List Users in an ADS Group

Hi,

I am wanting to list all the users in an ADS group, but there are groups within this group, and possibly groups with in these child groups.  (I didn't set this up!!)

I would like the output to show all the users in the parent group, all child groups with all their members and any groups there, and so on.  I need this to get a list of all users which have permissions on a set of resources.  I realise I can do this manually, but it's a total mess and will take ages, so an automated way would be very useful.

If this question doesn't make sense, please let me know and I'll do my best to clarify!

Thanks for your help!
DakAsked:
Who is Participating?
 
Jared LukerCommented:
I think that I should get the points.  I provided a script that I think does what the author was looking for
0
 
Eagle6990Commented:
I don't know for sure if this will just list another group or actually break out everyone but try this command just for fun.

net group "Groupname" /domain

It should list all of the members of the group, but I don't know what a nested group will do.
0
 
DakAuthor Commented:
Hi there!

Thanks for the suggestion, but this only displays the users in the group and not any groups in there, or any sub groups.

Any other thoughts?

Cheers.
0
 
DakAuthor Commented:
Hi there,

I am very interested in finding a resolution to this question, but there does not seem to be any forthcoming answers.  I have responded to all comments added to the thread, and have in no way abondoned it.

If you feel the need to close the call, then do so but I would prefer an answer to the query before you do so.

Thanks.
0
 
Jared LukerCommented:
This worked out pretty good for me... you'll have to change the strGroupDN to match your domain, but it seems to work pretty well.

'Listing 1: Enum_groups.vbs

option explicit

Dim objArgs, strGroupDN
set objArgs = WScript.Arguments
if objArgs.Count <> 1 then
   Dim objRootDSE
   set objRootDSE = GetObject("LDAP://RootDSE")
   strGroupDN = "cn=Domain Admins,cn=users," & objRootDSE.Get("defaultNamingContext")
else
   strGroupDN = objArgs.Item(0)
end if

Dim dicSeenGroupMember
set dicSeenGroupMember = CreateObject("Scripting.Dictionary")
Wscript.Echo "Members of " & strGroupDN & ":"
DisplayMembers "LDAP://" & strGroupDN, " ", dicSeenGroupMember

Function DisplayMembers (strGroupADsPath, strSpaces, dicSeenGroupMember)

   Dim objGroup, objMember
   set objGroup = GetObject(strGroupADsPath)
   for each objMember In objGroup.Members

      Wscript.Echo strSpaces & objMember.Get("distinguishedname")
      if objMember.Class = "group" then

         if dicSeenGroupMember.Exists(objMember.ADsPath) then
            Wscript.Echo strSpaces & "   ^ already seen group member " & _
                                     "(stopping to avoid loop)"
         else
            dicSeenGroupMember.Add objMember.ADsPath, 1
            DisplayMembers objMember.ADsPath, strSpaces & "  ", _
                           dicSeenGroupMember
         end if

      end if

   next
End Function

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.