VBScript to enumerate all members of groups

TheMSsForum.com: The Microsoft Software Forum

Just some background: My organization is an OU within a larger OU.
Within my organizational unit I have OU's for Users, Computers and
Servers. Within my Users OU, I want to dump the membership of all the
groups into a text file. Which I can then import into excel. Anyone
have any pointers or example scripts I can look at?

Thanks

Chris
Top

Re: VBScript to enumerate all members of groups by Stace

Stace
Fri Jan 26 10:51:27 CST 2007

"cmatera" <cmatera@gmail.com> wrote in message
news:1169826303.886728.89620@v33g2000cwv.googlegroups.com...
> Just some background: My organization is an OU within a larger OU.
> Within my organizational unit I have OU's for Users, Computers and
> Servers. Within my Users OU, I want to dump the membership of all the
> groups into a text file. Which I can then import into excel. Anyone
> have any pointers or example scripts I can look at?
>
> Thanks
>
> Chris
>
Chris,

Here's a script that reads a file of users and then evaluates the group
membership for them, writing the results to Excel. It might give you some
ideas:

' VB Script to read a file of user names or logon ids, evaluate their Active
Directory Group
' Membership using the Global Catalog and write the results into a
spreadsheet
Option Explicit

Const ForReading = 1
Const INPUTFILE = "c:\test\input.txt"
Const OUTPUTFILE = "c:\test\groups.xls"

Dim objFSO, objFile
Dim strLine
Dim objXL,objWB,objWS
Dim col, i
Dim objRootDSE, strGCRoot

' find domain root
Set objRootDSE = GetObject("GC://rootDSE")
strGCRoot = objRootDSE.Get("defaultNamingContext")

' create output file
Set objXL = CreateObject("Excel.Application")
objXL.DisplayAlerts = False
objXL.Visible = False
Set objWB = objXL.Workbooks.Add
Set objWS = objWB.Worksheets(1)

'set col count
col = 1

' process if input file exists
Set objFSO = CreateObject("Scripting.FileSystemObject")
If objFSO.FileExists(INPUTFILE) Then
Set objFile = objFSO.OpenTextFile(INPUTFILE, ForReading)

Do until objFile.AtEndOfStream
strLine = objFile.ReadLine
If strLine <> "" Then
ProcessUser strGCroot, strLine, col
' increment column count
col = col + 1
End If
Loop

' close file
objFile.Close
Set objFSO=Nothing

' auto-size Excel columns to fit text
For i = 1 To col
objWS.Columns(i).EntireColumn.AutoFit
Next

'save the Excel Workbook
objWB.SaveAs(OUTPUTFILE)
objXL.Quit
Set objXL=Nothing
Else
MsgBox "ERROR - input file " & INPUTFILE & " does not exist."
End If

' done
MsgBox "Finished"
WScript.Quit

Sub ProcessUser(sGCRoot, strUser, xlcol)

Dim objUser
Dim xlrow, objSortRange, objSortKey
Dim sLDAP
Dim Grp, objGrp
Dim xlAscending, xlYes
Dim objConn, objCmd, objRS

WScript.Echo "Processing: " & strUser

' write input data to output
objWS.Cells(1,xlcol).Value = strUser

' get user from Global Catalog assuming input is full name
Set objConn = CreateObject("ADODB.Connection")
objConn.Open "Provider=ADsDSOObject;"
Set objCmd = CreateObject("ADODB.Command")
objCmd.ActiveConnection = objConn

objCmd.CommandText = "<GC://" & sGCRoot & ">;(&(CN=" & strUser &
"));distinguishedName;subtree"

Set objRS = objCmd.Execute

' check if rows returned
If objRS.RecordCount > 0 Then
objRS.MoveFirst
Do While Not objRS.EOF
sLDAP = CStr(objRS.Fields("distinguishedName"))
objRS.MoveNext
Loop
Else
' try again assuming input is user id instead
objCmd.CommandText = "<GC://" & sGCRoot & ">;(&(sAMAccountName=" &
strUser & "));distinguishedName;subtree"

Set objRS = objCmd.Execute

' check if rows returned this time
If objRS.RecordCount > 0 Then
objRS.MoveFirst
Do While Not objRS.EOF
sLDAP = CStr(objRS.Fields("distinguishedName"))
objRS.MoveNext
Loop
Else
' not found using either name or user id
sLDAP = "NOT FOUND"
End If
End If

If sLDAP <> "NOT FOUND" Then
' found the user
Set objUser = GetObject("GC://" & sLDAP)
objWS.Cells(2,xlcol).Value = objUser.Get("displayName")
objWS.Cells(2,xlcol).Font.Bold = True

' set row
xlrow = 3

' eval groups
For Each Grp In objUser.GetEx("memberOf")
Set objGrp = GetObject("GC://" & Grp)
objGrp.Get("cn")
objWS.Cells(xlrow,xlcol).Value = objGrp.Get("cn")
xlrow = xlrow + 1
Next

' sort the group list alphabetically
Set objSortRange =
objWS.Range(objWS.Cells(3,xlcol),objWS.Cells(xlrow,xlcol))
Set objSortKey = objWS.Cells(3,xlcol)
objSortRange.Sort objSortKey
Set objSortRange = Nothing
Set objSortKey = Nothing

Else
objWS.Cells(2,xlcol).Value = "NOT FOUND"
End If

End Sub

HTH,
Stace


Top

Re: VBScript to enumerate all members of groups by Richard

Richard
Fri Jan 26 11:19:52 CST 2007

Chris wrote:

> Just some background: My organization is an OU within a larger OU.
> Within my organizational unit I have OU's for Users, Computers and
> Servers. Within my Users OU, I want to dump the membership of all the
> groups into a text file. Which I can then import into excel. Anyone
> have any pointers or example scripts I can look at?

I have some same VBScript programs that should help. First example documents
all groups in Active Directory:

http://www.rlmueller.net/Document%20Domain%20Groups.htm

Second example documents membership in one group:

http://www.rlmueller.net/List%20Members%20of%20a%20Group.htm

The first example shows direct membership only, but membership due to group
nesting can be determined from the output. The second example reveals
membership due to group nesting.

--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab web site - http://www.rlmueller.net
--


Top

Re: VBScript to enumerate all members of groups by cmatera

cmatera
Fri Jan 26 12:48:50 CST 2007

Ok, I see that both scripts do something similar:

' Determine the DNS domain from the RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")

How would I modify this so that it doesn't go to the root - but rather
goes right into my OU?

Thanks for all the help - it is very much appreciated

-Chris


On Jan 26, 12:19 pm, "Richard Mueller [MVP]"
<rlmueller-NOS...@ameritech.NOSPAM.net> wrote:
> Chris wrote:
> > Just some background: My organization is an OU within a larger OU.
> > Within my organizational unit I have OU's for Users, Computers and
> > Servers. Within my Users OU, I want to dump the membership of all
> > groups into a text file. Which I can then import into excel. Anyone
> > have any pointers or example scripts I can look at?I have some same VBScript programs that should help. First example documents
> all groups in Active Directory:
>
> http://www.rlmueller.net/Document%20Domain%20Groups.htm
>
> Second example documents membership in one group:
>
> http://www.rlmueller.net/List%20Members%20of%20a%20Group.htm
>
> The first example shows direct membership only, but membership due to group
> nesting can be determined from the output. The second example reveals
> membership due to group nesting.
>
> --
> Richard
> Microsoft MVP Scripting and ADSI
> Hilltop Lab web site -http://www.rlmueller.net
> --

Top

Re: VBScript to enumerate all members of groups by Richard

Richard
Fri Jan 26 13:06:15 CST 2007

You can hard code the Distinguished Name of the OU you want to use as the
base of the search. Instead of:

"<LDAP://" & strDNSDomain & ">"

replace strDNSDomain with the Distinguished Name. For example:

"<LDAP://ou=Sales,ou=West,dc=MyDomain,dc=com>"

--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab web site - http://www.rlmueller.net
--

"cmatera" <cmatera@gmail.com> wrote in message
news:1169837330.811678.245340@j27g2000cwj.googlegroups.com...
> Ok, I see that both scripts do something similar:
>
> ' Determine the DNS domain from the RootDSE object.
> Set objRootDSE = GetObject("LDAP://RootDSE")
> strDNSDomain = objRootDSE.Get("defaultNamingContext")
>
> How would I modify this so that it doesn't go to the root - but rather
> goes right into my OU?
>
> Thanks for all the help - it is very much appreciated
>
> -Chris
>
>
> On Jan 26, 12:19 pm, "Richard Mueller [MVP]"
> <rlmueller-NOS...@ameritech.NOSPAM.net> wrote:
> > Chris wrote:
> > > Just some background: My organization is an OU within a larger OU.
> > > Within my organizational unit I have OU's for Users, Computers and
> > > Servers. Within my Users OU, I want to dump the membership of all
> > > groups into a text file. Which I can then import into excel. Anyone
> > > have any pointers or example scripts I can look at?I have some same
VBScript programs that should help. First example documents
> > all groups in Active Directory:
> >
> > http://www.rlmueller.net/Document%20Domain%20Groups.htm
> >
> > Second example documents membership in one group:
> >
> > http://www.rlmueller.net/List%20Members%20of%20a%20Group.htm
> >
> > The first example shows direct membership only, but membership due to
group
> > nesting can be determined from the output. The second example reveals
> > membership due to group nesting.
> >
> > --
> > Richard
> > Microsoft MVP Scripting and ADSI
> > Hilltop Lab web site -http://www.rlmueller.net
> > --
>


Top