Check Group members

[Digitalcandy]

Is there a way to emulate Group members all at once without supplying the full path to the OU the group is in? Right now I'm using the sample code from Microsoft, but it requires the exact location in AD, and it also lists each user one at a time.


Sample code I'm using:




Set objGroup = GetObject _
("LDAP://cn=Managers,ou=management,dc=fabrikam,dc=com")
For each objMember in objGroup.Members
Wscript.Echo objMember.Name
Next

 

[markdmac]

This might help you. Will enumerate all domain groups and the users in them along with their email addresses and dump the results to a file.

'==========================================================================
'
' NAME: GetGroupMembers.vbs
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL: [URL unfurl="true"]http://www.thespidersparlor.com[/URL]
' DATE  : 3/23/2005
'
' COMMENT: <comment>
'
'==========================================================================


Dim sResultText,Grps,MemberList
Dim oRootDSE, oConnection, oCommand, oRecordSet
Set oRootDSE = GetObject("LDAP://rootDSE")
Set oConnection = CreateObject("ADODB.Connection")
oConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = oConnection

ldstring = "<LDAP://" & oRootDSE.get("defaultNamingContext") & ">;" 

objCommand.CommandText=ldstring & "(objectClass=group);name,SamAccountName"

Set oRecordSet = objCommand.Execute()
Do While Not oRecordSet.EOF
	sResultText = sResultText & oRecordSet.Fields("samAccountName") & vbCrLf
	'WScript.Echo oRecordSet.Fields("samAccountName") & vbCrLf
	MemberList=RetrieveUsers(dom,oRecordSet.Fields("samAccountName"))
	'WScript.Echo Memberlist
	sResultText = sResultText & memberlist & vbCrLf & "************************************" & vbCrLf
	
	oRecordSet.MoveNext
Loop
'Wscript.Echo sResultText


Set fso = CreateObject("Scripting.FileSystemObject")
Set ts = fso.CreateTextFile (dom & "DomainGroupUsers.txt", ForWriting)
ts.write sResultText
MsgBox "Done"


'*****************************************************************************************
'*****************************************************************************************
Function RetrieveUsers(domainName,grpName)

dim dom
dim grp
dim GrpObj
dim mbrlist
dim mbr

'-------------------------------------------------------------------------------
' *** Enumerate Group Members ***
'-------------------------------------------------------------------------------

grp = grpName
Set objDomain = getObject("LDAP://rootDse")
domainName = objDomain.Get("dnsHostName")
' Build the ADSI query and retrieve the group object
Set GrpObj = GetObject("WinNT://" & domainName & "/" & grp & ",group")

' Loop through the group membership and build a string containing the names
for each mbr in GrpObj.Members
   On error resume next
   mbremail = SearchEmail(mbr.name)  
   If Err Then
	   mbrlist = mbrlist & vbTab & mbr.name & vbCrLf
   Else
   'if you don't want the email addresses, then copy the line 2 up to below
	   mbrlist = mbrlist & vbTab & mbr.name & vbTab & vbTab & mbremail+ vbCrLf
   End If
Next

'The next line returns mbrlist back up to the main body
RetrieveUsers=mbrlist

End Function

Public Function SearchEmail(ByVal vSAN)
    ' Function:     SearchDistinguishedName
    ' Description:  Searches the DistinguishedName for a given SamAccountName
    ' Parameters:   ByVal vSAN - The SamAccountName to search
    ' Returns:      The DistinguishedName Name
    Dim oRootDSE, oConnection, oCommand, oRecordSet

    Set oRootDSE = GetObject("LDAP://rootDSE")
    Set oConnection = CreateObject("ADODB.Connection")
    oConnection.Open "Provider=ADsDSOObject;"
    Set oCommand = CreateObject("ADODB.Command")
    oCommand.ActiveConnection = oConnection
    oCommand.CommandText = "<LDAP://" & oRootDSE.get("defaultNamingContext") & _
        ">;(&(objectCategory=User)(samAccountName=" & vSAN & "));mail;subtree"
    Set oRecordSet = oCommand.Execute
    On Error Resume Next
    SearchEmail = oRecordSet.Fields("mail")
    On Error GoTo 0
    oConnection.Close
    Set oRecordSet = Nothing
    Set oCommand = Nothing
    Set oConnection = Nothing
    Set oRootDSE = Nothing
End Function

I hope you find this post helpful.

Regards,

Mark

 

[Digitalcandy]

This will work, but I'd like to specify the Group, and not have it output all groups in the domain.

Thanks.

 

[markdmac]

Replace

'WScript.Echo oRecordSet.Fields("samAccountName") & vbCrLf
    MemberList=RetrieveUsers(dom,oRecordSet.Fields("samAccountName"))
    'WScript.Echo Memberlist
    sResultText = sResultText & memberlist & vbCrLf & "************************************" & vbCrLf

With something like this where GroupName is the group you want to list members for.

If oRecordSet.Fields("samAccountName") = "GroupName" Then
    MemberList=RetrieveUsers(dom,oRecordSet.Fields("samAccountName"))
    'WScript.Echo Memberlist
    sResultText = sResultText & memberlist & vbCrLf & "************************************" & vbCrLf
End If

I hope you find this post helpful.

Regards,

Mark