This topic contains 5 replies, has 3 voices, and was last updated by  konfigurationking 2 years, 2 months ago.

  • Author
  • #34063


    I am looking at an object in ADAC and I can see the security tab with all the groups and usersnames. How can I use 'get-adobject' to retrieve the same information as displayed in ADAC?

  • #34064

    Dave Wyatt

    This is from memory and I don't have an AD environment up to quickly test it, but if I remember right, you need to add "ntSecurityDescriptor" to your properties list. That property will be an object similar to what you get from calling Get-Acl on files / folders.

  • #34065

    Don Jones

    That GUI actually performs several steps to populate that dialog box, and you'd have to duplicate those steps.

    For example, group membership isn't tracked as part of the user object. It's tracked as part of the group object. So behind the scenes, the GUI is querying all groups who have xxx user as a member, and then displaying those groups. It isn't a single command, and it's actually fairly complex, but if you're at the command-line you have to do it all.

  • #34068


  • #34070


    yeah we need a list of groups and usernames of where the objectclass is "msDS-Azoperation"

    It looks like this is going to be a lot more research to accomplish ...

  • #34149


    Thanks with the ACL mention but now we have another problem in which I will post in another question

You must be logged in to reply to this topic.