bsharath
asked on
Find all users in the domain who are not a member of any group except 1 group called "New"
Hi,
Find all users in the domain who are not a member of any group except 1 group called "New".
I need to find just users who are the member of only "New" group..And the default Domain users...
The results to a file
Regards
Sharath
Find all users in the domain who are not a member of any group except 1 group called "New".
I need to find just users who are the member of only "New" group..And the default Domain users...
The results to a file
Regards
Sharath
ASKER
SjoerdvW
When i mention the group name i dont get any results...
When i mention the group name i dont get any results...
Sharath,
Change this line
If ((group = newGroup) and (count = 1)) Then
to
If ((group = New) and (count = 1)) Then
Hope this helps....
regards
Chandru
Change this line
If ((group = newGroup) and (count = 1)) Then
to
If ((group = New) and (count = 1)) Then
Hope this helps....
regards
Chandru
ASKER
I am sure there are many users but get none in the file.(Output)
Can you confirm whether the group is "new" or "New"?
Try both ways and see
regards
Chandru
Try both ways and see
regards
Chandru
ASKER
I tryed both cases but still no output.I even tried with different groups also but no results.
Can you please post the output of following statements.
Click Start -> Run -> Cmd.exe -> OK
DSQuery Group -Name "New"
DSQuery Group -Name "New*"
DSQuery Group ForestRoot -Name "New"
DSQuery Group ForestRoot -Name "New*"
Click Start -> Run -> Cmd.exe -> OK
DSQuery Group -Name "New"
DSQuery Group -Name "New*"
DSQuery Group ForestRoot -Name "New"
DSQuery Group ForestRoot -Name "New*"
ASKER
Farhan...
For this command i get the CN= Path
DSQuery Group ForestRoot -Name "New"
For this command i get the CN= Path
DSQuery Group ForestRoot -Name "New"
Can you please post that DN.
ASKER
Here it is...
C:\>DSQuery Group ForestRoot -Name "New"
"CN=New,OU=Distribution Groups,DC=Group,DC=co,DC=u k"
C:\>DSQuery Group ForestRoot -Name "New"
"CN=New,OU=Distribution Groups,DC=Group,DC=co,DC=u
Following statement will list the users and contacts that are not member of "New" Group.
Click Start -> Run -> Cmd.exe -> OK
DSQuery * ForestRoot -Filter "(&(objectCategory=user)(! memberOf=C N=New,OU=D istributio n Groups,DC=Group,DC=co,DC=u k))" -Limit 0
Click Start -> Run -> Cmd.exe -> OK
DSQuery * ForestRoot -Filter "(&(objectCategory=user)(!
ASKER
Farhan
I get all the user names in the Domain with the OU path...
I get all the user names in the Domain with the OU path...
ASKER
Farhan what i want is this...
Find all users in the domain who are not a member of any group except 1 group called "New"
So the users that i need to get as output would be users that have "New" and "Domain users " as the members of for each user.Only these 2 groups has to be in the member of.
Find all users in the domain who are not a member of any group except 1 group called "New"
So the users that i need to get as output would be users that have "New" and "Domain users " as the members of for each user.Only these 2 groups has to be in the member of.
Sharath,
All the users are by default member of Domain users and if you get the members info from the group New it will give you the list of users.
:-)
regards
Chandru
All the users are by default member of Domain users and if you get the members info from the group New it will give you the list of users.
:-)
regards
Chandru
ASKER
Ya...But the same users who are a member of "New" are even members of many other groups.I want a way the script will leave "Domain Users" as default and find just users who are just a member of "New" and they dont have any other group as a member.
So you want the list of users who are only part of New? Is that you want?
ASKER
No
I want users who are part of "New" and just "New".
Users who are not a member of any group other group other than "New"
I want users who are part of "New" and just "New".
Users who are not a member of any group other group other than "New"
Can you give us some example as it seems to be confusing?
regards
Chandru
regards
Chandru
ASKER
Ok
A user "Sharath" is a member of 4 groups.
A user "Reddy" is a member of just 1 group called "New"
So i want the script to query with all users and get just "Reddy" as he is only the user who is a member of 1 group called "new"
"Sharath" should not come as output as he is a member of new but is also a member of 3 other groups.
So the results should have users that are a member of the group "New" but should have no other group as member's .
A user "Sharath" is a member of 4 groups.
A user "Reddy" is a member of just 1 group called "New"
So i want the script to query with all users and get just "Reddy" as he is only the user who is a member of 1 group called "new"
"Sharath" should not come as output as he is a member of new but is also a member of 3 other groups.
So the results should have users that are a member of the group "New" but should have no other group as member's .
Hope i was clear in the pervious post as in the situation you explained above you can just get the member of new Group.
:-)
regards
Chandru
:-)
regards
Chandru
ASKER
But the members of the group "New" many users are members of other groups also....
I have scripts to get all users from a group.But they display all the users in the Domain.As every user in the Domain is a member of the group "New"
I have scripts to get all users from a group.But they display all the users in the Domain.As every user in the Domain is a member of the group "New"
ASKER
Any help on this....
ASKER
any help...
It is still confusing what is that you want?
ASKER
Chandru,
I have all users who have to be in a group other than the Domain users.
I have 3,000 users totally.
I have a group call "new"
Inside the group "New" i have 2,000 users (Approximately)
Other 1000 users are not a member of the group "New"
So i just want to find users who are not a member of this group "New"
So that i can add them,
I can always add all users to the group new but my issue is the 500 users who are external users and should not be part of this group.
As they are external and should not receive mails sent to them.
A script that can check all users in a OU with the Group and find just users who are not a member of this group.There i shall get just users who are not members of the group.
I have all users who have to be in a group other than the Domain users.
I have 3,000 users totally.
I have a group call "new"
Inside the group "New" i have 2,000 users (Approximately)
Other 1000 users are not a member of the group "New"
So i just want to find users who are not a member of this group "New"
So that i can add them,
I can always add all users to the group new but my issue is the 500 users who are external users and should not be part of this group.
As they are external and should not receive mails sent to them.
A script that can check all users in a OU with the Group and find just users who are not a member of this group.There i shall get just users who are not members of the group.
ASKER
Here is a link which i feel relates to this query.
http://www.tek-tips.com/viewthread.cfm?qid=1414650&page=1
Can you take this as a start and buid the scrpt...
http://www.tek-tips.com/viewthread.cfm?qid=1414650&page=1
Can you take this as a start and buid the scrpt...
Thanks Sharath for the link! I will have a look at this now
Sharath,
Try this............
Option Explicit
Dim objRootDSE, strDNSDomain, objCommand, objConnection
Dim strBase, strFilter, strAttributes, strQuery, objRecordSet
Dim strNTName, strDN, objMemberof, strlist, strSAM
Dim objgroup
' Determine DNS domain name.
Set objRootDSE = GetObject("LDAP://RootDSE" )
strDNSDomain = objRootDSE.Get("defaultNam ingContext ")
' Use ADO to search Active Directory.
Set objCommand = CreateObject("ADODB.Comman d")
Set objConnection = CreateObject("ADODB.Connec tion")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnectio n = objConnection
' Search entire domain.
strBase = "<LDAP://" & strDNSDomain & ">"
' Filter on contacts
strFilter = "(objectCategory=person)(o bjectClass =user)(!(m emberOf=CN =SecurityG roupName,O U=AnOU,DC= domain,DC= com))"
' Comma delimited list of attribute values to retrieve.
strAttributes = "cn,distinguishedName,adsp ath,member Of,samacco untname"
' Construct the ADO query, using LDAP syntax.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
' Run the query.
objCommand.CommandText = strQuery
objCommand.Properties("Pag e Size") = 100
objCommand.Properties("Tim eout") = 30
objCommand.Properties("Cac he Results") = False
Set objRecordSet = objCommand.Execute
' Enumerate the recordset and output the values retrieved in
' comma delimited format.
Do Until objRecordSet.EOF
strNTName = objRecordSet.Fields("cn"). Value
strDN = objRecordSet.Fields("disti nguishedNa me").Value
strSAM = objRecordSet.Fields("samac countname" ).Value
Wscript.Echo strNTName
objRecordSet.MoveNext
Loop
objRecordSet.Close
' Clean up.
objConnection.Close
Set objRootDSE = Nothing
Set objCommand = Nothing
Set objConnection = Nothing
Set objRecordSet = Nothing
'============
Change the group distinguised name?
regards
Chandru
Try this............
Option Explicit
Dim objRootDSE, strDNSDomain, objCommand, objConnection
Dim strBase, strFilter, strAttributes, strQuery, objRecordSet
Dim strNTName, strDN, objMemberof, strlist, strSAM
Dim objgroup
' Determine DNS domain name.
Set objRootDSE = GetObject("LDAP://RootDSE"
strDNSDomain = objRootDSE.Get("defaultNam
' Use ADO to search Active Directory.
Set objCommand = CreateObject("ADODB.Comman
Set objConnection = CreateObject("ADODB.Connec
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnectio
' Search entire domain.
strBase = "<LDAP://" & strDNSDomain & ">"
' Filter on contacts
strFilter = "(objectCategory=person)(o
' Comma delimited list of attribute values to retrieve.
strAttributes = "cn,distinguishedName,adsp
' Construct the ADO query, using LDAP syntax.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
' Run the query.
objCommand.CommandText = strQuery
objCommand.Properties("Pag
objCommand.Properties("Tim
objCommand.Properties("Cac
Set objRecordSet = objCommand.Execute
' Enumerate the recordset and output the values retrieved in
' comma delimited format.
Do Until objRecordSet.EOF
strNTName = objRecordSet.Fields("cn").
strDN = objRecordSet.Fields("disti
strSAM = objRecordSet.Fields("samac
Wscript.Echo strNTName
objRecordSet.MoveNext
Loop
objRecordSet.Close
' Clean up.
objConnection.Close
Set objRootDSE = Nothing
Set objCommand = Nothing
Set objConnection = Nothing
Set objRecordSet = Nothing
'============
Change the group distinguised name?
regards
Chandru
ASKER
Chandru i get this..
C:\>"Get all users other than 1 group.vbs"
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
C:\Get all users other than 1 group.vbs(36, 1) Provider: One or more errors occu
rred during processing of command.
C:\>"Get all users other than 1 group.vbs"
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
C:\Get all users other than 1 group.vbs(36, 1) Provider: One or more errors occu
rred during processing of command.
Whoops! Sorry didn't test the code
Here is the tested code.....
'Script starts here
Option Explicit
Dim objRootDSE, strDNSDomain, objCommand, objConnection
Dim strBase, strFilter, strAttributes, strQuery, objRecordSet
Dim strNTName, strDN, objMemberof, strlist, strSAM
Dim objgroup
' Determine DNS domain name.
Set objRootDSE = GetObject("LDAP://RootDSE" )
strDNSDomain = objRootDSE.Get("defaultNam ingContext ")
' Use ADO to search Active Directory.
Set objCommand = CreateObject("ADODB.Comman d")
Set objConnection = CreateObject("ADODB.Connec tion")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnectio n = objConnection
' Search entire domain.
strBase = "<LDAP://" & strDNSDomain & ">"
' Filter on contacts
strFilter = "(&(&(&(objectCategory=per son)(objec tClass=use r)(!(membe rOf=CN=Tes t group,OU=Distribution groups,OU=India,DC=isoft,D C=group,DC =uk)))))"
' Comma delimited list of attribute values to retrieve.
strAttributes = "cn,distinguishedName,adsp ath,member Of,samacco untname"
' Construct the ADO query, using LDAP syntax.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
' Run the query.
objCommand.CommandText = strQuery
objCommand.Properties("Pag e Size") = 100
objCommand.Properties("Tim eout") = 30
objCommand.Properties("Cac he Results") = False
Set objRecordSet = objCommand.Execute
' Enumerate the recordset and output the values retrieved in
' comma delimited format.
Do Until objRecordSet.EOF
strNTName = objRecordSet.Fields("cn"). Value
strDN = objRecordSet.Fields("disti nguishedNa me").Value
strSAM = objRecordSet.Fields("samac countname" ).Value
Wscript.Echo strNTName
objRecordSet.MoveNext
Loop
objRecordSet.Close
' Clean up.
objConnection.Close
Set objRootDSE = Nothing
Set objCommand = Nothing
Set objConnection = Nothing
Set objRecordSet = Nothing
'============
Here is the tested code.....
'Script starts here
Option Explicit
Dim objRootDSE, strDNSDomain, objCommand, objConnection
Dim strBase, strFilter, strAttributes, strQuery, objRecordSet
Dim strNTName, strDN, objMemberof, strlist, strSAM
Dim objgroup
' Determine DNS domain name.
Set objRootDSE = GetObject("LDAP://RootDSE"
strDNSDomain = objRootDSE.Get("defaultNam
' Use ADO to search Active Directory.
Set objCommand = CreateObject("ADODB.Comman
Set objConnection = CreateObject("ADODB.Connec
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnectio
' Search entire domain.
strBase = "<LDAP://" & strDNSDomain & ">"
' Filter on contacts
strFilter = "(&(&(&(objectCategory=per
' Comma delimited list of attribute values to retrieve.
strAttributes = "cn,distinguishedName,adsp
' Construct the ADO query, using LDAP syntax.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
' Run the query.
objCommand.CommandText = strQuery
objCommand.Properties("Pag
objCommand.Properties("Tim
objCommand.Properties("Cac
Set objRecordSet = objCommand.Execute
' Enumerate the recordset and output the values retrieved in
' comma delimited format.
Do Until objRecordSet.EOF
strNTName = objRecordSet.Fields("cn").
strDN = objRecordSet.Fields("disti
strSAM = objRecordSet.Fields("samac
Wscript.Echo strNTName
objRecordSet.MoveNext
Loop
objRecordSet.Close
' Clean up.
objConnection.Close
Set objRootDSE = Nothing
Set objCommand = Nothing
Set objConnection = Nothing
Set objRecordSet = Nothing
'============
ASKER
Chandru does this script get all users who are in the group or gets who are all not in the group.
I get all the users in the Domain.
The group whose name is in the file has 1000's of users and groups inside it i have many users.So the script has to exlude everyone and get missing users comparing the users.
I get all the users in the Domain.
The group whose name is in the file has 1000's of users and groups inside it i have many users.So the script has to exlude everyone and get missing users comparing the users.
It exlcudes the users. Just check with one user and see
regards
Chandru
regards
Chandru
ASKER
Is this the only line i need to change.
strFilter = "(&(&(&(objectCategory=per son)(objec tClass=use r)(!(membe rOf=CN=Tes t group,OU=Distribution groups,OU=India,DC=isoft,D C=group,DC =uk)))))"
With or without this i get the same results
strFilter = "(&(&(&(objectCategory=per
With or without this i get the same results
Yes. So the filter is not working
Try this.... and it works
strFilter = "(&(&(objectCategory=user) (!(memberO f=CN=Test group,OU=Distribution groups,OU=India,DC=isoft,D C=group,DC =uk))))"
regards
Chandru
strFilter = "(&(&(objectCategory=user)
regards
Chandru
ASKER
Still get the same all users in the domain as results.
even though the domainname is wrong it gives the same results
even though the domainname is wrong it gives the same results
I tried with the correct domain name and it has given me the list in my domain
Can you post the complete with your domain info?
Can you post the complete with your domain info?
ASKER
here is the whole code...
'Script starts here
Option Explicit
Dim objRootDSE, strDNSDomain, objCommand, objConnection
Dim strBase, strFilter, strAttributes, strQuery, objRecordSet
Dim strNTName, strDN, objMemberof, strlist, strSAM
Dim objgroup
' Determine DNS domain name.
Set objRootDSE = GetObject("LDAP://RootDSE" )
strDNSDomain = objRootDSE.Get("defaultNam ingContext ")
' Use ADO to search Active Directory.
Set objCommand = CreateObject("ADODB.Comman d")
Set objConnection = CreateObject("ADODB.Connec tion")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnectio n = objConnection
' Search entire domain.
strBase = "<LDAP://" & strDNSDomain & ">"
' Filter on contacts
strFilter = "(&(&(objectCategory=user) (!(memberO f=CN=Chenn ai,OU=Dist ribution Groups,DC=Group,DC=co,)))) "
' Comma delimited list of attribute values to retrieve.
strAttributes = "cn,distinguishedName,adsp ath,member Of,samacco untname"
' Construct the ADO query, using LDAP syntax.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
' Run the query.
objCommand.CommandText = strQuery
objCommand.Properties("Pag e Size") = 100
objCommand.Properties("Tim eout") = 30
objCommand.Properties("Cac he Results") = False
Set objRecordSet = objCommand.Execute
' Enumerate the recordset and output the values retrieved in
' comma delimited format.
Do Until objRecordSet.EOF
strNTName = objRecordSet.Fields("cn"). Value
strDN = objRecordSet.Fields("disti nguishedNa me").Value
strSAM = objRecordSet.Fields("samac countname" ).Value
Wscript.Echo strNTName
objRecordSet.MoveNext
Loop
objRecordSet.Close
' Clean up.
objConnection.Close
Set objRootDSE = Nothing
Set objCommand = Nothing
Set objConnection = Nothing
Set objRecordSet = Nothing
'============
'Script starts here
Option Explicit
Dim objRootDSE, strDNSDomain, objCommand, objConnection
Dim strBase, strFilter, strAttributes, strQuery, objRecordSet
Dim strNTName, strDN, objMemberof, strlist, strSAM
Dim objgroup
' Determine DNS domain name.
Set objRootDSE = GetObject("LDAP://RootDSE"
strDNSDomain = objRootDSE.Get("defaultNam
' Use ADO to search Active Directory.
Set objCommand = CreateObject("ADODB.Comman
Set objConnection = CreateObject("ADODB.Connec
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnectio
' Search entire domain.
strBase = "<LDAP://" & strDNSDomain & ">"
' Filter on contacts
strFilter = "(&(&(objectCategory=user)
' Comma delimited list of attribute values to retrieve.
strAttributes = "cn,distinguishedName,adsp
' Construct the ADO query, using LDAP syntax.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
' Run the query.
objCommand.CommandText = strQuery
objCommand.Properties("Pag
objCommand.Properties("Tim
objCommand.Properties("Cac
Set objRecordSet = objCommand.Execute
' Enumerate the recordset and output the values retrieved in
' comma delimited format.
Do Until objRecordSet.EOF
strNTName = objRecordSet.Fields("cn").
strDN = objRecordSet.Fields("disti
strSAM = objRecordSet.Fields("samac
Wscript.Echo strNTName
objRecordSet.MoveNext
Loop
objRecordSet.Close
' Clean up.
objConnection.Close
Set objRootDSE = Nothing
Set objCommand = Nothing
Set objConnection = Nothing
Set objRecordSet = Nothing
'============
Can you put the search filter in the custom search in (Saved queries) it will list you all the users
(&(&(objectCategory=user)( !(memberOf =CN=Chenna i,OU=Distr ibution Groups,DC=Group,DC=co,))))
I tried and it is working fine.
I think the above is not the correct one :-) as it has got a comma at the end -- DC=co,
regards
Chandru
(&(&(objectCategory=user)(
I tried and it is working fine.
I think the above is not the correct one :-) as it has got a comma at the end -- DC=co,
regards
Chandru
ASKER
I cannot do a Custom search in saved queries as it shows only my local Domain as the highest leavel.
But the group is there in the Root Domain
I tried this even then but get all the users in the Domain listed there.
But the group is there in the Root Domain
I tried this even then but get all the users in the Domain listed there.
I am not sure why it is not working. Let me try is there any other way.
It is working for me.
It is working for me.
Sharath,
Tyr this in the Custom LDAP query to find all the users part of the Chennai Group
(&(&(objectCategory=person )(objectCl ass=user) (&(memberof=memberOf=CN=Ch ennai,OU=D istributio n Groups,DC=Group,DC=co))))
The try this to exclude all the users part of Chennai group
(&(&(objectCategory=person )(objectCl ass=user) (&(!memberof=memberOf=CN=C hennai,OU= Distributi on Groups,DC=Group,DC=co))))
this works as i have checked the count between the total users and the users in the group
regards
Chandru
Tyr this in the Custom LDAP query to find all the users part of the Chennai Group
(&(&(objectCategory=person
The try this to exclude all the users part of Chennai group
(&(&(objectCategory=person
this works as i have checked the count between the total users and the users in the group
regards
Chandru
Delete one memberof= from the strfilter
regards
Chandru
regards
Chandru
Here is the complete code....
'Script starts here
Option Explicit
Dim objRootDSE, strDNSDomain, objCommand, objConnection
Dim strBase, strFilter, strAttributes, strQuery, objRecordSet
Dim strNTName, strDN, objMemberof, strlist, strSAM
Dim objgroup
' Determine DNS domain name.
Set objRootDSE = GetObject("LDAP://RootDSE" )
strDNSDomain = objRootDSE.Get("defaultNam ingContext ")
' Use ADO to search Active Directory.
Set objCommand = CreateObject("ADODB.Comman d")
Set objConnection = CreateObject("ADODB.Connec tion")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnectio n = objConnection
' Search entire domain.
strBase = "<LDAP://" & strDNSDomain & ">"
' Filter on contacts
strFilter = "(&(&(objectCategory=perso n)(objectC lass=user) (&(!memberOf=CN=Chennai,OU =Distribut ion Groups,DC=Group,DC=co))))"
' Comma delimited list of attribute values to retrieve.
strAttributes = "cn,distinguishedName,adsp ath,member Of,samacco untname"
' Construct the ADO query, using LDAP syntax.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
' Run the query.
objCommand.CommandText = strQuery
objCommand.Properties("Pag e Size") = 100
objCommand.Properties("Tim eout") = 30
objCommand.Properties("Cac he Results") = False
Set objRecordSet = objCommand.Execute
' Enumerate the recordset and output the values retrieved in
' comma delimited format.
Do Until objRecordSet.EOF
strNTName = objRecordSet.Fields("cn"). Value
strDN = objRecordSet.Fields("disti nguishedNa me").Value
strSAM = objRecordSet.Fields("samac countname" ).Value
Wscript.Echo strNTName
objRecordSet.MoveNext
Loop
objRecordSet.Close
' Clean up.
objConnection.Close
Set objRootDSE = Nothing
Set objCommand = Nothing
Set objConnection = Nothing
Set objRecordSet = Nothing
'============
regards
Chandru
'Script starts here
Option Explicit
Dim objRootDSE, strDNSDomain, objCommand, objConnection
Dim strBase, strFilter, strAttributes, strQuery, objRecordSet
Dim strNTName, strDN, objMemberof, strlist, strSAM
Dim objgroup
' Determine DNS domain name.
Set objRootDSE = GetObject("LDAP://RootDSE"
strDNSDomain = objRootDSE.Get("defaultNam
' Use ADO to search Active Directory.
Set objCommand = CreateObject("ADODB.Comman
Set objConnection = CreateObject("ADODB.Connec
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnectio
' Search entire domain.
strBase = "<LDAP://" & strDNSDomain & ">"
' Filter on contacts
strFilter = "(&(&(objectCategory=perso
' Comma delimited list of attribute values to retrieve.
strAttributes = "cn,distinguishedName,adsp
' Construct the ADO query, using LDAP syntax.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
' Run the query.
objCommand.CommandText = strQuery
objCommand.Properties("Pag
objCommand.Properties("Tim
objCommand.Properties("Cac
Set objRecordSet = objCommand.Execute
' Enumerate the recordset and output the values retrieved in
' comma delimited format.
Do Until objRecordSet.EOF
strNTName = objRecordSet.Fields("cn").
strDN = objRecordSet.Fields("disti
strSAM = objRecordSet.Fields("samac
Wscript.Echo strNTName
objRecordSet.MoveNext
Loop
objRecordSet.Close
' Clean up.
objConnection.Close
Set objRootDSE = Nothing
Set objCommand = Nothing
Set objConnection = Nothing
Set objRecordSet = Nothing
'============
regards
Chandru
Did you try the above script? Just wanted to see what is the result you get
regards
Chandru
regards
Chandru
ASKER
Even this shows all users.
Can we try this.
One code to get all users in the Domain to a file.
Another code to get all users in the group.So that i can put both in excel and compare them.
This needs to work for the root domain too.
Can we try this.
One code to get all users in the Domain to a file.
Another code to get all users in the group.So that i can put both in excel and compare them.
This needs to work for the root domain too.
Sharath,
Can you make sure you are putting the CN for the group correctly as i run this in my domain and gives the result?
Did you try this in the ADUC console?
regards
Chandru
Can you make sure you are putting the CN for the group correctly as i run this in my domain and gives the result?
Did you try this in the ADUC console?
regards
Chandru
ASKER
Chandru is there any thing we need to change for a Security group.
I just changed the group name and checked with a Distribution group.I feel it worked.
When i try the same way with this group "Chennai" i get all users.
And one more thing.
Chennai is one group and i have similar groups in the same OU like
Chennaii
Chennaiii
So on is there some issue by this
I just changed the group name and checked with a Distribution group.I feel it worked.
When i try the same way with this group "Chennai" i get all users.
And one more thing.
Chennai is one group and i have similar groups in the same OU like
Chennaii
Chennaiii
So on is there some issue by this
ASKER
Chandru i think that's not the issue.
There are groups inside these groups
Chennai has very less users and many groups inside them.So i think the script does not fetch users inside groups.
I mean exclude users inside groups.
There are groups inside these groups
Chennai has very less users and many groups inside them.So i think the script does not fetch users inside groups.
I mean exclude users inside groups.
No it shouldn't be an issue as we are specifying the distinguised name of the Group.
Can you move the group to different OU and try only with that group?
It worked or you feel it worked
regards
Chandru
Can you move the group to different OU and try only with that group?
It worked or you feel it worked
regards
Chandru
From the question i think you were asking only for the users who are not part of the group.
Did this script give you the desired result?
regards
Chandru
Did this script give you the desired result?
regards
Chandru
ASKER
I checked it again on a dis and sec groups they worked.
But not with groups who have the groups inside groups.Nested groups it does not exclude.
But not with groups who have the groups inside groups.Nested groups it does not exclude.
If you run on a groups which has groups what is the result you get?
regards
Chandru
regards
Chandru
ASKER
I get all the users in the domain as results
I tried with a group which has groups and it gives me only the users from the groups.
I would say you try with ADUC console and see what is the output you get with the queries.
regards
Chandru
I would say you try with ADUC console and see what is the output you get with the queries.
regards
Chandru
ASKER
>>I would say you try with ADUC console and see what is the output you get with the queries.
Which should i use here...
So just to clarify what my requirment is...
Get all the users who are not in the group "Chennai"
Exclude all the users and members of the group withing group.
So if i have 10 users 5 direcly members in the group and 3 within another group which is a member of "Chennai"
The output should be only 2 users...
Which should i use here...
So just to clarify what my requirment is...
Get all the users who are not in the group "Chennai"
Exclude all the users and members of the group withing group.
So if i have 10 users 5 direcly members in the group and 3 within another group which is a member of "Chennai"
The output should be only 2 users...
ASKER
Any help on this...
ASKER
Any help....
ASKER
Farhan and Chandru any help on this....
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I get this...
-------------------------- -
Windows Script Host
-------------------------- -
Script: C:\Documents and Settings\sharathr\Desktop\ Find users only in New.vbs
Line: 4
Char: 114
Error: Expected end of statement
Code: 800A0401
Source: Microsoft VBScript compilation error
-------------------------- -
OK
-------------------------- -
--------------------------
Windows Script Host
--------------------------
Script: C:\Documents and Settings\sharathr\Desktop\
Line: 4
Char: 114
Error: Expected end of statement
Code: 800A0401
Source: Microsoft VBScript compilation error
--------------------------
OK
--------------------------
Oops, on line 4, can you press Enter with the cursor before strResults.
It should be two lines
Set objGroup = GetObject("LDAP:\\CN=New,O U=Distribu tion Groups,DC=Group,DC=co,DC=u k")
strResults = "Users who are only members of " & objGroup.ADsPath
Rob.
It should be two lines
Set objGroup = GetObject("LDAP:\\CN=New,O
strResults = "Users who are only members of " & objGroup.ADsPath
Rob.
ASKER
I think this line had to be like this.
Set objGroup = GetObject("LDAP:\\CN=New,O U=Distribu tion Groups,DC=Group,DC=co,DC=u k")strResu lts = "Users who are only members of " & objGroup.ADsPath
After the change i get this...
-------------------------- -
Windows Script Host
-------------------------- -
Script: C:\Documents and Settings\sharathr\Desktop\ Find users only in New.vbs
Line: 4
Char: 1
Error: 0x80005000
Code: 80005000
Source: (null)
-------------------------- -
OK
-------------------------- -
Set objGroup = GetObject("LDAP:\\CN=New,O
After the change i get this...
--------------------------
Windows Script Host
--------------------------
Script: C:\Documents and Settings\sharathr\Desktop\
Line: 4
Char: 1
Error: 0x80005000
Code: 80005000
Source: (null)
--------------------------
OK
--------------------------
ASKER
Rob i changed the line like this...
Set objGroup = GetObject("LDAP:\\CN=New,O U=Distribu tion Groups,DC=Group,DC=co,DC=u k")
strResults = "Users who are only members of " & objGroup.ADsPath
I get this...
-------------------------- -
Windows Script Host
-------------------------- -
Script: C:\Documents and Settings\sharathr\Desktop\ Find users only in New.vbs
Line: 4
Char: 1
Error: 0x80005000
Code: 80005000
Source: (null)
-------------------------- -
OK
-------------------------- -
Set objGroup = GetObject("LDAP:\\CN=New,O
strResults = "Users who are only members of " & objGroup.ADsPath
I get this...
--------------------------
Windows Script Host
--------------------------
Script: C:\Documents and Settings\sharathr\Desktop\
Line: 4
Char: 1
Error: 0x80005000
Code: 80005000
Source: (null)
--------------------------
OK
--------------------------
Is the LDAP string path to the New group correct? Can you verify the path?
Rob.
Rob.
ASKER
It is correct...
I even checked with child Domain groups but the same message.
I even checked with child Domain groups but the same message.
Oh WHOOPS! My mistake! Sorry!
Change the two slashes from \\ to //
Regards,
Rob.
Change the two slashes from \\ to //
Regards,
Rob.
ASKER
Tthanks Rob i think this works .Can you tell me how to redirect the results to a file.
ASKER
Thanks a lot Rob.
This script gets all users who are only a member of the specified group and dont have any other groups in them. Am i right Rob...
This script gets all users who are only a member of the specified group and dont have any other groups in them. Am i right Rob...
Great, sure Sharath, this will output the results to a text file:
'=================
' Display_Users_From_Specifi c_Group_Th at_Are_ONL Y_In_That_ Group.vbs
' https://www.experts-exchange.com/questions/22916946/Find-all-users-in-the-domain-who-are-not-a-member-of-any-group-except-1-group-called-New.html
strOutputFile = Replace(WScript.ScriptFull Name, WScript.ScriptName, "") & "Users_Only_In_One_Group.t xt"
Set objGroup = GetObject("LDAP:\\CN=New,O U=Distribu tion Groups,DC=Group,DC=co,DC=u k")strResu lts = "Users who are only members of " & objGroup.ADsPath
For Each objMember In objGroup.Members
If LCase(objMember.Class) = "user" Then
Set objUser = GetObject(objMember.ADsPat h)
intGroups = 0
For Each objMemberOf In objUser.GetEx("memberOf")
intGroups = intGroups + 1
Next
If intGroups = 1 Then strResults = strResults & VbCrLf & objUser.ADsPath
End If
Next
'MsgBox strResults
Set objFSO = CreateObject("Scripting.Fi leSystemOb ject")
Set objOutputFile = objFSO.CreateTextFile(strO utputFile, True)
objOutputFile.Write strResults
objOutputFile.Close
Set objOutputFile = Nothing
Set objFSO = Nothing
MsgBox "Finished"
'=================
And yes, the script gets all users who are only a member of the specified group and are NOT a member of any other group (except Domain Users).
At least it should, but as always, do some testing....
Regards,
Rob.
'=================
' Display_Users_From_Specifi
' https://www.experts-exchange.com/questions/22916946/Find-all-users-in-the-domain-who-are-not-a-member-of-any-group-except-1-group-called-New.html
strOutputFile = Replace(WScript.ScriptFull
Set objGroup = GetObject("LDAP:\\CN=New,O
For Each objMember In objGroup.Members
If LCase(objMember.Class) = "user" Then
Set objUser = GetObject(objMember.ADsPat
intGroups = 0
For Each objMemberOf In objUser.GetEx("memberOf")
intGroups = intGroups + 1
Next
If intGroups = 1 Then strResults = strResults & VbCrLf & objUser.ADsPath
End If
Next
'MsgBox strResults
Set objFSO = CreateObject("Scripting.Fi
Set objOutputFile = objFSO.CreateTextFile(strO
objOutputFile.Write strResults
objOutputFile.Close
Set objOutputFile = Nothing
Set objFSO = Nothing
MsgBox "Finished"
'=================
And yes, the script gets all users who are only a member of the specified group and are NOT a member of any other group (except Domain Users).
At least it should, but as always, do some testing....
Regards,
Rob.
ASKER
Thanks a lot Rob this works great have done a lot of testing with the script...
ASKER
Final script with the changes...
'=================
' Display_Users_From_Specifi c_Group_Th at_Are_ONL Y_In_That_ Group.vbs
' https://www.experts-exchange.com/questions/22916946/Find-all-users-in-the-domain-who-are-not-a-member-of-any-group-except-1-group-called-New.html
strOutputFile = Replace(WScript.ScriptFull Name, WScript.ScriptName, "") & "Users_Only_In_One_Group.t xt"
Set objGroup = GetObject("LDAP://CN=Group ,OU=Distri bution Groups,DC=Group,DC=co,DC=u k")
strResults = "Users who are only members of " & objGroup.ADsPath
For Each objMember In objGroup.Members
If LCase(objMember.Class) = "user" Then
Set objUser = GetObject(objMember.ADsPat h)
intGroups = 0
For Each objMemberOf In objUser.GetEx("memberOf")
intGroups = intGroups + 1
Next
If intGroups = 1 Then strResults = strResults & VbCrLf & objUser.ADsPath
End If
Next
'MsgBox strResults
Set objFSO = CreateObject("Scripting.Fi leSystemOb ject")
Set objOutputFile = objFSO.CreateTextFile(strO utputFile, True)
objOutputFile.Write strResults
objOutputFile.Close
Set objOutputFile = Nothing
Set objFSO = Nothing
MsgBox "Finished"
'=================
'=================
' Display_Users_From_Specifi
' https://www.experts-exchange.com/questions/22916946/Find-all-users-in-the-domain-who-are-not-a-member-of-any-group-except-1-group-called-New.html
strOutputFile = Replace(WScript.ScriptFull
Set objGroup = GetObject("LDAP://CN=Group
strResults = "Users who are only members of " & objGroup.ADsPath
For Each objMember In objGroup.Members
If LCase(objMember.Class) = "user" Then
Set objUser = GetObject(objMember.ADsPat
intGroups = 0
For Each objMemberOf In objUser.GetEx("memberOf")
intGroups = intGroups + 1
Next
If intGroups = 1 Then strResults = strResults & VbCrLf & objUser.ADsPath
End If
Next
'MsgBox strResults
Set objFSO = CreateObject("Scripting.Fi
Set objOutputFile = objFSO.CreateTextFile(strO
objOutputFile.Write strResults
objOutputFile.Close
Set objOutputFile = Nothing
Set objFSO = Nothing
MsgBox "Finished"
'=================
filePath = InputBox("Give the name of the file where to export:", "Export To","c:\OnlyNewCount.txt")
newGroup = InputBox("List users who are only member of:", "Only member of","New")
Const ForWriting = 2
Set objFSO = CreateObject("Scripting.Fi
Set objTextFile = objFSO.OpenTextFile(filepa
Set rootDSE = GetObject("LDAP://RootDSE"
DomainContainer = rootDSE.Get("defaultNaming
Set conn = CreateObject("ADODB.Connec
conn.Provider = "ADSDSOObject"
conn.Open "ADs Provider"
strLDAP = "<LDAP://" & DomainContainer & ">;(objectCategory=user);a
Set oComm = CreateObject("ADODB.Comman
oComm.ActiveConnection = conn
oComm.CommandText = strLDAP
Set rs = oComm.Execute
on error resume next
While Not rs.EOF
Set FoundObject = GetObject (rs.Fields(0).Value)
count = 0
objmemberOf = FoundObject.GetEx("memberO
For Each objGroup in objmemberOf
group = Mid(objGroup, 4, (InStr(objGroup, ",")-4))
count = count + 1
Next
If ((group = newGroup) and (count = 1)) Then
objTextFile.writeLine(Foun
end if
rs.MoveNext
Wend
MsgBox "Processing Complete!!"