Active Directory Group Memberships

Forums

My Profile

Inbox

Address Book

My Subscription

My Forums

Active Directory Group Memberships

Logged in as: Guest

arrSession:exec spGetSession 2,2,39338

	Active Users: There are 0 members and 0 guests.
	Users viewing this topic: none

Printable Version

All Forums >> [Scripting] >> WSH & Client Side VBScript >> Active Directory Group Memberships
Do you like VisualBasicScript.com? Link to us and help spread the word about our forum. Thanks!

Page: [1]

Message

<< Older Topic Newer Topic >>

Active Directory Group Memberships - 11/1/2006 9:44:01 AM

Hbelt

Posts: 2
Score: 0
Joined: 10/31/2006
Status: offline

I am very new to vb scripting and I need to write a script that will query certain groups (predefined groups containing one of two keywords) in AD and then generate a list of members (UserID, givenName, sn, and name of group).

Any assistance would be greatly appreciated.

Post #: 1

RE: Active Directory Group Memberships - 11/1/2006 8:18:03 PM

gdewrance

Posts: 587
Score: 3
Joined: 3/16/2006
Status: offline

search the post a script area
http://www.visualbasicscript.com/m_29830/mpage_1/key_groups/tm.htm#34947

(in reply to Hbelt)

Post #: 2

RE: Active Directory Group Memberships - 11/2/2006 2:00:23 AM

SAPIENScripter

Posts: 276
Score: 2
Joined: 11/1/2006
From: SAPIEN Technologies
Status: offline

Are you looking for something like this?

'Dumpgroup.vbs
'v1.0 July 2003
'Jeffery Hicks MCSE, MCT
'jhicks@jdhitsolutions.com    
'http://jdhitsolutions.blogspot.com

'USAGE: cscript dumpgroup.vbs [groupname]
'    for example:  cscript dumpgroup.vbs 
'DESC: DumpList will list all members of the specified group. The members output will
'also display their class, ie user or group.  Output is comma separated.

'If you do not specify a groupname as a parameter, you will be prompted.

'NOTES: To save the output to a text file, use CSCRIPT Enumgroups.vbs >>DUMP.TXT

'DO NOT use Wscript, or you will be pressing the Enter key for a long time.

'    *********************************************************************************
'    * THIS PROGRAM IS OFFERED AS IS AND MAY BE FREELY MODIFIED OR ALTERED AS        *
'    * NECESSARY TO MEET YOUR NEEDS.  THE AUTHOR MAKES NO GUARANTEES OR WARRANTIES,  *
'    * EXPRESS, IMPLIED OR OF ANY OTHER KIND TO THIS CODE OR ANY USER MODIFICATIONS. *
'    * DO NOT USE IN A PRODUCTION ENVIRONMENT UNTIL YOU HAVE TESTED IN A SECURED LAB *
'    * ENVIRONMENT. USE AT YOUR OWN RISK.                                            *
'    *********************************************************************************

On Error Resume Next
Dim oGrp, oArgs, WshNetwork,wshell
Set wshell=CreateObject("wscript.shell")
set WshNetwork=CreateObject("WScript.Network")
set oArgs=wscript.Arguments

'you can pass a group name as a parameter, otherwise you will be prompted.
if oArgs(0)="" then
strGrpName=InputBox("Enter the name of the group to dump.  You quotes around names with spaces.","Group Info",CHR(34) & "Domain Admins" & Chr(34))
else
strGrpName = oArgs(0)
end if

Set oGrp = GetObject("WinNT://" & WshNetwork.UserDomain & "/" & strGrpName & ",group")
if Err.Number <0 then
 wscript.echo "Failed to connect to " & WshNetwork.UserDomain & " or find group " & UCASE(strGrpName)
 wscript.echo "Error #"&err.number
 wscript.echo "Error Description (if available): " & err.description
 set oGrp=Nothing
 wscript.quit
end if
icount=0
set memberlist=oGrp.Members
for each member in memberlist
'display member name and class, such as user or computer
 wscript.echo member.Name & "," & member.Class 
 icount=icount+1
Next

strMsg="Counted " & icount & " members of " & WshNetwork.UserDomain & "\" & strGrpName
wshell.Popup strMsg,10,"Group Info",0+64

set oGrp = Nothing
set memberlist = Nothing
set oArgs = Nothing
set WSHNetwork = Nothing

wscript.quit

'EOF

_____________________________

Jeffery Hicks
Windows PowerShell MVP
SAPIEN Technologies - Scripting, Simplified. www.SAPIEN.com

Follow Me: http://www.twitter.com/JeffHicks

(in reply to Hbelt)

Post #: 3

RE: Active Directory Group Memberships - 11/2/2006 2:38:13 AM

Hbelt

Posts: 2
Score: 0
Joined: 10/31/2006
Status: offline

thanks gdewrance.

I am trying to use a txt file which contains the groups which I am interested in and then run a script which will Identify the members of the groups contained in the text file.

Example of text file:

Atlantes-HN-TST-Case Mgr-RW
Atlantes-HN Developers
Atlantes-HN-Prod-RFAX Users (RO)
Atlantes-HN-TST-Chief Med Officer-RW
RC-Atlantes-MHN-DEV2-Tools
Atlantes-HN-DEV/TST/UAT RFAXT users (RO)
Atlantes-HN-TST-Intake Coord-RW

or I can generate a text file like this:

Atlantes-HN-TST-Case Mgr-RW,OU=Groups,DC=subdomain,DC=domain,DC=com
Atlantes-HN Developers,OU=Groups,DC=subdomain,DC=domain,DC=com
Atlantes-HN-Prod-RFAX Users (RO),OU=Groups,DC=subdomain,DC=domain,DC=com
Atlantes-HN-TST-Chief Med Officer-RW,OU=Groups,DC=subdomain,DC=domain,DC=com
RC-Atlantes-MHN-DEV2-Tools,OU=Groups,DC=subdomain,DC=domain,DC=com
Atlantes-HN-DEV/TST/UAT RFAXT users (RO),OU=Groups,DC=subdomain,DC=domain,DC=com
Atlantes-HN-TST-Intake Coord-RW,OU=Groups,DC=subdomain,DC=domain,DC=com
RC-Atlantes-MHN-DEV-Tools,OU=Groups,DC=subdomain,DC=domain,DC=com
Atlantes-HN-TST-Med Dir-RW,OU=Groups,DC=subdomain,DC=domain,DC=com
RC-Atlantes-MHN-TRG-Tools,OU=Groups,DC=subdomain,DC=domain,DC=com

I have used this script, but it requires to enter the group name:

' EnumGroup.vbs
' VBScript program to document members of a group.
' Reveals nested group and primary group membership.
'
' ----------------------------------------------------------------------
' Copyright (c) 2002 Richard L. Mueller
' Hilltop Lab web site - http://www.rlmueller.net
' Version 1.0 - December 10, 2002
' Version 1.1 - January 24, 2003 - Include users whose Primary Group is
'                                  any nested group.
' Version 1.2 - February 19, 2003 - Standardize Hungarian notation.
' Version 1.3 - March 11, 2003 - Remove SearchScope property.
' Version 1.4 - April 30, 2003 - Use GetInfoEx to retrieve group
'                                primaryGroupToken.
' Version 1.5 - January 25, 2004 - Modify error trapping.
'
' You have a royalty-free right to use, modify, reproduce, and
' distribute this script file in any way you find useful, provided that
' you agree that the copyright owner above has no warranty, obligations,
' or liability for such use.
Option Explicit
Dim objGroup, strDN, objMemberList
Dim objConnection, objCommand, objRootDSE, strDNSDomain
' Dictionary object to track group membership.
Set objMemberList = CreateObject("Scripting.Dictionary")
objMemberList.CompareMode = vbTextCompare
' Check for required argument.
If Wscript.Arguments.Count < 1 Then
Wscript.Echo "Required argument <Distinguished Name> " _
   & "of group missing."
Wscript.Echo "For example:" & vbCrLf _
   & "cscript //nologo EnumGroup.vbs " _
   & """cn=Test Group,ou=Sales,dc=MyDomain,dc=com"""
Wscript.Quit(0)
End If
' Bind to the group object with the LDAP provider.
strDN = Wscript.Arguments(0)
On Error Resume Next
Set objGroup = GetObject("LDAP://CN=Accounts,DC=something,DC=domain,DC=com" & strDN)
If Err.Number <> 0 Then
On Error GoTo 0
Wscript.Echo "Group not found" & vbCrLf & strDN
Wscript.Quit(1)
End If
On Error GoTo 0
' Retrieve DNS domain name from RootDSE.
Set objRootDSE = GetObject("LDAP://DC=something,DC=domain,DC=com")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
' Setup ADO.
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
' Enumerate group membership.
Wscript.Echo "Members of group: " & objGroup.sAMAccountName
Call EnumGroup(objGroup, " ")
' Clean Up.
objConnection.Close
Set objGroup = Nothing
Set objRootDSE = Nothing
Set objCommand = Nothing
Set objConnection = Nothing
Sub EnumGroup(objADGroup, strOffset)
' Recursive subroutine to enumerate group membership.
' objMemberList is a dictionary object with global scope.
' objADGroup is a group object bound with the LDAP provider.
' This subroutine outputs a list of group members, one member
' per line. Nested group members are included. Users are also
' included if their primary group is objADGroup. objMemberList
' prevents an infinite loop if nested groups are circular.
Dim strFilter, strAttributes, objRecordSet, intGroupToken
Dim objMember, strQuery, strNTName
' Retrieve "primaryGroupToken" of group.
objADGroup.GetInfoEx Array("primaryGroupToken"), 0
intGroupToken = objADGroup.Get("primaryGroupToken")
' Use ADO to search for users whose "primaryGroupID" matches the
' group "primaryGroupToken".
strFilter = "(primaryGroupID=" & intGroupToken & ")"
strAttributes = "sAMAccountName"
strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter & ";" _
   & strAttributes & ";subtree"
objCommand.CommandText = strQuery
Set objRecordSet = objCommand.Execute
Do Until objRecordSet.EOF
   strNTName = objRecordSet.Fields("sAMAccountName")
   If Not objMemberList(strNTName) Then
     objMemberList(strNTName) = True
     Wscript.Echo strOffset & strNTName & " (Primary)" & " " & objGroup.sAMAccountName
   Else
     Wscript.Echo strOffset & strNTName & " (Primary, Duplicate)"& " " & objGroup.sAMAccountName
   End If
   objRecordSet.MoveNext
Loop
For Each objMember In objADGroup.Members
   If Not objMemberList(objMember.sAMAccountName) Then
     objMemberList(objMember.sAMAccountName) = True
     If UCase(Left(objMember.objectCategory, 8)) = "CN=GROUP" Then
       Wscript.Echo strOffset & objMember.sAMAccountName & " (Group)"
       Call EnumGroup(objMember, strOffset & " ")
     Else
       Wscript.Echo strOffset & objMember.sAMAccountName & " " & objGroup.sAMAccountName
     End If
   Else
     Wscript.Echo strOffset & objMember.sAMAccountName & " (Duplicate)" & " " & objGroup.sAMAccountName
   End If
Next
Set objMember = Nothing
Set objRecordSet = Nothing
End Sub

Any thoughts/suggestions would be greatly appreciated.

(in reply to gdewrance)

Post #: 4

If you found our site useful please link to us <a href="http://www.visualbasicscript.com">VisualBasicScript.com</a>.

All Forums >> [Scripting] >> WSH & Client Side VBScript >> Active Directory Group Memberships

Page: [1]

Jump to:

New Messages	No New Messages
Hot Topic w/ New Messages	Hot Topic w/o New Messages
Locked w/ New Messages	Locked w/o New Messages

Post New Thread

Reply to Message

Post New Poll

Submit Vote

Delete My Own Post

Delete My Own Thread

Rate Posts