can specify the level of nesting.
Please look at the report and let us if it helps.
I am sorry if I was not clear but I need "memberof" attribute rather than "member" attribute.
I've attached an updated report that lists all members (type G) and the groups they are a 'memberOf'.
Please let me know if this helps.
sorry to say this but you still did not understand me. I need the "memeberof" attribute for that particular account highlighted in yellow below.
cn: Domain Adminsmember: CN=Service ID\, Domain Admin 3,OU=Admin_Users,OU=Restricted,DC=dummy,DC=ge,DC=commemberOf: CN=DA Admins,CN=Users,DC=dummy,DC=localmemberOf: CN=Administrators,CN=Builtin,DC=dummy,DC=ge,DC=comsAMAccountName: Domain Admins
Also is it possible to speficy the domain as we have other domains and local groups in the DB that I dont want to pick up.
I'll just in here just to get some clarification. The memberof attribute contains the distinguished name of the groups that an account is a memberof, within the forest. The same data can be calculated by using the member attribute of all groups in the environment. The query Aravind supplied does this. Are you looking for this query to return the Distinguished Name of the groups as well.
Can someone call me or I can call you to explain this as I have verified the data and it does not seem correct.
I need this by Monday as there is Audit going on in GE Capital and if we cant get this done then we will have to remove this product from all the domains, as we cant get the correct report we need.
we have this installed on 4 different forest in Capital.
Just got off the phone with Anderson. We implemented a new report from Aravind that removed the tombstoned data as well allowed us to define the domain. This appeared to provide correct results as we double checked with a query in Active Directory. Anderson will update the thread if he has any additional questions.