- January 19, 2016 at 11:25 am #34063
I am looking at an object in ADAC and I can see the security tab with all the groups and usersnames. How can I use 'get-adobject' to retrieve the same information as displayed in ADAC?January 19, 2016 at 11:28 am #34064
This is from memory and I don't have an AD environment up to quickly test it, but if I remember right, you need to add "ntSecurityDescriptor" to your properties list. That property will be an object similar to what you get from calling Get-Acl on files / folders.January 19, 2016 at 11:29 am #34065
That GUI actually performs several steps to populate that dialog box, and you'd have to duplicate those steps.
For example, group membership isn't tracked as part of the user object. It's tracked as part of the group object. So behind the scenes, the GUI is querying all groups who have xxx user as a member, and then displaying those groups. It isn't a single command, and it's actually fairly complex, but if you're at the command-line you have to do it all.January 19, 2016 at 11:35 am #34068January 19, 2016 at 11:39 am #34070
yeah we need a list of groups and usernames of where the objectclass is "msDS-Azoperation"
It looks like this is going to be a lot more research to accomplish ...January 21, 2016 at 2:00 pm #34149
Thanks with the ACL mention but now we have another problem in which I will post in another question
You must be logged in to reply to this topic.