How to get repitative group a user is member of

Hi,
i have a user in our domain who is member of number of groups. This means in MemberOF tab of the user there are larg number of groups. Now i want to remove some groups which are repitated.
Example -
1. In MemberOf Tab - properties  tab -- of John, there are 3 DL/SG "Group_1" and "Group_2" and "Group_3".   
2. Now "Group_3" is a member of "group_1". So i want to remove "Group_3" from the MemberOf Tab of John properties. This will reduce the MemberOf List.  
3. how to do i find this repetative Groups using powershell ?
Please let me know if my query is not clear.
Thanks for your help.

The following PowerShell script worked well in my test domain. I did not use the AD Module cmdlets, as they are generally slower when you deal with large resultsets (all groups and all users in the domain). This script simply outputs all cases where any
user is a member of both a group, and a nested member of the group. This will reveal the extent of issue, and whether you want to "correct" all such cases. In place of the statement that outputs the cases, you can add code to "correct"
it (remove membership in $Member, the child group, for the user).
# UserNestedGroups.ps1
# Script to find cases where users are members of both a group and a
# nested group member of the group.
# Hash table of groups and their direct group members.
$GroupMembers = @{}
# Search entire domain.
$Domain = [System.DirectoryServices.ActiveDirectory.Domain]::GetCurrentDomain()
$Root =
$Domain.GetDirectoryEntry()
$Searcher = [System.DirectoryServices.DirectorySearcher]$Root
$Searcher.PageSize
= 200
$Searcher.SearchScope
= "subtree"
$Searcher.PropertiesToLoad.Add("distinguishedName") >
$Null
$Searcher.PropertiesToLoad.Add("member") >
$Null
# Filter on all group objects.
$Searcher.Filter =
"(objectCategory=group)"
$Results =
$Searcher.FindAll()
# Enumerate groups and populate Hash table. The key value will be
# the Distinguished Name of the group. The item value will be an array
# of the Distinguished Names of all members of the group that are groups.
# The item value starts out as an empty array, since we don't know yet
# which members are groups.
ForEach ($Group
In $Results)
    $DN
= [string]$Group.properties.Item("distinguishedName")
    $Script:GroupMembers.Add($DN, @())
# Enumerate the groups again to populate the item value arrays.
# Now we can check each member to see if it is a group.
ForEach ($Group
In $Results)
    $DN
= [string]$Group.properties.Item("distinguishedName")
    $Members
= @($Group.properties.Item("member"))
    # Enumerate the members of the group.
    ForEach ($Member
In $Members)
        # Check if the member is a group.
        If ($Script:GroupMembers.ContainsKey($Member))
            # Add the Distinguished Name of this member to the item value array.
            $Script:GroupMembers[$DN] +=
$Member
# Retrieve all user objects and their direct group memberships (except primary).
$Searcher2 = [System.DirectoryServices.DirectorySearcher]$Root
$Searcher2.PageSize
= 200
$Searcher2.SearchScope
= "subtree"
$Searcher2.PropertiesToLoad.Add("distinguishedName") >
$Null
$Searcher2.PropertiesToLoad.Add("memberOf") >
$Null
# Filter on all user objects.
$Searcher2.Filter =
"(&(objectCategory=person)(objectClass=user))"
$Results =
$Searcher2.FindAll()
# Enumerate users and their direct group memberships.
ForEach ($User
In $Results)
    $DN
= [string]$User.properties.Item("distinguishedName")
    $Groups
= @($User.properties.Item("memberOf"))
    ForEach ($Group
In $Groups)
        # Enumerate all group members of $Group.
        ForEach ($Member
In $Script:GroupMembers[$Group])
            # Check if user is also a member of $Member.
            If ($Groups
-Contains $Member)
                "User $DN is a member of:`n  Parent: $Group`n  Child: $Member"
Note, if you copy the script above you will need to correct the cases of word wrapping. I try to avoid using scroll bars, even for code.
Richard Mueller - MVP Directory Services

Similar Messages

  • How to get the groups a computer is member of in AD with Quest Powershell?

    Hi all
    I would need a script in Quest PowerShell that gathers the groups that multiple computers are member of in Active Directory. I have this script, but what it does is to get USERNAMES from a .txt file and then display the groups
    each user is member of in AD. I couldn't modified it so instead of USERNAMES in the txt file I can put computers name, here's the code:
    $out = @()
    Get-Content M:\Tools\Reportes_Power_Shell\Contenedor_Power_Shell\Users.txt | ForEach {
    $date = (Get-Date).ToString()
    $username = $_
    $displayName = (Get-QADUser $username -Properties DisplayName).DisplayName
    $groups = Get-QADMemberOf $username | Sort-Object Name
    ForEach ( $group in $groups ) {
    $obj = New-Object -TypeName PSObject
    $obj | Add-Member -MemberType NoteProperty -Name Date -Value $date
    $obj | Add-Member -MemberType NoteProperty -Name UserName -Value $username
    $obj | Add-Member -MemberType NoteProperty -Name DisplayName -Value $displayName
    $obj | Add-Member -MemberType NoteProperty -Name GroupName -Value $group.name
    $out += $obj
    $out | Export-CSV M:\Tools\Reportes_Power_Shell\Reportes_de_Power_Shell_y_AD_Info\Users_Memberships.csv
    Thanks!

    I did it but didn't work out, I get this error:
    Get-QADMemberOf : Ambiguous identity: <NAME OF THE COMPUTER>.
    At line:5 char:30
    +     $groups = Get-QADMemberOf <<<<  $username | Sort-Object Name
        + CategoryInfo          : NotSpecified: (:) [Get-QADMemberOf], IdentityException
        + FullyQualifiedErrorId : Quest.ActiveRoles.ArsPowerShellSnapIn.BusinessLogic.IdentityException,Quest.ActiveRoles.
       ArsPowerShellSnapIn.Powershell.Cmdlets.GetMemberOfCmdlet
    I can't help with Quest, but here's an example using the AD module:
    Get-Content .\computerList.txt | ForEach {
    $computerName = $_
    $props = @{
    ComputerName = $computerName
    Groups = ''
    try {
    $details = Get-ADComputer $computerName -Properties memberOf -ErrorAction Stop
    $props.Groups = (($details.memberOf | ForEach { (Get-ADGroup $_).Name }) | Sort) -join ','
    } catch {
    $props.Groups = 'ERROR'
    New-Object PsObject -Property $props
    } | Select ComputerName,Groups | Export-Csv .\GroupList.csv -NoTypeInformation
    Don't retire TechNet! -
    (Don't give up yet - 13,085+ strong and growing)

  • How to get the list of users who has access for list of tcodes.

    How to get the list of users who has access for list of tcodes.

    Go to transaction SUIM, this has a number of reports for users/authorisations
    open the Where used>Autorization Values>In Users
    and double click to execute
    in authorisation object, enter S_TCODE
    then press the "Enter Values" button
    It will offer entry boxes to put the transaction code you are interesed in.
    Then execute and the list of users with access to this transaciton code will be returned.

  • How to get the room id & user id in our component

    Hi Experts,
    Collaboration -> Rooms -> Room Directory
    It will show the available rooms
    Select restricted room tab in that.
    That will show the restricted room list, if you are not a member of the room you can request the room by clicking context menu of the room and select the “Request Membership” option. Then it will send the mail to the owner of the room.
    In that UI commend they mapped with the roomid and userid.
    I need to know how to get the room id & user id in our component.
    How to get the Room Id dynamically?
    Can anybody help me for this?
    Helpful answers will appreciate.
    Thanks and Regards,
    Kathiresan R

    Hi Kathiresan,
    you can get the Room ID and the User ID over the API.
    Getting User ID within WebDynpro application:
    IUser user = WDClientUser.getCurrentUser().getSAPUser();
    String logonId = user.getUniqueId();
    Getting User ID within custom Portal Component:
    IPortalComponentRequest request = (IPortalComponentRequest) httpRequest;
    IUser user = request.getUser();
    String logonId = user.getUniqueId();
    Getting Room Id of a user who belongs to this room:
    IUser user = request.getUser();
    IRooms roomsAPI = (IRooms) PortalRuntime.getRuntimeResources().getService(IRooms.PORTAL_SERVICE_ID);
    IRoom[] myRooms = roomsAPI.getAllRoomsForUser(user);
    String roomId = "";
    for (int i=0; i<myRooms.length; i++) {
      IRoom room = myRooms<i>;
      if (room.getName.equals('nameOfRoomToFind')) {
        roomId = room.getId();
    Greets
    Denis

  • Let me know how to get screen size of user..

    Hi.
    I'm going to change a container size in a screen, dynamically.
    I want to know that an user's screen is 1024X768 or others..
    Let me know how to get screen size of user's computer.
    Best Regards.
    Kil - Nam.

    Look at Re: SAPgui window size (+)
    Regards

  • How to get the  ESS & MSS users in ECC 6.0  into portal

    Hi Experts
    How to get the  ESS & MSS users in ECC 6.0  into portal
    Thanks
    Daya

    Hi,
    You need to have SSO in between ECC and portal and use ABAP engine as your UME.
    then ECC users can directly login to portal using the same user id and password.
    Or you can create the ECC system in portal and user mapping should be done for every user to the ECC system.
    Thanks,
    gopal

  • How to get system status and user status ?

    how to get system status and user status for the given production order?
    In which PP table we can
    find these?
    Thanks&Regards
    Satish

    Hi Ram,
    Use the FM "STATUS_READ" to read both the system and user statuses for an Order.
    Alternatively, the following tables store the user and system status info:
    JSTO- Status object information
    JEST- Individual Object Status
    Hope this helps.
    Let me know if u need further information.
    Regards,
    Sonal

  • How to get Reports for specific User that how many password has been reset using FIM SSPR in FIM 2010 R2 SSPR

    Hi,
    How to get Reports for specific User that how many password has been reset using FIM SSPR in FIM 2010 R2 SSPR
    Regards
    Anil Kumar

    Hello there Anil,
    A simple way to quickly get a overview is to look at the request history within the portal environment (note that this will expire in a few day based on your environment, after that you would need to FIM Reporting Module - but you could increase this to
    maybe 60 days to so, watch the DB size).
    To do this you could create some custom search scopes of do some custom queries. The creator of the SSPR activities always has the same GUID so you can use that so search.
    In your search scope you can use the following XPath to play with.
    - All Password Reset Requests - /Request[Creator='b0b36673-d43b-4cfa-a7a2-aff14fd90522' and Operation='Put']
    - All Completed Password Reset Requests - /Request[Creator='b0b36673-d43b-4cfa-a7a2-aff14fd90522' and RequestStatus=‘Completed']
    You can play with the "RequestStatus".
    Hope this helps.
    Almero Steyn (http://www.puttyq.com) [If a post helps to resolve your issue, please click the "Mark as Answer" of that post or "Helpful" button of that post. By marking a post as Answered or Helpful, you help others find the answer
    faster.]

  • Using ldap Network Management Functions how to get nested groups that are members of a parent group

    Using NetLocalGetMembers() I can get the users withing a group
    Using NetUserGetGroups() I can get the groups a user is part of.
    However, I cant find a function that will list the GROUPS that are part of another group.
    I have a group called APP_ADMIN,  it has user1, user2 and also groups ADMIN_GRP_A and ADMIN_GROUP_B
    I need a function to return ADMIN_GROUP_A, ADMIN_GOUP_B if I pass in APP_ADMIN
    or Alternativly, given ADMIN_GROUP_A give me its parent group (APP_ADMIN)
    I am writing a C++  dll that accesses these functions.

    Hi,
    Plz check this link.
    http://gallery.technet.microsoft.com/scriptcenter/Get-nested-group-15f725f2
    Ashish Gaur

  • How to get list of active users with the details like samaccountname, name, department, job tittle, email in active directoy?

    how to get list of active users with the details like samaccountname, name, department, job tittle, email in active directoy?

    You can use third party software True Last Logon 2.9.You can export the file in excel for report creation.You can use the trial version this will achieve what you are looking for.
    True Last Logon displays the following Active Directory information:
    --Users real name and logon name
    --Detailed account status
    --Last Logon Date & Time
    --Last Logon Timestamp (Replicated value)
    --Account Expiry Date & Time
    --Enabled or Disabled Account
    --Locked Accounts
    --Password Expires
    --Password Last Set Date & Time
    --Logon Count
    --Bad Password Count
    --Expiry Date
    --You can also query for any other attribute (Example: Description, telephone Number, custom attibutes etc)
    Refer the below link for trial version:
    http://www.dovestones.com/products/True_Last_Logon.asp
    Best Regards,
    Sandesh Dubey.
    MCSE|MCSA:Messaging|MCTS|MCITP:Enterprise Adminitrator |
    My Blog
    Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights.

  • How to get the active application users IP address in R12 by sql command

    Hi ,
    I need to know how to get the active application users IP in R12 by sql command
    in order to kill any session by the IP address ?
    Am working on 12.1.3 Application
    And 11.2.0.3 Oracle Database
    Thanks

    936921 wrote:
    Am still couldn't found the IP address for the connected Application users.
    If there any select statement can help me with that?
    Really? Then how do you explain me finding the following docs from the links I referenced above?
    How To Find The IP Address Of The Client Machine From Where A Particular Forms User Is Connected ? (Doc ID 879092.1)
    How to Track IP Address of the Form Session in Oracle application 11i (Doc ID 878931.1)
    Where to find the Client IP Address for a Client in E-Business Suite? (Doc ID 1258415.1)
    How To Get The terminal ID For The Machine From Which A User Is Logged To E-Business Suite Applications (Doc ID 751658.1)
    Thanks,
    Hussein

  • How to get/capture log-on user name on PC (work station)

    Hi,
    Colud anyone give me how to get/capture log-on user name on my PC (work station)?
    I need to get the infomation by using a function module.
    Kind regards,
    Hisao

    Hi,
    TH_USER_INFO shows me terminal ID, IP address and other information. howerver it does't show me log-on user name of OS.
    Kind regards,
    Hisao

  • How to get SharePoint Groups using Javascript in SP2013 ?

    How to get SharePoint Groups using Javascript in SP2013 , not JSOM please

    Here is the code that worked for me:
    <script type="text/javascript">
    var requestUri = _spPageContextInfo.webAbsoluteUrl + "/_api/web/sitegroups";
      var requestHeaders = { "accept" : "application/json;odata=verbose" };
      $.ajax({
        url : requestUri,
        contentType : "application/json;odata=verbose",
        headers : requestHeaders,
        success : onSuccess,
        error : onError
      function onSuccess(data, request){
    var s='';
     for (var i = 0; i < data.d.results.length; i++)
    s +=data.d.results[i].LoginName+'\n';
        alert(s);
     function onError(error) {
        alert("error");
    </script>

  • How to get the groups info for user

    Hi guys i am new to ALUI..
    i am trying to do some enhancement.
    i want to know how to get the information of the users group and the group details using the IDK API?
    Can sombody share some code?

    Hello,
    You are welcome. Here is one way of get what you want:
    1) get all groups id's
    IPortletContext - >IRemoteSession -> IUserManager - > getCurrentUserGroups() -> int []
    2) get details about group
    IRemoteSession.getObjectManager(ObjectClass.UserGroup ) ->
    cycle over int []: {
    IObjectManager -> querySingleObject(comminity id) -> IObjectQueryRow -> getName()
    Because you are going to use PRC and make SOAP calls to portal don't forget setup WS to pass token to portlet (check WS settings)
    Edited by Bryazgin at 05/29/2008 7:48 PM

  • LabVIEW 8.0:: How to get the group name of a user logged to a NI Security Domain?

    Hello all,
    I am using LabVIEW 8.0 PDS.
    I created a new local domain called "MyDomain" in the "NI Domain Account Manager" . I added a new User called "MyUser" and a new group called "Maintenance". I set "MyUser" to be a member of the "Maintenance" group. Then, I configured LabVIEW to invoke the login dialog at start-up in order to log "MyUser" with the correct password.
    I would like to get the group name of the current user logged programmatically in a VI. I tried with the VI Server >> Application >> Security properties and methods and also with the properties and methods of the NI Security Class but it seems to be not so simple as I believed at start.
    I do not find any informations or KB on this (all the documents I found deal with LV DSC or TestStand).
     The final goal is to be able to manage a list of user for my application. Each user is a member of a group ("Administrator", "Operator", "Maintenance") and depending on the group, the user can or cannot access to some parts of the application.
    Thanks for your help.
    Matthieu
    Eurilogic

    Re,
    Here is a screenshot of this functions...
    If you really own LV DSC 8.2 the best thing to do is to reinstall it.
    Regards, 
    Message Edité par Richard K. le 04-02-2007 04:00 AM
    Richard Keromen
    National Instruments France
    #adMrkt{text-align: center;font-size:11px; font-weight: bold;} #adMrkt a {text-decoration: none;} #adMrkt a:hover{font-size: 9px;} #adMrkt a span{display: none;} #adMrkt a:hover span{display: block;}
    >> Découvrez, en vidéo, les innovations technologiques réalisées en éco-conception
    Attachments:
    security.jpg ‏3841 KB

Maybe you are looking for

  • How does one use Storeit Link to import bulk data on an ipod and how can I use the browser on my PC to connect to the ipod

    I have purchased StoreIt (and also SQLite Console) for my iPod but it is not clear to me how to import a CSV file into a StoreIt "category", after reading and rereading the documentation at http://www.database4iphone.com/faq/import-text-file-into-sto

  • Sync date and time with NTP??

    Hi all, I'm looking to figure out how my Solaris 10 sync is date/time. I've looked in /etc/inet/ntp.conf and the file doesn't exist. I've looked at the "svc -l ntp" and here's what I got fmri         svc:/network/ntp:default name         Network Time

  • Rpd Error

    Hi, I am creating the Hierarchy for the table Regions_D. These is having two columns REGION_ID and REGION_NAME . After creating i am getting the below error Under RegID----REGION_ID and RegionName------REGION_NAME [nQSError: 15001] Could not load nav

  • Catalyst keeps resetting overscan [SOLVED]

    I installed Catalyst to get my Radeon video card to stop running so hot, and that problem was solved. Went from around 170 F to near room temperature. However, now I have a new problem... Every time I start X, I have to start up the Catalyst control

  • Refreshing an ADF Table After update

    I have an ADF Table which has multiple records. I want the table should refresh after I change some field and press commit.