# ---------------------------------------------------------------
# Adapted from VBScript code contained in the book:
#      "Active Directory Cookbook" by Robbie Allen
# ISBN: 0-596-00466-4
# ---------------------------------------------------------------

# ------ SCRIPT CONFIGURATION ------
my $strUserDN = "<UserDN>";  # e.g. cn=jsmith,cn=Users,dc=rallencorp,dc=com
# ------ END CONFIGURATION ---------
use Win32::OLE 'in';
$Win32::OLE::Warn = 3;
my $objUser = Win32::OLE->GetObject("LDAP://" . $strUserDN);
print "Group membership for ", $objUser->Get("cn"), ":\n";
my $strSpaces = "";
my %dicSeenGroup;
DisplayGroups("LDAP://$strUserDN", $strSpaces, %dicSeenGroup);

sub DisplayGroups {
my ($strObjectADsPath, $strSpaces, %dicSeenGroup) = @_;

   my $objObject = Win32::OLE->GetObject($strObjectADsPath);
   print $strSpaces, $objObject->Name,"\n";
   if ($objObject->Get("memberOf")) {
      $colGroups = $objObject->Get("memberOf");
   }
   
   foreach my $strGroupDN (in $colGroups) {
      if (not $dicSeenGroup{$strGroupDN}) {
         $dicSeenGroup{$strGroupDN} = 1;
         DisplayGroups("LDAP://" . $strGroupDN, $strSpaces . " ", %dicSeenGroup);
      }
   }

}

##</code><code>##

C:\mysource\perl>perl enum-account-groups.pl
Group membership for hurl9594:
  cn=hurl9594
   CN=No_Local_Logon
OLE exception from "Active Directory":

The directory property cannot be found in the cache.


Win32::OLE(0.1603) error 0x8000500d
    in METHOD/PROPERTYGET "Get" at enum-account-groups.pl line 32