On Mon, Apr 17, 2006 at 10:33:25AM +0600, dm@bash.mts.ru
wrote:> How can I list members of the group from trusted AD domain?
> For my domain I can do:
> net rpc group MEMBERS "group" -U login%password -S dc
> Yes, I can change DC with -S switch to list information from DC of trusted
> domain, but usually there is no direct access to that DC.
Then you are stuck. Your "own" DC will not be able to tell
you anything about remote group memberships. There are some
things that it will translate for you, like sid2name and
name2sid mappings and certainly it will proxy authentication
requests. But for anything that remotely looks like
enumerating stuff you have to contact the authoritative DC
yourself. wbinfo -g can not achieve anything that net rpc
can't.
Volker
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url :
http://lists.samba.org/archive/samba/attachments/20060420/17cf645a/attachment.bin