Re: Alternative to "View Direct and Indirect Members" for non-DC servers

I don't see a way that we can address this particular problem because there isn't any reasonable way to get the members of a local computer's domain groups. Hyena lets you do it interactively, but this is because the feature is a leftover from the NT days. As it is now, its flawed because if a domain group contains nested or universal groups, you won't know it as the NT functions don't return those members. The solution (searching Active Directory) is not viable due to performance reasons and the lack of knowing what the domain is exactly to search.

The only way to realistically get this information is to export a list of the local groups and also the Active Directory groups/users, and build your own relationship using a tool like Microsoft Access. We've designed Exporter Pro to be able to generate exports of all local groups and AD information as well.

Re: Alternative to "View Direct and Indirect Members" for non-DC servers

Thank you for your detailed explanation. I've somewhat worked around the issue by first exporting the list of nested groups/users contained in the local group; then exporting the list of users in each nested group in order, appending the results of each to the same file. It satisfied the Sarbanes/Oxley audit we have occuring here. I'll consider taking a bit further with Access and Exporter Pro. Though it sure would be nice if Hyena had the functionality to create these associations, be it outside of Hyena, without the hassle of Access. Thanks again!

Re: Alternative to "View Direct and Indirect Members" for non-DC servers

I'm curious if you do this on a per-computer basis, or do you have these lists on a domain-wide basis ? With Exporter Pro, we do have a way to export local and/or global group members.

There are a number of interface improvements in the current Exporter Pro beta, which you can join by sending a blank email to [email protected].

Further interface improvements are coming in the next revision this week.