Use the blue Nav bar above to access the main index pages!

Enumerate tokenGroups using Perl

How to use Perl to read the tokenGroups attribute, which contains a list of SID's of all the groups that a user belongs to throughout the Active Directory forest.

This script uses the same search code (shown in the previous post) to find a user by their AD username. Once found, it reads the user's tokenGroups attribute, which is a binary list of SIDs, and converts those SIDs into group names.  To see the PowerShell version of this script, see: List Forest-wide Active Directory Group Memberships using PowerShell.

# tokenGroups enumerator
# Brian Seltzer - Jan 15 2010
use Win32::OLE;
$connection = Win32::OLE->new("ADODB.Connection");
$connection->{Provider} = "ADsDSOObject";
$connection->Open("ADSI Provider");
$command->{Properties}->{'Page Size'}=1000;
$rs = Win32::OLE->new("ADODB.RecordSet");
until ($rs->EOF){
foreach $token (@{$tokens}){
 for ($i=0;$i<=27;$i++){
  $sid=$sid.sprintf ("%02x",$sidArray[$i]);
 $sid =~ tr /a-z/A-Z/;
  @nameparts=split /\//,$can;
  ($domain,$junk)=split /\./,uc($nameparts[0]);
foreach $group (sort keys %groups){
 print "$groups{$group}\n";
print "\n$x Groups\n";


Post a Comment

Related Posts Plugin for WordPress, Blogger...