Which tool should you use?

Your network contains an Active Directory domain named contoso.com. The domain
contains hundreds of groups, many of which are nested in other groups.
The domain contains a user account named user1.User1 is a direct member of 15 groups.
You need to identify of which Active Directory groups User1 is a member, including the
nested groups. The solution must minimize administrative effort.
Which tool should you use?

Your network contains an Active Directory domain named contoso.com. The domain
contains hundreds of groups, many of which are nested in other groups.
The domain contains a user account named user1.User1 is a direct member of 15 groups.
You need to identify of which Active Directory groups User1 is a member, including the
nested groups. The solution must minimize administrative effort.
Which tool should you use?

A.
Active Directory Users and Computers

B.
ADSI Edit

C.
Get-ADUser

D.
Dsget

← Previous question

Next question →

Leave a Reply 8

Wim

Displays the properties of a user in the directory. There are two variations of this command. The first variation displays the properties of multiple users. The second variation displays the group membership information of a single user.
dsget user [-memberof] [-expand][{-uc | -uco | -uci}]
In this command -expand takes care of the requested nested group membership.
AD Users and Computers only displays direct group membership

Reply

Ali Dayi

Correct. Also here’s a little note on Get-ADUser cmdlet:

The Get-ADUser cmdlet gets a user object or performs a search to retrieve multiple user objects.

Example:
Get-ADUser -Filter * -SearchBase “OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM”

Get all users under the container ‘OU=Finance,OU=UserAccounts,DC=FABRIKAM,DC=COM’

http://technet.microsoft.com/en-us/library/ee617241.aspx

Reply

kingces

dsget: Displays the properties of a user in the directory. There are two variations of this command. The first variation displays the properties of multiple users. The second variation displays the group membership information of a single user.

Get-ADUser: Gets a user object or performs a search to retrieve multiple user objects.

Reply

simo

Correct answers is: D (minimize administrative effort)

dsget user “CN=alpha beta,CN=users,dc=domain,dc=tld” -memberof -expand

But also Get-ADUser do the jobs, but needs more parameters.

Reply

Trevor

thanks, didn’t know that about GEt-ADUser, or do you mean you pipe | it to other commands? anyway your argument wins also since dsget you got on all machines I think but Get-ADUser you need to be on a DC or have RSAT install.

Reply

Rawad

user.
Dsget is a command-line tool that is built into Windows Server 2008. It is available if you have the AD DS server role installed. To use dsget, you must run the dsget command from an elevated command prompt. To open an elevated command prompt, click Start, right-click Command Prompt, and then click Run as administrator.
For examples of how to use this command, see Examples.

dsget user [-memberof] [-expand][{-uc | -uco | -uci}]

Reply

Kacper

For me get-aduser is faster then dsget.

(get-aduser user -properties * | Select-Object memberof ).memberof

Reply

Alan Sugarface

get-aduser -identity batmans -properties memberof | select -expandproperty memberof

&

dsget user “CN=Batman\ Sally,OU=BELL,OU=Users,OU=Personnel,DC=Bell,DC=local” -memberof -expand

Seems to me DSGET has allot more typing to do, so even more administrative effort?

Reply