Rob
Sun Apr 08 11:16:07 CDT 2007
Thanks for the example Richard I try this at work
"Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> schreef in
bericht news:eZmhTa8dHHA.4188@TK2MSFTNGP02.phx.gbl...
> Rob wrote:
>
> "Rob" <testscr@hotmail.com> wrote in message
> news:46155732$0$47695$dbd45001@news.wanadoo.nl...
>> I`m looking for a VBS script to read the users from the local
>> Administrators group.
>> In the local Administrators group there is a lot of local users but
>> also Global users
>> If there is a global group in the local admin group, i want the users
>> read too.
>
> A tricky problem. The WinNT provider must be used for local objects, but
> the LDAP provider is required to reveal nesting of domain objects. The
> example below should work:
> ===================
> Option Explicit
>
> Dim objNetwork, objLocalGroup
>
> ' These attributes must be declared in the main program,
> ' so they are global in scope.
> Dim objTrans, strComputer, strNetBIOSDomain
>
> ' Constants for the NameTranslate object.
> Const ADS_NAME_INITTYPE_GC = 3
> Const ADS_NAME_TYPE_NT4 = 3
> Const ADS_NAME_TYPE_1779 = 1
>
> ' Determine domain name and local computer name.
> Set objNetwork = CreateObject("Wscript.Network")
> strNetBIOSDomain = objNetwork.UserDomain
> strComputer = objNetwork.ComputerName
>
> ' Bind to local Administrators group.
> Set objLocalGroup = GetObject("WinNT://" & strComputer _
> & "/Administrators,group")
>
> ' Enumerate group membership.
> Call EnumLocalGroup(objLocalGroup)
>
> Sub EnumLocalGroup(objGroup)
> Dim objMember
>
> ' Enumerate direct members of group.
> For Each objMember In objGroup.Members
> Wscript.Echo objMember.AdsPath
> ' Test if member is a group.
> If (LCase(objMember.Class) = "group") Then
> ' Nested group.
> ' Test if objMember is a local group.
> If (InStr(LCase(objMember.AdsPath), "/" _
> & LCase(strComputer) & "/") > 0) Then
> ' objMember is a local group.
> ' Call sub recursively to enumerate nested local group.
> Call EnumLocalGroup(objMember)
> Else
> ' objMember is a domain group.
> ' Call sub that uses LDAP provider to enumerate
> ' nested domain group.
> Call EnumDomainGroup(objMember, True)
> End If
> End If
> Next
>
> End Sub
>
> Sub EnumDomainGroup(objDomainGroup, blnNT)
> ' Sub to enumerate members of domain group.
> ' blnNT is True if objDomainGroup
> ' was bound with WinNT, False if bound with LDAP.
> ' The variables objTran and strNetBIOSDomain have global scope.
>
> Dim strNTName
> Dim strGroupDN, objGroup, objMember
>
> ' Check if this function called before.
> If (IsEmpty(objTrans) = True) Then
> ' Setup NameTranslate to convert NT name of group
> ' to Distinguished Name required by the LDAP provider.
> Set objTrans = CreateObject("NameTranslate")
> objTrans.Init ADS_NAME_INITTYPE_GC, ""
> strNTName = strNetBIOSDomain & "\" & objDomainGroup.Name
> objTrans.Set ADS_NAME_TYPE_NT4, strNTName
> strGroupDN = objTrans.Get(ADS_NAME_TYPE_1779)
> Else
> ' NameTranslate already setup. Check if objDomainGroup
> ' bound with WinNT.
> If (blnNT = True) Then
> ' Convert objDomainGroup NT name to Distinguished Name
> ' required by the LDAP provider.
> strNTName = strNetBIOSDomain & "\" & objDomainGroup.Name
> objTrans.Set ADS_NAME_TYPE_NT4, strNTName
> strGroupDN = objTrans.Get(ADS_NAME_TYPE_1779)
> Else
> ' objDomainGroup bound with LDAP. Retrieve Distinguished Name.
> strGroupDN = objDomainGroup.distinguishedName
> End If
> End If
> ' Bind to group with the LDAP provider, if required.
> If (blnNT = True) Then
> Set objGroup = GetObject("LDAP://" & strGroupDN)
> Else
> Set objGroup = objDomainGroup
> End If
> ' Enumerate direct members of objDomainGroup (bound with LDAP).
> For Each objMember In objGroup.Members
> Wscript.Echo objMember.AdsPath
> ' Check if objMember is a group.
> If (LCase(objMember.Class) = "group") Then
> ' Call sub recursively. objMember bound with LDAP.
> Call EnumDomainGroup(objMember, False)
> End If
> Next
>
> End Sub
>
> --
> Richard Mueller
> Microsoft MVP Scripting and ADSI
> Hilltop Lab -
http://www.rlmueller.net
> --
>
>