|
server
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
List members of Global group in NT domain.
Hai Friends,
My Boss wants list of members in 4 global groups in NT domain, in following format, 1. Full Name 2. NT logon Name 3. The group the user is member of (out of the 4 groups) Each group has about 200 users and it is impossible to get user information using net groups or global(NT Resource kit utility) commands. Any scripting help? Thank you in Advance. Afsal wrote:
> My Boss wants list of members in 4 global groups in NT domain, in It can be done using ADO in a VBScript program. To trick is to query on > following format, > 1. Full Name > 2. NT logon Name > 3. The group the user is member of (out of the 4 groups) > Each group has about 200 users and it is impossible to get user > information > using net groups or global(NT Resource kit utility) commands. > Any scripting help? > > Thank you in Advance. users that have any of the 4 group Distinguished Names in their memberOf attribute. You must specify the full Distinguished Names of the groups. By "Full Name" I assume you mean the Common Name (the value of the cn attribute). Retrieving the values of the cn and sAMAccountName attributes is easy. The hard part is also outputing which of the 4 groups the user belongs to. The only way I can think of is to retrieve all group memberships, loop through them, and test for each of the 4. In the example below I delimit the values with semicolons. =========== Option Explicit Dim adoCommand, adoConnection, strBase, strFilter, strAttributes Dim objRootDSE, strDNSDomain, strQuery, adoRecordset Dim strGroup1, strGroup2, strGroup3, strGroup4 Dim strCN, strNTName, arrGroups, strGroup, strList ' Specify Distinguished Names of groups. strGroup1 = "cn=Sales,ou=West,dc=MyDomain,dc=com" strGroup2 = "cn=Engr,ou=East,dc=MyDomain,dc=com" strGroup3 = "cn=Accounting,ou=North,dc=MyDomain,dc=com" strGroup4 = "cn=IT,ou=South,dc=MyDomain,dc=com" ' Setup ADO objects. Set adoCommand = CreateObject("ADODB.Command") Set adoConnection = CreateObject("ADODB.Connection") adoConnection.Provider = "ADsDSOObject" adoConnection.Open "Active Directory Provider" adoCommand.ActiveConnection = adoConnection ' Search entire Active Directory domain. Set objRootDSE = GetObject("LDAP://RootDSE") strDNSDomain = objRootDSE.Get("defaultNamingContext") strBase = "<LDAP://" & strDNSDomain & ">" ' Filter on all users that are members of any of 4 groups. strFilter = "(&(objectCategory=person)(objectClass=user)" _ & "(|" _ & "(memberOf=" & strGroup1 & ")" _ & "(memberOf=" & strGroup2 & ")" _ & "(memberOf=" & strGroup3 & ")" _ & "(memberOf=" & strGroup4 & ")" _ & "))" _ ' Comma delimited list of attribute values to retrieve. strAttributes = "cn,sAMAccountName,memberOf" ' Construct the LDAP syntax query. strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree" adoCommand.CommandText = strQuery adoCommand.Properties("Page Size") = 100 adoCommand.Properties("Timeout") = 30 adoCommand.Properties("Cache Results") = False ' Run the query. Set adoRecordset = adoCommand.Execute ' Enumerate the resulting recordset. Do Until adoRecordset.EOF ' Retrieve values. strCN = adoRecordset.Fields("cn").Value strNTName = adoRecordset.Fields("sAMAccountName").Value arrGroups = adoRecordset.Fields("memberOf").Value strList = "" ' We know there is at least one group membership. ' Only list memberships in any of the 4 specified. For Each strGroup In arrGroups If (strGroup = strGroup1) Or (strGroup = strGroup2) _ Or (strGroup = strGroup3) Or (strGroup = strGroup4) Then strList = strList & ";" & strGroup End If Next ' The value of strList starts with ";". Wscript.Echo strCN & ";" & strNTName & strList ' Move to the next record in the recordset. adoRecordset.MoveNext Loop ' Clean up. adoRecordset.Close adoConnection.Close =============== For more on using ADO in VBScript programs, see this link: http://www.rlmueller.net/ADOSearchTips.htm Thank you Richard,
As today is monday, I am held up in other works. I will let know the answer, once it is completed. Dear Richard Mueller,
I have following issue with the script. Since I work in the NT domain, I dont know how to convert the following lines in your code: strGroup1 = "cn=Sales,ou=West,dc=MyDomain,dc=com" strGroup2 = "cn=Engr,ou=East,dc=MyDomain,dc=com" strGroup3 = "cn=Accounting,ou=North,dc=MyDomain,dc=com" strGroup4 = "cn=IT,ou=South,dc=MyDomain,dc=com" MY domain is RAC_MASTER, and one of the user group is DIP_Acorde_Admin. I also tried using the script in the your site EnumGroup.vbs but ran into similar problem. My issue now to write my NT domain RAC_MASTER, group DIP_Acorde_Admin as in the syntax below "cn=Accounting,ou=North,dc=MyDomain,dc=com" I tried the following but with no success cn=DIP_Acorde_Admin, dc=RAC_MASTER My apologies. I missed that your domain is NT. ADO cannot be used in NT
domains, because NT is not LDAP compliant. You cannot use the LDAP provider in NT domains, you must use the WinNT provider. I can think of a few ways, but all are brute force methods and slow. The most direct method is to bind to the 4 groups, bind to the domain, enumerate all users in the domain and for each user check if they are a member of any of 4 groups (using the IsMember method of the group). =============== ' Bind to the four groups. Set objGroup1 = GetObject("WinNT://RAC_Master/DIP_Acorde_Admin,group") Set objGroup2 = GetObject("WinNT://RAC_Master/Accounting,group") Set objGroup3 = GetObject("WinNT://RAC_Master/Sales,group") Set objGroup4 = GetObject("WinNT://RAC_Master/Engineering,group") ' Bind to the domain. Set objDomain = GetObject("WinNT://RAC_Master") ' Filter on user objects. objDomain.Filter = Array("user") ' Enumerate all users in the domain. For Each objUser In objDomain ' Keep track of which of the 4 groups the user is a member. ' The IsMember method returns True or False. blnGroup1 = objGroup1.IsMember(objUser.AdsPath) blnGroup2 = objGroup1.IsMember(objUser.AdsPath) blnGroup3 = objGroup1.IsMember(objUser.AdsPath) blnGroup4 = objGroup1.IsMember(objUser.AdsPath) ' Output only if user is a member of at least one of the groups. If (blnGroup1 = True) Or (blnGroup2 = True) _ Or (blnGroup3 = True) Or (blnGroup4 = True) Then Wscript.Echo objUser.FullName & "," & objUser.Name _ & "," & CStr(blnGroup1) & "," & CStr(blnGroup2) _ & "," & CStr(blnGroup2) & "," & CStr(blnGroup4) End If Next =========== In the above I delimited values with commas. The last four values are True or False depending on which groups the user is a member. The output can be redirected to a text file and read into a spreadsheet. This method requires binding to all users, which can be slow if there are many users. Show quote "Afsal" <afsal@AVIVA> wrote in message news:3B3375BD-D2D8-41B3-A77D-6523153462EA@microsoft.com... > > > Dear Richard Mueller, > > I have following issue with the script. Since I work in > the NT domain, I dont know how to convert the following lines in your > code: > > strGroup1 = "cn=Sales,ou=West,dc=MyDomain,dc=com" > strGroup2 = "cn=Engr,ou=East,dc=MyDomain,dc=com" > strGroup3 = "cn=Accounting,ou=North,dc=MyDomain,dc=com" > strGroup4 = "cn=IT,ou=South,dc=MyDomain,dc=com" > > MY domain is RAC_MASTER, and one of the user group is DIP_Acorde_Admin. I > also tried using the script in the your site EnumGroup.vbs but ran into > similar problem. > > My issue now to write my NT domain RAC_MASTER, group DIP_Acorde_Admin as > in > the syntax below > "cn=Accounting,ou=North,dc=MyDomain,dc=com" > I tried the following but with no success > cn=DIP_Acorde_Admin, dc=RAC_MASTER > Dear Richard,
It works like magic. Without this script, I would have been forced to spend this weekend here at office. Again Thank you.  |
|||||||||||||||||||||||
Other interesting topics