RE: Enumerating Universal Group members
by Bryan McClellan other posts by this author
Sep 18 2008 5:08AM messages near this date
view in the new Beta List Site
Enumerating Universal Group members
|
RE: Enumerating Universal Group members
Why not enumerate the member attribute.. If you do this you can bind to
each object and determine if it is a group and then loop through it as
well.
Bryan
________________________________
From: perl-win32-admin-bounces@[...].com
[mailto:perl-win32-admin-bounces@[...].com] On Behalf Of
Conor Lillis
Sent: Wednesday, September 17, 2008 6:48 AM
To: perl-win32-admin@[...].com
Subject: Enumerating Universal Group members
Hi all,
as part of a security audit to see who has send permissions to Exchange
2003 dist. lists, I am trying to enumerate universal groups.
My methodology is as follows:-
Enumerate values in ADSI attribute dLMemSubmitPerms
For each element in this list, enumerate the members of the nested
group. This works for Universal security list members, but not for
nested universal distribution lists.
A snippet of my code is below:-
my @dLMemSubmitPerms= $entry-> get_value('dLMemSubmitPerms');
foreach my $line(@dLMemSubmitPerms)
{
my ($group) = (split /,/,$line);
$group=~ s/CN=//ig;
print "\n\nACL on \"$name\"\t: \"$group\"\t\n";
if(Win32::NetAdmin::GroupGetMembers('$PDC', "$group", \@array))
{
print "Enumerating group listing for \"$group\"\n";
foreach my $member(@array)
{
print "$member is in \"$group\"\n";
}
}
I may be missing a important step, bnut having stared at it for a while
nothing is jumping out at me...
Also, if anyone has a smart mechanism to enumerate members of nested
groups within nested groups (we have maybe 5 degrees of nesting on some
lists) that would be much appreciated.
Regards,
Conor Lillis
---------------------------------------
Senior Systems Administrator,
Group Network Services,
tel : +353-1-616-2540
Anglo Irish Bank
www.angloirishbank.ie <http://www.angloirishbank.ie/>
---------------------------------------
**********************************************************************
Private, Confidential and Privileged. This e-mail and any files and
attachments transmitted with it are confidential and/or privileged. They
are intended solely for the use of the intended recipient. The content
of this e-mail and any file or attachment transmitted with it may have
been changed or altered without the consent of the author. If you are
not the intended recipient, please note that any review, dissemination,
disclosure, alteration, printing, circulation or transmission of this
e-mail and/or any file or attachment transmitted with it, is prohibited
and may be unlawful. If you have received this e-mail or any file or
attachment transmitted with it in error please notify Anglo Irish Bank
Corporation Plc, Stephen Court, 18/21 St Stephen's Green, Dublin 2,
Ireland, telephone no: +353-1-6162000.
Directors: S P FitzPatrick (Chairman), D Drumm (Chief Executive), L
Bradshaw, D O'Connor, A Heraty, M D Jacob, W A McAteer, G McGann, D
Quilligan, N Sullivan, P Whelan, N Harwerth ( U.S.)
Registered Office: Stephen Court, 18/21 St Stephen's Green, Dublin 2
Ireland
Registered in Ireland: No 22045
Anglo Irish Bank Corporation plc is regulated by the Financial
Regulator. Anglo Irish Bank Corporation plc (trading as Anglo Irish Bank
Private Banking) is regulated by the Financial Regulator. Anglo Irish
Assurance Company Limited is regulated by the Financial Regulator.
**********************************************************************
Thread:
Conor Lillis
Bryan McClellan
Steven Manross
|
