Directory and Resource Administrator 6.x
Different results are returned when retrieving group membership, using the web console, versus using the Directory and Resource Administrator ADSI provider.
This is by design.
The discrepancy is that the Active Directory property "memberof", which the DRA ADSI provider returns, does not return the primary group. In addition it also does not return group memberships from trusted NT4 domains. This is the same behavior that you would see using the LDAP provider.
Below are some sample methods using vbs. The first type is what is returning the 'MemberOf' property and willl only return memberships in the current domain. The second will use Directory and Resource Administrator (DRA) to calculate the correct group memberships. The second method is similar to what the Web console does.
set user = GetObject("OnePoint://cn=dep1,ou=testou2,dc=schwamx-dom,dc=houston,dc=netiq,dc=local")
memberOf = user.Get("memberOf")
if(varType(memberof) = 8204) then
for each x in memberOf
for each grp in user.Groups()