get_user_groups command to check Active Directory for a specified user and return a list of the groups to which the user belongs. If executed in a script, this command does not output its list to stdout, and no output appears in the shell where the script is executed.
get_user_groups [-dn] [-z] user_DN|user_UPN
This command takes the following options:
Return groups in the Tcl list as distinguished names (DNs) instead of user principal names (UPNs).
Restricts the Tcl list of groups to groups that belong to the current zone.
This command takes the following argument:
Required. The user whose groups to return. This argument may specify the user with a distinguished name (DN) or a user principal name (UPN).
This command used without options returns a Tcl list of all groups listed in Active Directory to which the specified user belongs. Each entry in the list is the user principal name (UPN) of a group that you can use to look up that group.
If the -dn option is set, the Tcl list uses distinguished names (DNs) for groups.
If the -z option is set, the Tcl list is restricted to groups that belong to the currently selected zone.
Note that the command will not return groups for domains that aren’t currently bound to ADEdit. If the command finds one or more groups outside of the currently bound domains, it will return a “no binding” message for each unbound domain in which it finds a user’s group.
This example returns a list of groups:
Related Tcl library commands
The following commands perform actions related to this command:
- create_group creates a new zone group and group profile based on a specified Active Directory group.
- create_user creates a new zone user and user profile based on a specified Active Directory user.
- get_all_zone_users returns a Tcl list of zone users for the specified zone and all of its parent zones.