Remote Access Permission

  • Thread starter Thread starter Dean Read
  • Start date Start date
D

Dean Read

Not sure if this is the correct group to ask this or not.

I am trying to find out if there is a way to determine which users have
Remote Access Permission in Active Directory Users and Computers set to
"Allow access". I know I can right click on each user and manually check
but I was hoping there was some automatic method or filter that could create
the list for me.

I have tried the filter in Active Directlry Users and Computers and can't
find the necessary variable to filter on.

Thanks for your help

Dean
 
Not sure if this is the correct group to ask this or not.

I am trying to find out if there is a way to determine which
users have
Remote Access Permission in Active Directory Users and
Computers set to
"Allow access". I know I can right click on each user and
manually check
but I was hoping there was some automatic method or filter
that could create
the list for me.

I have tried the filter in Active Directlry Users and
Computers and can't
find the necessary variable to filter on.

Thanks for your help

Dean
Click to expand...

go to www.joeware.net and download ADFIND (=free)

To find users within a certain OU that have dial-in = allowed run:
AdFind.exe -b "OU=<yourOU>,OU=<yourOU>,DC=<domain>,DC=<tld>" -f
"(&(objectCategory=person)(objectClass=user)(msNPAllowDialin=TRUE))"
distinguishedName samaccountname

To find users within a certain OU that have dial-in = denied run:
AdFind.exe -b "OU=<yourOU>,OU=<yourOU>,DC=<domain>,DC=<tld>" -f
"(&(objectCategory=person)(objectClass=user)(msNPAllowDialin=FALSE))"
distinguishedName samaccountname

To find users within a certain OU that have dial-in = through access
policy run:
AdFind.exe -b "OU=<yourOU>,OU=<yourOU>,DC=<domain>,DC=<tld>" -f
"(&(objectCategory=person)(objectClass=user)(!(msNPAllowDialin=*)))"
distinguishedName samaccountname

AND if you want to search throught the domain instead of in a certain
OU replace
-b "OU=<yourOU>,OU=<yourOU>,DC=<domain>,DC=<tld>"

with

-default


good luck
 
Worked great. Thanks,

Dean

Jorge_de_Almeida_Pinto said:
go to www.joeware.net and download ADFIND (=free)

To find users within a certain OU that have dial-in = allowed run:
AdFind.exe -b "OU=<yourOU>,OU=<yourOU>,DC=<domain>,DC=<tld>" -f
"(&(objectCategory=person)(objectClass=user)(msNPAllowDialin=TRUE))"
distinguishedName samaccountname

To find users within a certain OU that have dial-in = denied run:
AdFind.exe -b "OU=<yourOU>,OU=<yourOU>,DC=<domain>,DC=<tld>" -f
"(&(objectCategory=person)(objectClass=user)(msNPAllowDialin=FALSE))"
distinguishedName samaccountname

To find users within a certain OU that have dial-in = through access
policy run:
AdFind.exe -b "OU=<yourOU>,OU=<yourOU>,DC=<domain>,DC=<tld>" -f
"(&(objectCategory=person)(objectClass=user)(!(msNPAllowDialin=*)))"
distinguishedName samaccountname

AND if you want to search throught the domain instead of in a certain
OU replace
-b "OU=<yourOU>,OU=<yourOU>,DC=<domain>,DC=<tld>"

with

-default


good luck

--
Posted using the http://www.windowsforumz.com interface, at author's
request
Articles individually checked for conformance to usenet standards
Topic URL:
http://www.windowsforumz.com/Remote-Access-Permission-ftopict442939.html
Visit Topic URL to contact author (reg. req'd). Report abuse:
http://www.windowsforumz.com/eform.php?p=1496825
Click to expand...
 
Back
Top