Get Users Group Membership usage

May 22, 2013 at 3:25 PM
I was thinking this module could be used to grab recursive groups when a user is passed. I don't see where to set the user input, nor does the output seem to be very well defined.

Any help on how to use this module would be greatly appreciated, thinking about using powershell to implement, but this looked like exactly what I was looking for.

Thanks in advance
May 22, 2013 at 6:46 PM
The first thing you would need to do is define your input (text file, grabbing from AD, etc) and get the distinguished name of the user. After you get the distinguished name, delete the "contoso" information from the LDAP and right-click --> Subscribe and put the distinguished name. After you do that, you will need to figure out what you are going to use the information for. You can use an "Append Line" and dump the information to a text file.
May 22, 2013 at 10:17 PM
The older version 3.0 didn't work. 4.0 or 4.1 do. My question is that I really need a recursive group list so I can see ALL groups a user is a member of not just the direct ones.
May 22, 2013 at 11:08 PM
Edited May 23, 2013 at 6:22 PM
Another way would be to use the Get User Properties and use the filter on “memberof”. Randall
May 23, 2013 at 5:48 PM
I don't understand how to "Get User properties" I tired using the "Get Object Property Values" and passed it the DN of the user and filter of property_name equals "memberof" that only returned direct memberships. I really want to get the entire list of memberships recursively. I can to it in powershell or C#. I would think that most everyone would want it in a orchestrator activity.
May 23, 2013 at 5:52 PM
Edited May 23, 2013 at 6:22 PM
You are correct. It should have been “Get Object Property Values”. Change the “Property_Name” from equals to contains. Randall
Coordinator
May 23, 2013 at 5:56 PM
Hey mhj96813 I will look at getting the get user group membership object updated to handle nested groups
May 23, 2013 at 6:23 PM
My apologies. For some reason I wasn’t reading that correctly and missed “nested”. I was reading it as all of the top level groups.

Randall
May 23, 2013 at 6:38 PM
randorfer:
I'm looking forward to it.

rgoedel:
thanks for your helping. I'm new at these runbooks. Your advice to change from equals to contains memberof, it makes things worse. I get nothing returned. Interesting though when I do contains member it returns the same as equals memberof. weird
Coordinator
May 23, 2013 at 6:45 PM

Things are case sensitive, it would be equals memberOf IIRC

MVPLogo

Ryan andorfer

Sr. IT Automation Engineer

System Center Cloud and Datacenter

General Mills, Inc.

763-445-9680
[email removed]

opalis.wordpress.com

scorch.codeplex.com

May 23, 2013 at 7:19 PM
I would expect them to be case sensitive. Except when I did a equal memberof it returned all direct groups. Shouldn't that have been memberOf ?