Is there a way to find the primary Group of a user ?via Standard ADSI -> memberof i dont see this primary group.
If you can use Quest AD cmdlets, this should work:
Get-QADUser <username> | Select name, @{n="PrimaryGroup";e={(Get-QADGroup "$($_.Sid.AccountDomainSid)-$($_.PrimaryGroupId)").name}}
-aleksandar
http://powershellers.blogspot.com
Hi Aleksandar,I Want to avoid using the Quest AD cmdlets as much as possibe. i see the primaryGroupID of a user = ID 513 (This means Domain Users)How can i find a group by ID ... i checked the properties of the group in AD ... but i dont see oneresembeling the this groupID.
This solution uses ADSI and the .NET Framework to retrieve the name of the user's primary group:
$rootDN = ([adsi]"").distinguishedName
$user = [adsi]("LDAP://CN=testuser,OU=Test," + $rootDN)
$groupID = $user.primaryGroupID
$arrSID = $user.objectSid.Value
$SID = New-Object System.Security.Principal.SecurityIdentifier ($arrSID,0)
$groupSID = $SID.AccountDomainSid.Value + "-" + $user.primaryGroupID.ToString()
$group = [adsi]("LDAP://<SID=$groupSID>")
$group.name
Dude thanks ...the construction of DomainGUID + GroupGUID I didn't know. Learned a lot today !
How do you do this using the AD Module for PowerShell? I want to avoid ADSI syntax.