Listing users that are member of special role

hello
if i have a role that called role1 then how i can list users that are member of this role?
thanks

Try Pete Finnigans who_has_role.sql
http://www.petefinnigan.com/tools.htm

Similar Messages

  • "Office 365 Mailbox" missing for users that are member of Ricipent Management role

    Hi,
    I have a hybrid setup with Office 365 and one exchange 2013 standard server on-premises.
    I currently have an issue with that I have a button after pressing the + under recipient to create a Office 365 mailbox from the ECP, but users that are members of the Recipient Management role don't have that button visible.
    What extra permissions are required to be able to create an Office 365 mailbox from the on-premises Exchange?

    Hi SeidKrv,
    Thanks for your update.
    Following article introuduces the permissions that need to assigned before running "New-Mailbox" command.
    Please focus on "Recipient Provisioning Permissions" session.
    Recipients Permissions
    http://technet.microsoft.com/en-us/library/dd638132(v=exchg.150).aspx
    Based on the article, it seems both Recipient Management role and Organization Management role are required.
    More detailed information on both management role as below:
    1. Administrators who are members of the Recipient Management role group have administrative access to
    create or modify Exchange 2013 recipients within the Exchange 2013 organization.
    2. Administrators that are members of the Organization Management role group have administrative access to the entire Exchange 2013 organization and
    can perform almost any task against any Exchange 2013 object, with some exceptions. By default, members of this role group can't perform mailbox searches and management of unscoped top-level management
    roles.
    Thanks
    Mavis Huang
    TechNet Community Support

  • Script to find users that are a member of more than one of a list of specific groups

    Hi,
    I need to generate a list of users that are members in more than one group, out of a list of specific security groups.  Here's the situation:
    1) We have about 1100 users, all nested under a specific OU called CompanyUsers.  There are sub-OUs under CompanyUsers that users may actually be in.
    2) We have about 75 groups, all directly under a specific OU called AppGroups.  These groups correspond to a user's role within an internal line of business application.  All these groups start with a specific character prefix "xyz", so the group
    name is actually "xyz-approle".
    I want to write a script that tells me if a user from point 1) is a member in more than one group in point 2).  So far, I've come up with a way to enumerate the users to an array:
    $userlist = get-qaduser -searchroot 'dq.ad/dqusers/doral/remote' | select samaccountname |Format-Table -HideTableHeaders
    I also have a way to enumerate all the groups that start with xyz that the user is a member of:
    get-QADMemberOf -identity <username> -name xyz* -Indirect
    I figure I can use the first code line to start a foreach loop that uses the 2nd code line, outputting to CSV format for easy to see manual verification.  But I'm having two problems:
    1) How to get the output to a CSV file in the format <username>,groupa,groupb,etc.
    2) Is there any easier way to do this, say just outputting the users in more than one group?
    Any help/ideas are welcome.
    Thanks in advance!
    John

    Here is a PowerShell script solution. I can't think of way to make this more efficient. You could search for all groups in the specfied OU that start with "xyz", then filter on all users that are members of at least one of these groups. However, I suspect
    that most (if not all) users in the OU are members of at least one such group, and there is no way to filter on users that are members of more than one. This solution returns all users and their direct group memberships, then checks each membership to
    see if it meets the conditions. It outputs the DN of any user that is a member of more than one specfied group:
    # Search CompanyUsers OU.
    strUsersOU = "ou=CompanyUsers,ou=West,dc=MyDomain,dc=com"
    $UsersOU = New-Object System.DirectoryServices.DirectoryEntry $strUsersOU
    # Use the DirectorySearcher class.
    $Searcher = New-Object System.DirectoryServices.DirectorySearcher
    $Searcher.SearchRoot = $UsersOU
    $Searcher.PageSize = 200
    $Searcher.SearchScope = "subtree"
    $Searcher.PropertiesToLoad.Add("distinguishedName") > $Null
    $Searcher.PropertiesToLoad.Add("memberOf") > $Null
    # Filter on all users in the base.
    $Searcher.Filter = "(&(objectCategory=person)(objectClass=user))"
    $Results = $Searcher.FindAll()
    # Enumerate users.
    "Users that are members of more than one specified group:"
    ForEach ($User In $Results)
        $UserDN = $User.properties.Item("distinguishedName")
        $Groups = $User.properties.Item("memberOf")
        # Consider users that are members of at least 2 groups.
        If ($Groups.Count -gt 1)
            # Count number of group memberships.
            $Count = 0
            ForEach ($Group In $Groups)
                # Check if group Common Name starts with the string "xyz".
                If ($Group.StartsWith("cn=xyz"))
                    # Make sure group is in specified OU.
                    If ($Group.Contains(",ou=AppsGroup,"))
                        $Count = $Count +1
                        If ($Count -gt 1)
                            # Output users that are members of more than one specified group.
                            $DN
                            # Break out of the ForEach loop.
                            Break
    Richard Mueller - MVP Directory Services

  • I have a requirement where I have to give the list of users who can access a specific computer. I am new with PS. Do you have a script to list users that can access a computer object of AD ?

    I have a requirement where I have to give the list of users who can access a specific computer define in AD.
    I am new with PS.
    Do you have a script to list users that can access a computer object of AD ?
    I have executed the following script  but it does not give me the access rights of who can access the computer 'computername'
    How can i have this information. please help
    Import-Module activedirectory
    $computer=get-adcomputer "computername" -properties ntSecurityDescriptor
    $omputer.ntsecurityDescriptor.Access | select-object -expandproperty IdentityReference | sort-object -unique

    I would say that, since the OP has so little info, there are no policies in use.  It there were then this question would never be asked the way it is being asked.
    I had a client call with a letter from their insurance company; an accountant with malpractice insurance.  THey asked the same question inmuch the same way.  "What computer can you users access?"  The question should be more like
    "Do you have a policy that restricts access to computers and do you audit for compliance?"
    I have had other clients whose insurance asked the question in that way.  It produces a better view of what should be happening and how to show compliance.
    I recommend that companies being asked these questions by their legal departments or insurance companies should contract with a god computer security consultant to assist with answering these very tricky questions.  Of course if it is just you boss's
    curiosity  then you may need to discuss his requirements with him in more depth.
    ¯\_(ツ)_/¯

  • HT2515 Does iChat work with other users that are on other types of smartphones?  or only Mac phones and Mac mail, contacts, etc?

    Does iChat work with other users that are on other types of smartphones?  or only Mac iPhones and iMac Mail, Contacts, etc?

    Hi,
    The Messages Beta will Send iMessage to iPhones (Messages replaces iChat)
    iChat can SMS to phones
    It needs the computer to be listed as if it in the United States and contacting a Phone that is on a Carrier in the United States that is accepting SMS forwarding from AIM
    You list the Buddy as AIM and then +plus their number as in +123456789
    The computer can be made to "think" it is in the United States in System Preferences > International (or Text a Language in Lion) then Formats tab.
    The Phone has to be a US phone with all the trimmings about AIM's SMS forwarding.
    11:14 PM      Monday; February 20, 2012
    Please, if posting Logs, do not post any Log info after the line "Binary Images for iChat"
      iMac 2.5Ghz 5i 2011 (Lion 10.7.3)
     G4/1GhzDual MDD (Leopard 10.5.8)
     MacBookPro 2Gb (Snow Leopard 10.6.8)
     Mac OS X (10.6.8),
    "Limit the Logs to the Bits above Binary Images."  No, Seriously

  • How to retrieve the users that are following a document using JSOM / REST APIs in SharePoint 2013

    Hi everyone,
    Does anyone know how to use JSOM / REST APIs to retrieve the users that are following a specific document in SharePoint 2013? 
    Thanks in advance,
    Nam

    Hi Nam,
    Please use the sample code to get the followers for the document. Courtesy: Mokhtar
    Bepari 
    using Microsoft.SharePoint.Client;
    using Microsoft.SharePoint.Client.Social;
    ClientContext clientContext = new ClientContext("http://URL");
    SocialFollowingManager followingManager = new SocialFollowingManager(clientContext);
    SocialActorInfo actorInfo = new SocialActorInfo();
    actorInfo.ContentUri = "<documenturl>"; //set the document url.
    actorInfo.ActorType = SocialActorType.Document;
    //By using the GetFollowed method you can get the people who the current user is following.
    ClientResult < SocialActor[] > followedResult = followingManager.GetFollowed(SocialActorTypes.Users);
    //By using the GetFollowers() method you can get the people who are following the current user.
    ClientResult < SocialActor[] > followersResult = followingManager.GetFollowers();
    clientContext.ExecuteQuery();
    Once you get the resultset you can iterate like below:
    foreach(SocialActor actor in followedResult)
    string name = actor.Name;
    string imageURL = actor.ImageUri;
    Please 'propose as answer' if it helped you, also 'vote helpful' if you like this reply.

  • IAC 3.1.1 users who are member of more than one OrgUnit are not able to order services?

    Hi,
    Power Down, Power Cycle, Take Snapshot and Decommission services are not working for users who are member of more than one organization!!
    Error Message:
    The service form could not be submitted because of following error: [newscale][SQLServer JDBC Driver][SQLServer]Conversion failed when converting the nvarchar value '1,2' to data type int.
    Thanks,
    Maz

    Hi,
    Power Down, Power Cycle, Take Snapshot and Decommission services are not working for users who are member of more than one organization!!
    Error Message:
    The service form could not be submitted because of following error: [newscale][SQLServer JDBC Driver][SQLServer]Conversion failed when converting the nvarchar value '1,2' to data type int.
    Thanks,
    Maz

  • How do I chat between users that are under one .mac/MobileMe family acct?

    How do I chat between users that are under one .mac/MobileMe family acct? We are all under one account, but in different locations, using iChat 4.0.5 and OS 10.5.4. Thank you.

    The only way is to create separate accounts under either AIM or Jabber (for example Googletalk). Then everybody logs into iChat with a different user and you can have full iChat functionality (except encryption which works only if you have different .mac accounts). If some members of your family have already a gmail/googlemail account then they can use this account information to log into iChat if you create a Jabber account with the gmail user information. Otherwise go to www.aim.com, request a screen name and use this user information to create an AIM account in iChat.
    Have fun.

  • I have 7 users that are interested in ExportPDF. Do I need 7 separate licenses?

    I have 7 end-users that are interested in ExportPDF. Do I need 7 separate licenses or just one since the service is cloud based?

    Hi candanceh48631207,
    Your assumption is correct. Each subscription is tied to a unique Adobe ID/email address. So, you'll want to purchase a subscription for each user, and have that subscription tied to their Adobe ID/email address.
    Please let us know if you have additional questions.
    Best,
    Sara

  • Find USERS that are using a particulary Forms ??

    It is possibile to find the USERS that are using the a FORMS in application server ??
    I must update sometime a forms, but if the user is using the forms it is not possibile. Find the user i can call it for exit from teh form.
    Thank's a lot.

    I'm not aware of such an information somewhere. We had a similar need (actually we needed something more), and we used DBMS_APPLICATION_INFO package, which updates CLIENT_INFO column in V$SESSION.
    Bad news are : you have to change every Form to do that....but it's not difficult, you can add a call to that package in WHEN-NEW-FORM-INSTANCE trigger in each Form...

  • How to get list of tables/users that are under audit

    Hello,
    For testing perpose I have set audit on many tables and users.
    Is there any view or table from which I get list of objects that are kept under audit?
    Noaudit All command for disabling all of them does not work properly. I have to exactly revert audit to stop.
    Means if I write audit insert on table1;
    Now for disabling this, if I write noaudit all then it dont works but If I write noaudit insert on table1 then it works.
    So I need a list on which objects I start audit.
    Or is there any other way to stop them?
    Regards,
    Bhavin M Mistry...

    Try
    DBA_STMT_AUDIT_OPTS
    DBA_PRIV_AUDIT_OPTS
    DBA_OBJ_AUDIT_OPTS
    SYS@etest> audit role;
    Audit succeeded.
    SYS@etest> SELECT * FROM DBA_STMT_AUDIT_OPTS;
    USER_NAME                      PROXY_NAME
    AUDIT_OPTION                             SUCCESS    FAILURE
    ROLE                                     BY ACCESS  BY ACCESS

  • IDM 6.0 - List users that have exclusions

    For some individuals within a role, we are excluding the Active Directory resource. So what is the easiest way to generate a list of these users that have this exclusion?

    Jim:
    You are referring to creating forms, in IdM parlance. The specific form you are referring to is called a "User Form". When you create an administrator, you can associate a particular user form with that administrator.
    The default user form is called "Tabbed User Form". The easiest way to customize a form is to copy the existing one and remove anything you do not need.
    In the v6.0 manuals, there is a deployment example in "Deployment Overview" manual. Las step for the LDAP deployment is the cutomization of some of the admin forms. That should help.
    It is pretty straightforward once you get the hang of it, but it takes some time to get there.
    Cheers,
    GB

  • How to list files that are NOT in a .jar file?

    Is it possible to list files (resources, .gif/.jpg files, etc.) that are NOT included in the jar but are still to be considered part of the application somewhere in the jnlp-file?
    My applications requires lots of icons which I have put into .gif files. So far I kept them in individual files next to the .jar file and that worked fine.
    JWS now seems to support only stuff that is included in (a) .jar-file(s). That in itself woul not be much of a problem, however, when I include my .gif files into the .jar files they seem to get corrupted by the jar-signing process (at least that what's the code says, which can suddenly not handle these images any more).

    My previous seem to have been non-sense. The .gif file were not corrupted, but rather they were not found at all. They actually must NOT be included in the .jar file, or else they are not found. Strange enough, the .properties-file seemingly HAS to be in the .jar file to be found.
    This is something I'll probably never fully understand with java: which file-types it searches where...

  • ITunes still lists books that are no longer in library or device

    Hi everyone,
    Been searching around the internet and on this forum for a solution but have no luck so far. Hopefully I can get some better results by posting this.
    Summary of the problem:
    My iTunes still shows some old PDFs that are no longer existing in the library. These missing books are listed in the Books section of my iPad (when its connected to the iTunes library). When I connect my iPad to iTunes 12, I can see 2 sections on the left-hand panel - one with the heading "Settings" and another section with the heading "On My Device". Both these sections have a "Books" sub-section under them.The missing books are listed in the "Books" sub-section under the "Settings" section- where I can select the books to sync to the iPad. See picture below:
    These are PDFs and books that I used to have but when I moved my library at some point in time earlier, they were not moved together. But they are still listed here and I can't find a way to remove them.
    I look forward to any help I can get on this issue.
    Thank you!

    Use File > Add folder to library... and select your iTunes Media folder. Anthing already in the library will be ignored, anything else will be added. Once the process is complete sort the library on the Date Added column and remove the tracks that have just been added, sending them to the recycle bin.
    tt2

  • Can OEM list jobs that are executed for 30 minutes

    Hi,
    I want list my mapping jobs that are registered to OEM.
    My condition is the run time is more than 30 minutes.

    Did you look under the "Collections" tab? ePrint jobs are stored for 30 days there.
    ======================================================================================
    * I am an HP employee. *
    ** Make it easier for other people to find solutions, by marking my answer with "Accept as Solution" if it solves your issue. **
    ***Click on White “Kudos” STAR to say thanks!***

Maybe you are looking for