|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
Tool to list group membersIs there a tool available to output a list of group members. I would like
to have something that could be run by a few users without programming experience. thanks Carl -- Carl wrote:
> Is there a tool available to output a list of group members. I would To enumerate the direct members of the group with "pre-Windows 2000" name > like to have something that could be run by a few users without > programming experience. > "Test Group": dsquery group domainroot -samid "Test Group" | dsget group -members Or, using Joe Richards' free adfind utility: adfind -b "dc=MyDomain,dc=com" -f "(sAMAccountName=Test Group)" member For local groups, use
net localgroup groupname For domain groups, assuming that you are interested in direct membership only, the following would suffice: dsget group "DN" -members where DN represents distinguished name of the group object... hth Marcin Show quoteHide quote "CRhadley" <c***@anywhere.com> wrote in message news:Od7NXEO%23JHA.2824@TK2MSFTNGP03.phx.gbl... > Is there a tool available to output a list of group members. I would > like to have something that could be run by a few users without > programming experience. > > thanks > > Carl > > -- > Hi
ADExplorer (All GUI Based) - Freely Downloadable Regards -- Show quoteHide quoteGarry Starck MCITP Enterprise Administrator, MCTS AD, MCSE 2003 Messaging, MCDBA "Marcin" wrote: > For local groups, use > net localgroup groupname > > For domain groups, assuming that you are interested in direct membership > only, the following would suffice: > dsget group "DN" -members > where DN represents distinguished name of the group object... > > hth > Marcin > > "CRhadley" <c***@anywhere.com> wrote in message > news:Od7NXEO%23JHA.2824@TK2MSFTNGP03.phx.gbl... > > Is there a tool available to output a list of group members. I would > > like to have something that could be run by a few users without > > programming experience. > > > > thanks > > > > Carl > > > > -- > > > > > You can run a report with my script:
[code] '======================================================================= === ' ' NAME: GetGroupMembers.vbs ' ' AUTHOR: Mark D. MacLachlan , The Spider's Parlor ' URL: http://www.thespidersparlor.com ' DATE : 3/23/2005 ' ' COMMENT: Dumps group members to text file. ' ' THIS SCRIPT AND MANY MORE CAN BE FOUND IN THE ADMIN SCRIPT PACK ' HTTP://WWW.THESPIDERSPARLOR.COM/PRODUCTS ' ' THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF ' ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO ' THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A ' PARTICULAR PURPOSE. ' ' IN NO EVENT SHALL THE SPIDER'S PARLOR AND/OR ITS RESPECTIVE SUPPLIERS ' BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY ' DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, ' WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ' ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE ' OF THIS CODE OR INFORMATION. '======================================================================= === Dim sResultText,Grps,MemberList Dim oRootDSE, oConnection, oCommand, oRecordSet Set oRootDSE = GetObject("LDAP://rootDSE") Set oConnection = CreateObject("ADODB.Connection") oConnection.Open "Provider=ADsDSOObject;" Set objCommand = CreateObject("ADODB.Command") objCommand.ActiveConnection = oConnection ldstring = "<LDAP://" & oRootDSE.get("defaultNamingContext") & ">;" objCommand.CommandText=ldstring & "(objectClass=group);name,SamAccountName" Set oRecordSet = objCommand.Execute() Do While Not oRecordSet.EOF sResultText = sResultText & oRecordSet.Fields("samAccountName") & vbCrLf 'WScript.Echo oRecordSet.Fields("samAccountName") & vbCrLf MemberList=RetrieveUsers(dom,oRecordSet.Fields("samAccountName")) 'WScript.Echo Memberlist sResultText = sResultText & memberlist & vbCrLf & "************************************" & vbCrLf oRecordSet.MoveNext Loop 'Wscript.Echo sResultText Set fso = CreateObject("Scripting.FileSystemObject") Set ts = fso.CreateTextFile (dom & "DomainGroupUsers.txt", ForWriting) ts.write sResultText MsgBox "Done" '*********************************************************************** ****************** '*********************************************************************** ****************** Function RetrieveUsers(domainName,grpName) dim dom dim grp dim GrpObj dim mbrlist dim mbr '----------------------------------------------------------------------- -------- ' *** Enumerate Group Members *** '----------------------------------------------------------------------- -------- grp = grpName Set objDomain = getObject("LDAP://rootDse") domainName = objDomain.Get("dnsHostName") ' Build the ADSI query and retrieve the group object Set GrpObj = GetObject("WinNT://" & domainName & "/" & grp & ",group") ' Loop through the group membership and build a string containing the names for each mbr in GrpObj.Members On error resume next mbremail = SearchEmail(mbr.name) If Err Then mbrlist = mbrlist & vbTab & mbr.name & vbCrLf Else 'if you don't want the email addresses, then copy the line 2 up to below mbrlist = mbrlist & vbTab & mbr.name & vbTab & vbTab & mbremail+ vbCrLf End If Next 'The next line returns mbrlist back up to the main body RetrieveUsers=mbrlist End Function Public Function SearchEmail(ByVal vSAN) ' Function: SearchDistinguishedName ' Description: Searches the DistinguishedName for a given SamAccountName ' Parameters: ByVal vSAN - The SamAccountName to search ' Returns: The DistinguishedName Name Dim oRootDSE, oConnection, oCommand, oRecordSet Set oRootDSE = GetObject("LDAP://rootDSE") Set oConnection = CreateObject("ADODB.Connection") oConnection.Open "Provider=ADsDSOObject;" Set oCommand = CreateObject("ADODB.Command") oCommand.ActiveConnection = oConnection oCommand.CommandText = "<LDAP://" & oRootDSE.get("defaultNamingContext") & _ "<;(&(objectCategory=User)(samAccountName=" & vSAN & "));mail;subtree" Set oRecordSet = oCommand.Execute On Error Resume Next SearchEmail = oRecordSet.Fields("mail") On Error GoTo 0 oConnection.Close Set oRecordSet = Nothing Set oCommand = Nothing Set oConnection = Nothing Set oRootDSE = Nothing End Function [/code] The book "Windows Administration Resource Kit: Productive Solutions for IT
Professionals" has a nice little simple HTA that does this. It even gives you members of nested groups. Because it has an exteremly simple interface, it would be perfect for use by less technical users. -Joseph Show quoteHide quote "CRhadley" wrote: > Is there a tool available to output a list of group members. I would like > to have something that could be run by a few users without programming > experience. > > thanks > > Carl > > -- > > > 
Other interesting topics
w2k3 R2 time services
DCpromo issue. Health check on AD and group policy. Inconstant netlogon folders wWin2008 DC local area connection> Link layers LDAP issues - mimesweeper for web & Active Directory Migrating from AD 2000 to 2003 sysvol folders missing Local Administrator Rights LSASS Bleeding Over Active Directory is down |
|||||||||||||||||||||||
