Database Search
If you can't find the information using the categories below, post a question over in our WinBatch Tech Support Forum.
TechHome
wNT
 |
- 1219 Error with AddDrive
- Account Expires after wntUserAddDat
- Add Domain Group to Local Administrator Remotely
- Add Everyone to Administrators Group
- Add Global Groups in Domain
- Adding Domain to Workstation
- Adding Users and Setting Flags
- Adds User Account to Local Administrator Group
- Allow Inheritable Permissions from Parent
- Builtin Group SID convert to Name
- Bypass NT Ctrl Alt Del to Logon
- Changing Computer Name and Machine Account
- Changing Domain Passwords Sample Code
- Check For Disabled Computer Account
- Check if You Have Local Admin Rights
- Checking an Accounts Password
- Checking for Old Users
- Convert SID to User ID
- Converting SID to Domain - Account Name
- Create Directories and Set NT Access Permissions
- Dealling With Inheritiable Permissions
- Decode Logon Hours
- Determine if Computer is in a Workgroup or Domain
- Determine if PC is Member of Domain
- Determine Inheritance
- Determining if Current User is Authenticated
- Disable Allow Inheritable Permissions
- Domain Trusts Explained
- Error 673 WntPrivAdd
- Error 684 using wntAccess functions
- Find Domain for a Computer
- Foreign Language support of the Win32 Network Extender
- Get a Users Primary Group
- Get Domain User Info
- Get Machine Administrator Userid
- Get SID from Username
- Get the Currently Logged on User in NT
- Get the SID of a Workstation
- Get User Name and wntUserProps
- How to determine if a file is in use on LAN
- How to disable Allow inheritable permissions
- How to Get the Local Adminstrator Account
- How WntServerList Determines a Server
- Inherit NTFS Persmissions
- Interpreting Access Rights
- Is Domain User a Local Admin
- Is User Logged into Domain or Local Account
- Is wntChgPswd Encrypted
- Issue with AccessMod on Remote Machine
- Keeping Track of Last User Login
- List only Windows 2000 Systems
- List Open Connections
- List Terminal Servers
- Listing Directory Shares with Permissions
- Losing Mapped Drive Connections in XP
- Matching SID to ProfileList folder
- NT Auditing
- NT Extender and NT4 No Service Packs
- NT Network Extender and UPN Account Names
- Obtain Share Permissions
- Obtain user sid
- Port Required for WntUserGetDat
- Problems caused by ADMT
- Pull Trusted Domain List
- Reboot user with no shutdown privileges
- Remotely Reboot and wntShutDown
- Remove Everyone Access from D
- Rename User in an AD Domain
- Reset Passwords in Active Directory
- Reset Permissions when Inheritable is Enabled
- Rights to use wntFileUsers
- Runwithlogon and Bad Username
- RunWithLogon Parameter Size
- RunWithLogon versus RunAsUser
- Searching NT Users and Find by Last Name
- Server Description Field
- Setting File Permissions with wntAccessAdd
- Setting NT Policies
- Setting Service Permissions
- Shutdown All NT Servers
- SID values - AD - round tripping and ADMT
- Synchronize password from NT Domain to Novell
- The NT extender functions in Active Directories
- Trouble determining admin rights
- Trusting Domain List
- Unlock Account with wntUserSetDat
- User Login and Log out Information
- User Profile Last Logon
- Win 2000 AutoAdminLogon
- wntAccess... and Specifying Remote Drives
- WntAccessAdd and Change Modify Registry
- wntAccessAdd and Inherited Rights
- WntAccessAdd and Inheritence
- wntAccessAdd and Invalid User - Group
- wntAccessAdd and NTFS
- WntAccessAdd error 546 Invalid file directory name
- wntAccessAdd Inheritable Permissions
- wntAccessAdd Problem on NT 4
- wntAccessAdd Share Problem on Windows 7
- wntAccessAdd versus w95AccessAdd Tips
- wntAccessDel Error 599 Invalid Level
- wntAccessGet and Username Parameter
- WntAccessList DFS share
- wntAccessList Problem
- wntAccessMod Registry Issue
- wntAcctList Returns Incorrect Flag Values
- wntAcctPolSet Error
- wntAddDrive and Unicode
- WntAddDrive launches an Explorer window
- wntAddPrinter after WntRunAsUser
- wntauditadd and inheritance
- wntAuditAdd and MS Patch
- WntCancelCon Error 511 Device in Use
- wntChgPswd 562 Invalid User Name
- wntChgPswd and Error 586
- wntChgPswd and Error 589 Error Changing Password
- wntChgPswd and Error 677
- wntChgPswd behavior different between W2K and NT4
- wntCurrUsers Behavior
- wntDomainSync Error 695
- wntEventLog Problem
- wntGetCon Error 509 Network component is Not Started or Invalid
- wntMemberDel- error 571
- wntMemberGrps returns 0 on DC running AD
- wntMemberGrps wntMemberSet - 562 invalid user name
- wntMemberList Behavior
- wntMemberList Error 522
- wntMemberList Problems
- wntOwnerGet - wntOwnerSet Tips
- wntOwnerSet Error 547
- wntRemoteTime and 530 Access Denied Error
- wntRemoteTime and Daylight Savings Time
- wntRunAsUser -- Security Side Effects
- wntRunAsUser 713 Unable to Set Window Station Access
- wntRunAsUser and Act as Part of OS Clarification
- wntRunAsUser and Called Scripts
- wntRunAsUser and Debugging Problem
- wntRunAsUser and No Permission on Local Machine
- wntRunAsUser Discussion in French
- wntRunAsUser Error 637
- wntRunAsUser Error 638
- wntRunAsUser Function - 1
- wntRunAsUser Function - 2
- wntRunAsUser Function - 3
- wntRunAsUser Function Used Twice in Script
- wntRunAsUser RunWithLogon Security Context
- wntRunAsUser to AutoAdminLogon after Reboot
- wntRunAsUser Windowstation and Desktop Permissions on WinXP
- wntServerList and wntServiceAt
- wntServerType
- wntShutDown Error 694
- wntUser... and Update User Accounts
- wntUserAdd Adding a Domain User
- wntUserAdd Bug
- WntUserAddDat and Max_storage
- wntUserGetDat 524 Unable to Access Specified Server
- wntUserGetDat and Logon_hours Flag
- wntUserSetDat and Logon Hours
- wNTUserXXXDat Function and Flags
- wxxUserGetDat and Last Logon Date
Can't find the information you are looking for here? Then leave a message over on our WinBatch Tech Support Forum.
wntMemberList Behavior
Keywords: wntMemberLst2 wntMemberList
Question:
I want to create an overview of NT domain accounts. When I'm using the wntMemberLst2 and/or wntMemberList functions to give me the members of a group it's giving me besides normal members also groups and users(only ID numbers) from trusted domains. How can I determine, from this list, if a returned value is a user or group and how to translate the trusted domain info into readable info.The program is running on a BDC in domain "A" and it's the first time I'm creating such a script. I do get normal results from domain "A" only I cannot see if it's a user or a group. The members from domain "B" are only id numbers. So I also do not know who or what this is.
Answer:
I've been researching and working on fixing a wntMemberList() problem this week that appears to have the same symptoms as the problem that you are experiencing. What is happening in the problem that I'm looking at is that when a workstation has local groups that has members which are global domain groups for both its primary domain and for one or more trusted domains, and, all of the domain controllers for a trusted domain are unreachable, then wntMemberList() returns garbage numeric strings and SID strings when attempting to list all members of this local group. It appears that the Win32 API function used to get the group membership information is broken and does not handle this situation properly. I'm re-working it to use a slightly different method of obtaining domain & account name information for each member of a local group.Question (cont'd):
The results I do get right now is:(example)
Command was:
Members = wntMemberLst2(Servername, Groupname, @LOCALGROUP)results are:
domainname_A\Jimmy domainname_A\Production domainname_B\000002FB domainname_A\CarlaJimmy and Carla are normal users on domain A Production is a global group on domain A 000002FB is a normal user on domain B Hope this info will help and if you need more info let me know.
Answer:
I have 2 points to make up front:- I may have misinterpreted your original question. I've been sifting through a really quirkly problem with
wntMemberList() [very similar internal code to wntMemberLst2()] and I thought that perhaps the problems
were related. This looks to not be the case after all.
- You are running an old version of WinBatch and also have an old version of the NT extender. Any resolution to your problem that requires the use of the newer or even the latest version(s) of the NT extender will also require you to upgrade to WinBatch 2001 as the current NT extender versions only work with WinBatch 2001 [and newer]. Also, the wntMemberLst2() function is a deprecated feature in the NT extender versions that work wtih WinBatch 2001. The wntMemberLst2() function no longer appears in the help file and is no longer supported. This happened because the wntMemberList() function picked up an optional flag parameter in WinBatch 2001 that allows it to return domain name information in the same way that wntMemberLst2() was doing. This made wntMemberLst2() unnecessary.
Based on the script output that you included, I have some questions to ask.
- Is the account name from the trusted domain is supposed to be "000002FB"?
- Are the account names in that domain all coded as hex strings, or is the account name being returned
incorrectly by wntMemberLst2()?
- If the account name is being returned correctly, then my interpretation of your question is that you are asking
how to tell if the members of the local group are user accounts [either local or domain users] or group
accounts [global domain groups].
- Is this a correct interpretation of your question?
If it is, then you can determine what type of an account you are dealing with using the follwing procedure.
Assuming that you have a list of fully qualified account names returned from wntMemberLst2(), do the following:
- If the "domain" prefix on the account name is actually a domain name then you need to get the name of a
domain controller computer in that domain. If the "domain" prefix is the name of a computer then simply use
that computer name.
- Take the computer name that was obtained in step #1 and use it as the "server-name" parameter value in
the following function calls.
- Call wntGroupInfo() one time, specifying a local group type and request # -1. If the return value is
@TRUE then the account is a local group.
- If the account was not a local group then call wntGroupInfo() a second time, specifying a global group
type and request # -1. If the return value is @TRUE then the account is a global domain group.
- If the account was not a group then it must be some sort of user account that can be used to logon to a server or to a domain [e.g. a normal user account, a computer account, a trust account, etc...]. Use the wntUserGetDat() function to get the account "flags" to determine exactly what type of account you are dealing with.
Article ID: W15206
File Created: 2002:09:05:13:50:34
Last Updated: 2002:09:05:13:50:34