Dak
asked on
List Users in an ADS Group
Hi,
I am wanting to list all the users in an ADS group, but there are groups within this group, and possibly groups with in these child groups. (I didn't set this up!!)
I would like the output to show all the users in the parent group, all child groups with all their members and any groups there, and so on. I need this to get a list of all users which have permissions on a set of resources. I realise I can do this manually, but it's a total mess and will take ages, so an automated way would be very useful.
If this question doesn't make sense, please let me know and I'll do my best to clarify!
Thanks for your help!
I am wanting to list all the users in an ADS group, but there are groups within this group, and possibly groups with in these child groups. (I didn't set this up!!)
I would like the output to show all the users in the parent group, all child groups with all their members and any groups there, and so on. I need this to get a list of all users which have permissions on a set of resources. I realise I can do this manually, but it's a total mess and will take ages, so an automated way would be very useful.
If this question doesn't make sense, please let me know and I'll do my best to clarify!
Thanks for your help!
ASKER
Hi there!
Thanks for the suggestion, but this only displays the users in the group and not any groups in there, or any sub groups.
Any other thoughts?
Cheers.
Thanks for the suggestion, but this only displays the users in the group and not any groups in there, or any sub groups.
Any other thoughts?
Cheers.
ASKER
Hi there,
I am very interested in finding a resolution to this question, but there does not seem to be any forthcoming answers. I have responded to all comments added to the thread, and have in no way abondoned it.
If you feel the need to close the call, then do so but I would prefer an answer to the query before you do so.
Thanks.
I am very interested in finding a resolution to this question, but there does not seem to be any forthcoming answers. I have responded to all comments added to the thread, and have in no way abondoned it.
If you feel the need to close the call, then do so but I would prefer an answer to the query before you do so.
Thanks.
This worked out pretty good for me... you'll have to change the strGroupDN to match your domain, but it seems to work pretty well.
'Listing 1: Enum_groups.vbs
option explicit
Dim objArgs, strGroupDN
set objArgs = WScript.Arguments
if objArgs.Count <> 1 then
Dim objRootDSE
set objRootDSE = GetObject("LDAP://RootDSE"
strGroupDN = "cn=Domain Admins,cn=users," & objRootDSE.Get("defaultNam
else
strGroupDN = objArgs.Item(0)
end if
Dim dicSeenGroupMember
set dicSeenGroupMember = CreateObject("Scripting.Di
Wscript.Echo "Members of " & strGroupDN & ":"
DisplayMembers "LDAP://" & strGroupDN, " ", dicSeenGroupMember
Function DisplayMembers (strGroupADsPath, strSpaces, dicSeenGroupMember)
Dim objGroup, objMember
set objGroup = GetObject(strGroupADsPath)
for each objMember In objGroup.Members
Wscript.Echo strSpaces & objMember.Get("distinguish
if objMember.Class = "group" then
if dicSeenGroupMember.Exists(
Wscript.Echo strSpaces & " ^ already seen group member " & _
"(stopping to avoid loop)"
else
dicSeenGroupMember.Add objMember.ADsPath, 1
DisplayMembers objMember.ADsPath, strSpaces & " ", _
dicSeenGroupMember
end if
end if
next
End Function
'Listing 1: Enum_groups.vbs
option explicit
Dim objArgs, strGroupDN
set objArgs = WScript.Arguments
if objArgs.Count <> 1 then
Dim objRootDSE
set objRootDSE = GetObject("LDAP://RootDSE"
strGroupDN = "cn=Domain Admins,cn=users," & objRootDSE.Get("defaultNam
else
strGroupDN = objArgs.Item(0)
end if
Dim dicSeenGroupMember
set dicSeenGroupMember = CreateObject("Scripting.Di
Wscript.Echo "Members of " & strGroupDN & ":"
DisplayMembers "LDAP://" & strGroupDN, " ", dicSeenGroupMember
Function DisplayMembers (strGroupADsPath, strSpaces, dicSeenGroupMember)
Dim objGroup, objMember
set objGroup = GetObject(strGroupADsPath)
for each objMember In objGroup.Members
Wscript.Echo strSpaces & objMember.Get("distinguish
if objMember.Class = "group" then
if dicSeenGroupMember.Exists(
Wscript.Echo strSpaces & " ^ already seen group member " & _
"(stopping to avoid loop)"
else
dicSeenGroupMember.Add objMember.ADsPath, 1
DisplayMembers objMember.ADsPath, strSpaces & " ", _
dicSeenGroupMember
end if
end if
next
End Function
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
net group "Groupname" /domain
It should list all of the members of the group, but I don't know what a nested group will do.