Get AD group membership

Nov 2, 2010 at 5:00 PM

Is there a way to retrieve a computer's group membership?

I would like to give the web service a computer name and itwould return an array containing the computer's AD group memeberships.

I tired with GetComputerAttribute with the MemberOf attribute, but this returns a string and not a multi string.  So I only get one of the groups the computer is a member of and not a list of all of them.  I might be doing somehting wrong though.

Nov 2, 2010 at 7:06 PM
Edited Nov 3, 2010 at 5:42 PM

UPDATE: I was looking at things wrong when I posted the text that follows.  Everything is working consistently - Removing a machine from a group which it does not already belong returns FALSE as does adding a machine to a group which it already belongs to.  I kind of wish that it would return true in both those cases, though.  If I attempt to add a machine to a group, I would like to get a TRUE if the machine is in already OR was added successfully. Otherwise how can I tell the difference between a failure because the machine or group doesn't exist (a real failure) or because the machine is already in the group (technically a failure, but not a "real" failure) Functionally, it is a success if the end result is the machine is in the group and a failure if the end result is the machine is not in the group. 

 -----------------Original post---------------------------

On another topic in the same general area,

It seems inconsistent that AddComputerToGroup returns TRUE when the computer is successfully added to a collection, but returns FALSE when either the join was unsuccessful OR the machine is already in the group,  while RemoveComputerFromGroiup returns TURE when the computer is successfully removed from a group AND when the computer was not in the group to begin with.  It returns FALSE only if there was an error removing the computer somehow.

I think that AddComputerToGroup should be successful in the case where the computer was added to the group successfully AND when the computer already was in the group.  False should be returned only when there was an error adding the computer to the group that results in the computer not being added to the group.  If at the end of the function, the computer is in the requested group to me that is a Success=TRUE.

Nov 19, 2010 at 11:26 AM

Good point. It definetly makes more sense in the way you described. Will add it to my ToDo list.