Reading the members in an AD group

Last Post 15 Sep 2011 08:37 AM by russellb. 7 Replies.
AddThis - Bookmarking and Sharing Button Printer Friendly
  •  
  •  
  •  
  •  
  •  
Sort:
PrevPrev NextNext
You are not authorized to post a reply.
Author Messages
PaulMcKibben
New Member
New Member

--
12 Sep 2011 10:27 AM
Is there a way to read the members of a specific AD group using either powershell or T-SQL? 

Thank you
PaulMcKibben
New Member
New Member

--
12 Sep 2011 11:25 AM
Right now, I am trying to use the XP_LOGININFO command. The issue with that approach is that the user group is in a different domain. Any suggestions?
rm
New Member
New Member

--
13 Sep 2011 04:46 AM
XP_LOGININFO works if domains are trusted.
PaulMcKibben
New Member
New Member

--
13 Sep 2011 10:35 AM
The domains are trusted. When I execute the XP_LOGININFO command supplying only the group name, I receive a result set of one line for the group itself.

When I add the 'members' option, I only receive an error code 0x8ac. Example: exec xp_logininfo 'WPSIC\ug_SQL_IRM DBA', 'members'

I am trying to determine that the users that are in the group should be in the group. I have an issue with non-DBA professionals adding themselves to this group from time to time.

The group does have users in it at this point.

Thank you
russellb
New Member
New Member

--
13 Sep 2011 01:15 PM
Why not just look using the Active Directory MMC?
rm
New Member
New Member

--
14 Sep 2011 04:39 AM
Did you create sql login for the group on that server?
PaulMcKibben
New Member
New Member

--
14 Sep 2011 07:12 AM
Ideally what I want to do is create a job that will automatically read the users in this specific AD group and email the DBA team if there is anyone in the group that shouldn't be.

The group has sysadmin rights on all of our SQL servers.
russellb
New Member
New Member

--
15 Sep 2011 08:37 AM
Seems SQL can't connect to the domain controller. Do you see errors in the DC security logs?

Alternatively, you can use [url="http://technet.microsoft.com/en-us/library/ff730967.aspx"]Power shell[/url] for this. Or VBS.
You are not authorized to post a reply.

Acceptable Use Policy