LDAP Query for particular user account in local Administrators group on All Enabled Computer Accounts

Need to query on all enabled computer accounts that have a particular user account present in the local Administrators group.
Ldap query is best, because not all our machines have SCCM client
Thanks for any help you can provide. Lisa

Ya, I have 41800+ computer accounts in my directory. I think that option is not feasible :) Thanks for your reply.
I can use SCCM to do this too, but only for those that the client is running on and which are online. Thanks again.
Hope is not all lost; a scripting solution is still possible.  The difference is instead of running a central script to pull info from all computers, you let the computers report back to you with the info.
If I were you, I'd do the following:
1) Create a file share and adjust the permissions so that "Domain Computers" have "Modify" Permissions.
2) Create a script similar to the 2nd link I posted above, with a bit of adjustment:  at the end of the script, write the information to the file share created in (1), and name the file
ComputerName.txt
3) Use Group Policy Preference Scheduled Task to deploy the script, and make sure it only runs once.
4) Happily wait for the results to come back :)
The main benefit of this approach is you're not restricted by the computer connectivity at the moment you run the script.  This is especially true if you have many mobile computers in your environment.  Just wait for a reasonable time (they all need
to come back to the mother ship once a while don't they?) and the results will show up in the file share you created.
Cheers.

Similar Messages

  • Network dive map issue for particular user account.

    Hi,
    My one of the user want to access network drive.  But when he logoff or restart the system, he lost the map drive.
    He is a domain user. He already have few map drive in his profile.  But now he need to map one more network drive. And special requirement is he want to access that map drive from any system from our organization. And that drive should not
    get disconnect/dismount after he logoff or restart the system. 
    Note:  User XYZ wants to access particular map network drive form any system, where he login in domain. And
    no other user should be able to see or access that particular map drive.  
    Also if user XYZ logoff or reboot the own system, Then when next time he will login again from any system, he must be able to see and access that particular
    map drive.
    How do i configure this....Please help.
    Regards,
    Santosh Pawar 

    Hi,
    Using Group Policy Preferences to Map Drives could meet your requirement. It based on group membership.
    About how to get it, please refer to this guide:
    Using Group Policy Preferences to Map Drives Based on Group Membership
    https://blogs.technet.com/b/askds/archive/2009/01/07/using-group-policy-preferences-to-map-drives-based-on-group-membership.aspx 
    For further help, I would like to suggest you ask Directory Services forum:
    https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverDS
    Karen Hu
    TechNet Community Support

  • Add Local Users to the Local Admin Group

    I am looking either via GPO or Third Party Tool.  I would like to add 6 Users to the Local Admin Groups on all the computers running Windows 7/8.  I want to Create a Group called "OUR Local Admins" and add these 6 local users (Not domain
    Users) to this Group and then nest this Group into the Local Admin Group Built-in into Windows 8
    Thank u

    > local users (Not domain Users) to this Group and then nest this Group
    > into the Local Admin Group Built-in into Windows 8
    You cannot nest local groups.
    Greetings/Grüße,
    Martin
    Mal ein
    gutes Buch über GPOs lesen?
    Good or bad GPOs? - my blog…
    And if IT bothers me -
    coke bottle design refreshment (-:

  • How to find out when was local administrators group changed

    Hi
    Is there any way how to find out when was user added to local administrators group on server(2003 to 2012) ?

    Hi,
    If you have auditing enabled for "Audit account management" and your security logs are not overwritten then you can look for a 4732 or 636 (Windows 2003) event ids.
    https://technet.microsoft.com/en-us/library/cc737542(v=ws.10).aspx
    https://technet.microsoft.com/en-us/library/dd772663(v=ws.10).aspx
    Hope it helps.
    Regards,
    Calin

  • SCCM 2012 - How to add domain id to local administrator group of all clients

    SCCM 2012 - How to add domain id to local administrator group of all clients
    Hi,
    i have a domain id sccmadmin which is a part of domain admins group too.
    Need to add this ID to the local administrators group of all clients. How do I do this? Please help!

    Hi ,
    you need to choose the second option .
    First option will remove all the domains users from the local administrator group available in all the PC'S .Then local administrator group will only have the users updated on the members list present in group policy.
    Note : Local admins accounts on the local administrators groups will not be removed.
    Second option will add the newly created group to the local administrator group in all the PC'S and it will not remove the existing members in the local administrators group.
    Step 1 : Just try to create one new group for SCCM management .
    Step 2 : Then add the SCCM account to that group.
    Step 3 : Then please create a new group policy on that just choose the second option.On that option just add the newly created group to be an member of administrator group in all the PC'S
    Why i have asked you to create a new group ?
    Because in second option , we don't have a option to add a individual user .
    Once you have created a group policy it will like below snap.
    As an additional i will tell how to find the newly created group policy is applying to computer objects or not ans also i will tell you how to force update the group policy 
    1.gpresult /r ----> To find the which group policy is applying on user and computer object .
    2.rsop.msc ----> There you can able to find the change has been applied or not .
    3.gpupdate /force -----> Forcefully updating the group policy in a client machine 
    4.In gpmc.msc there is one option called group policy results .That option will be used for centralized management to find the policies that are applied to a user and computer account.
    5.Just check the event viewer in all the PC'S for group policy related events.
    Most importantly you need to make sure all the computer accounts are placed in an ou ,where the newly created group policy is applying and also make sure that OU doesn't contain any inheritance block.
    Please feel free to reply me if you have any queries.
    Thanks & Regards S.Nithyanandham

  • No data to retrieve in Query 1 for particular User

    Error: No data to retrieve in Query 1 for particular User
    Hello,
    We have webi report in 3.1 version which is running fine in Infoview for particular user.
    But when same report is send into Inbox of other user and if user try to run it in infoview it is giving below error.
    "No data to retrieve in Query 1"
    All the security and  group member level settings for both the user are exactly same. What could be the reason for this behaviour.
    Thanks

    Can you please check user is part of which group in enterprise receipts group.
    Also please check dynamic receipts tab of publication where data can be filtered
    Thanks,
    Swapnil

  • How to find out responsibility attached for particular user through query

    hi
    How to find out responsibility attached for particular user through query
    Regards
    9841672839

    Hi,
    Following sql will help you find the responsibilities associated with the users in oracle applications.
    SELECT frt.RESPONSIBILITY_NAME, furg.end_date
    FROM
    fnd_user_resp_groups furg,
    FND_RESPONSIBILITY fr,
    fnd_responsibility_tl frt,
    fnd_user fu
    WHERE fu.user_name = ‘&&username’
    AND fu.user_id = furg.user_id
    AND furg.responsibility_id = fr.RESPONSIBILITY_ID
    AND frt.responsibility_id = fr.RESPONSIBILITY_ID
    ORDER BY 1
    Cheers...

  • What is the difference between using the command "dsmgmt" and the "Managed By" tab when adding users to the local administrators Account on a Read-Only Domain Controller?

    When I use the
    "dsmgmt" command to add a user to the local administrators account of a RODC I can actually see the user when I use the "Show Role Administrators" parameter. However, I can't see the members of the
    group added to the "Managed By" tab of the RODC object in AD. Even though, the users added using
    "dsmgmt" and by the "Managed By" tab can all log in locally and have admin rights to the RODC. Are there any differences between these two ways of adding users to the local administrators account? 

    Hi,
    For groups, managedBy is an administrative convenience to designate “group admins”. Whatever principal listed in
    managedBy gets permission to update a group’s membership (the actual security is updated on the group’s AD object to allow this).
    In Win2008 and later managedBy also became the way you delegated local administration on an RODC, allowing branch admins to install patches, manage shares, etc. (http://technet.microsoft.com/en-us/library/cc755310(WS.10).aspx). 
    On the RODC, this is updating the RepairAdmin registry value within RODCRoles.
    So the difference between them should be only the way they do the same thing.
    For more details, please refer to the below article:
    http://blogs.technet.com/b/askds/archive/2011/06/24/friday-mail-sack-wahoo-edition.aspx
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • IW32- order-print is giving error for particular User.

    Dear Friends,
    IW32- order-print is giving error for particular User and output type.  Debugging authorization restricted on the system, hence I canu2019t trace out the problem. If anybody comes across such issues, please reply to the post.
    Thanks In Advance for your reply.
    Anil Dasari
    Thanks In Advance.

    Hi,
    Information about dump:
    1. User and Transaction:
    Runtime Errors         MESSAGE_TYPE_X
    Date and Time          06.05.2011 10:47:40
         MM Used. 13116304
         MM Free. 3639760
    User and Transaction
         Client.............. 700
         User................ "BLADEF01"
         Language key........ "N"
         Transaction......... "IW32 "
         Transactions ID..... "4DC387ECA12B684DE10000001A5B1803"
         Program............. "/MRSS/SAPLRSG_PM_ORDER"
         Screen.............. "SAPLCOIH 3000"
         Screen line......... 33
    Information on where terminated
         Termination occurred in the ABAP program "/MRSS/SAPLRSG_PM_ORDER" - in
          "/MRSS/RSG_MAINTAIN_MRS".
         The main program was "SAPLCOIH ".
         In the source code you have the termination point in line 441
         of the (Include) program "/MRSS/LRSG_PM_ORDERU04".
    2. Info. Where it got terminated.
    Information on where terminated
        Termination occurred in the ABAP program "/MRSS/SAPLRSG_PM_ORDER" - in
         "/MRSS/RSG_MAINTAIN_MRS".
        The main program was "SAPLCOIH ".
        In the source code you have the termination point in line 441
        of the (Include) program "/MRSS/LRSG_PM_ORDERU04".
    3. How to correct the error.
    How to correct the error
        Probably the only way to eliminate the error is to correct the program.
        If the error occures in a non-modified SAP program, you may be able to
        find an interim solution in an SAP Note.
        If you have access to SAP Notes, carry out a search with the following
        keywords:
        "MESSAGE_TYPE_X" " "
        "/MRSS/SAPLRSG_PM_ORDER" or "/MRSS/LRSG_PM_ORDERU04"
        "/MRSS/RSG_MAINTAIN_MRS"
        If you cannot solve the problem yourself and want to send an error
        notification to SAP, include the following information:
        1.1. The description of the current problem (short dump)
           To save the description, choose "System->List->Save->Local File
        (Unconverted)".
        2.2. Corresponding system log
           Display the system log by calling transaction SM21.
           Restrict the time interval to 10 minutes before and five minutes
        after the short dump. Then choose "System->List->Save->Local File
        (Unconverted)".
        3.3. If the problem occurs in a problem of your own or a modified SAP.
    I have been searching for notes recently implemented for IW32.
    Thanks and Regards,
    ANIL DASARI

  • Identify if a particular user is authenticated locally in Apps 11i/R12

    Hi,
    How to identify if a particular user is authenticated locally in Apps 11i/R12 or against OID?
    I think FND_USER TABLE.
    Thanks

    Correct - if the USER_GUID in FND_USER is populated, then the user is authenticated via OID/SSO, else user is authenticated locally.
    MOS Doc 444573.1 - Basic checks for user integration when using Oracle E-Business Suite 11i with Oracle AS 10g
    HTH
    Srini

  • Lock a tcode for particular user

    Hi Experts
    i need to lock few transaction for particular users only. we have n number of roles and the transactions have been assigned to some tcodes to be reasticted  for a list of users. is there any method or program to built to restrict the users for few tcodes.is there any more query pl trigger me
    regards
    bala

    hi
    sagar:
    as you said if i start creating roles to restrict some users then there atleast 25 tcodes are there to restrict and 120 roles are to be analyzed and the job becomes hefty by creating roles and there will too many number of roles and it becomes confusion in future forecast. there fore i nedd any suggestion like that the userscan be restricted when they are trying to access that particular code or lock the screen or inform them to not access these tcodes thro some message or writing a program to restrict the users while the user exits. i have an idea but i dont know how it will work - ( I am not a ABAPER) there should be tcode or program which should list tcodes authorized for particular users and where they can be locked like SM01 ( but it will lock for all) but locking for particular users
    Am i more advanced??
    regards
    bala

  • Information related to Outstanding Shopping carts for particular User

    Hello All,
    Is there any way(FM / table) by which we can get below info for any particular user:
    1. All the SC he/she has raised
    2. The outstanding SC's for particular user. (For eg: SC with amt 100, but only 70 has been confirmed)
    Thanks,
    Dhananjay

    Hello All,
    Even I am also looking for same kind of report. I have query to delete user, but before deleting user I want to confirm is there any open SC or Held SC.
    Kinldy let me know.
    Thanks in advance.
    Regards
    Sharan

  • How to disable Wifi for one user account?

    Hi.
    I am setting up very restricted user account in Lion that I want to use on gigs when using Ableton Live 8 on stage.
    Basically, my user account should just allow to run Live 8 and nothing else.
    Is it possible that the airport get switched off when login into this particular user account?
    Thanks in advance for your help

    EDIT: If the stuff below seems more complicated than you wish to be involved in, feel free to ignore it.
    The Mac will send packets bound for the Internet to the Top-Most ACTIVE interface listed in the left side of the box at:
    System Preferences > Network
    If you set the 'Service Order' to have Ethernet at the top, whenever Ethernet is working, Wi-Fi will be ignored.
    Set Service order is available using the gear Icon at the bottom of that box.
    So all my Internet traffic is going over my Ethernet connection, even though Wi-Fi is still connected and nominally "active".

  • Safari 3.1.2 crashes on startup, but only for one user account

    This is weird: If I'm logged in as one user and launch Safari, it strugggles and grinds the disk for a long time, brings my start page up partway, then crashes. If I'm logged in as another user on the same machine, Safari launches in mere seconds and works fine. I have tried re-installing Safari from scratch, and have also deleted the Library/Safari folder, all to no avail. There is clearly something about this particular user account that's messed up, but I don't know what.
    This is on an 1-GHz iBook G4 running OSX 10.4.11. Safari used to work fine on this user account as well, and I don't know what might have changed.

    First, have you installed any programs in that particular user account that are intended to enhance Safari or otherwise might influence internet/browsing activity? If so, uninstall those programs using their installers (which often have an uninstall option) or an included uninstaller if applicable.
    If you don't have any such programs installed, or that doesn't fix the problem: Make sure you're logged into the account where Safari is having problems, make sure Safari is quit, and then open that user's home folder (indicated in a Finder window sidebar by the little house icon with the username) and open the Library folder inside it, then the Preferences window inside that.
    (In other words navigate to \~/Library/Preferences, where "~" is the user's home folder.)
    Locate the "com.apple.Safari.plist" file in that preferences folder and drag it to the trash.
    Launch Safari and check to see if it's any better now.
    Message was edited by: Rachel R

  • Is it possible to setup a different language for the user account?

    Hi,
    My server is in English but many of my users will use French.
    Can I setup in WGM a different language (international) for the user?

    The settings are changed in at least three locations for a user account. Changes are made to ~/Library/Preferences/.GlobalPreferences, ~/Library/Preferences/com.apple.HIToolBox.plist, and ~/Library/Preferences/ByHost/com.apple.HIToolBox.<MACAddress>.plist. There are a lot of keys in there that get changed and might vary between 10.4.x and 10.5.x -if you have a mixed OS environment. So while you you may be able to import the first two into WGM, the last one might be the most trouble as it's machine specific.
    If you gave access to the 'International' System Prefpane, it wouldn't affect anything but the student account since their prefs are saved to a network location or to their local PHD account. Changes would revert to whatever the system default preferences were on logout. Those would be the prefs in /Library/Preferences.
    The 'International' System Prefpane has many listings for the other language choices that are installed on the system which could be a source of confusion for student users. Removing those resources, using certain tools like MonoLingual, can make certain software behave badly or even make the system unusable. Use with caution.

Maybe you are looking for