7.8. Resolving a Primary Group ID

Problem

You want to find the name of a user’s primary group.

Solution

Using a graphical user interface

  1. Open the Active Directory Users and Computers snap-in.

  2. If you need to change domains, right-click on Active Directory Users and Computers in the left pane, select Connect to Domain, enter the domain name, and click OK.

  3. In the left pane, right-click on the domain and select Find.

  4. Type the name of the user and click Find Now.

  5. In the Search Results, double-click on the user.

  6. Click the Member Of tab.

  7. The Primary Group name is shown on the bottom half of the dialog box.

Using VBScript

' This code prints the group name of a user's primary group
' ------ SCRIPT CONFIGURATION ------
strNTDomain = "<DomainName>" ' NetBios Name of the AD domain, e.g. RALLENCORP
strUser     = "<UserName>" ' e.g. Administrator ' ------ END CONFIGURATION --------- ' Iterate over the user's groups and create a search filter ' that contains each group set objUser = GetObject("WinNT://" & strNTDomain & "/" & strUser & ",user") strFilter = "" for each objGroup in objUser.Groups strFilter = strFilter & "(samAccountName=" & objGroup.Name & ")" next strFilter = "(|" & strFilter & ")" ' Now need to perform a search to retrieve each group ' and their primaryGroupToken strBase = "<LDAP://" & strNTDomain & ">;" strFilter = "(&(objectcategory=group)" & strFilter & ");" strAttrs = "name,primaryGroupToken,cn;" strScope = "subtree;" set objConn = CreateObject("ADODB.Connection") objConn.Provider = "ADsDSOObject" ...

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.