tags:

views:

476

answers:

2
Q: 

List circular group membership from active directory

We have 40K+ groups in our active directory and we are increasingly facing problem of circular nested groups which are creating problems for some applications.

Does anyone know how to list down the full route through which a circular group membership exists ?

e.g. 

G1 --> G2 --> G3 --> G4 --> G1

How do I list it down.

A: 

Here you go, a modified version of this code should do the trick. Check out the book as well of course, its an excellent desk resource I refer to often.

' This VBScript code prints the nested membership of a group.

' ---------------------------------------------------------------
' From the book "Active Directory Cookbook" by Robbie Allen
' ISBN: 0-596-00466-4
' ---------------------------------------------------------------

' ------ SCRIPT CONFIGURATION ------
strGroupDN = "<GroupDN>"  ' e.g. cn=SalesGroup,ou=Groups,dc=rallencorp,dc=com
' ------ END CONFIGURATION ---------

strSpaces  = " "
set dicSeenGroupMember = CreateObject("Scripting.Dictionary")
Wscript.Echo "Members of " & strGroupDN & ":"
DisplayMembers "LDAP://" & strGroupDN, strSpaces, dicSeenGroupMember

Function DisplayMembers ( strGroupADsPath, strSpaces, dicSeenGroupMember)

   set objGroup = GetObject(strGroupADsPath)
   for each objMember In objGroup.Members
      Wscript.Echo strSpaces & objMember.Name
      if objMember.Class = "group" then
         if dicSeenGroupMember.Exists(objMember.ADsPath) then
            Wscript.Echo strSpaces & "   ^ already seen group member " & _
                                     "(stopping to avoid loop)"
         else
            dicSeenGroupMember.Add objMember.ADsPath, 1
            DisplayMembers objMember.ADsPath, strSpaces & " ", _
                           dicSeenGroupMember
         end if
      end if
   next

End Function
unrealtrip  2009-07-27 17:52:12
That doesn't help much as it provides the nested membership information, which is fine, but doesn't tell whether there is circular reference involved, if there is then through which group membership.In search for answer, I found a technique called Depth First Search for graph traversal, it was mentioned in pseudo code, so I implemented it in Vbscript, but it doesn;t work well. I am currently in process of implementing it in another language like Python.
 2009-08-03 21:14:43
+1  A: 

Check this out: http://www.rlmueller.net/CircularNested.htm

Adeel  2010-05-05 15:23:32

related questions

How do I find the Excel column name that corresponds to a given integer?
Calculating a cutting list with the least amount of off cut waste.
Red-Black Trees
How to maintain a recursive invariant in a MySQL database?
RFC calculation in Java need help with algorithm
Best word wrap algorithm?
How do you separate game logic from display?
Most effective way for float and double comparison
Choosing a multiplier for a (string) hash function
Optimizing a search algorithm in C
Find the best combination from a given set of multiple sets
What "already invented" algorithm did you invent?
Designing a Calendar system like Google Calendar
How to overload std::swap()
Looking for algorithm that reverses the sprintf() function output
Merge Sort a Linked List
Puzzle: Find largest rectangle (maximal rectangle problem)
graph serialization
Peak detection of measured signal
Big O, how do you calculate/approximate it?
What problems can be solved, or tackled more easily, using graphs and trees?
Followup: "Sorting" colors by distinctiveness
Efficiently get sorted sums of a sorted list
Function for creating color wheels
Fastest way to get value of pi