Link to home
Start Free TrialLog in
Avatar of alsace
alsace

asked on

Exporting AD Group Members

Hello everyone,

Hopefully this will be an easy one for you...

When I look at the members of an AD group all I see is 'members' (showing their logon name) and 'Active Directory Folder' (showing domain\Users). Unfortunately the logon name does not show their first and last names, rather it shows their logon name we gave them when we had our NT domain. Now that we have migrated to W2K I can see their names in the users view but the group view dows not seem to have first and last names....

My question is this: How do you view this information without looking at each members login name, then going to their User Object properties to find their first and last names? And better yet, is there a way of exporting it into a txt file?

Thanks,

Alsace.
ASKER CERTIFIED SOLUTION
Avatar of JamesDS
JamesDS

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of oBdA
oBdA

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of alsace
alsace

ASKER

Thanks for thefeedback guys...

oBdA - This technique helped if I wanted to see the first and last names in the USERS view, but the fields are not populated in the GROUP view (which is what I want). Furthermore, when I actually go into the group properties it only shows the username and active directory folder views...not the first and last name attributes..

JamesDS - This tool was pretty good (especially for freeware), but again when dumping group membership it specifies usernames by default, and I can't see how this can be changed (I found another tool on the same site - 'exporter' - which was also good but had the same results..)

I basically want to be able to customise the view by choosing the ATTRIBUTES in the schema that I want (in this case first name, last name) rather than the username. Unfortunately my predecessors decided to use a login name that had no bearing whatsoever on the user's actual names...so therein lies my problem.

I have found a workaround however - I used DumpSec (as suggested by jamesDS) to export the group members of the groups I was interested in (by username). I then did the same with all users in our domain using the 'Dump Users As Table Fast (names only)' option - this gave me usernames and full names, but no group m'ships. I saved each export as a CSV, combined them, and then did a VLOOKUP in excel to map the usernames (in the group membership export) to full names (in the domain users export). his worked a treat.

The only problem it is fiddly - I 'm sure there must be a tool to view the schema attributes of the members of a group, and export the ones that I want...?

Thanks again guys - appreciate your help.... if there are no closer replies within the next 24hrs I am going to award the points to JamesDS as it achived what I wanted (with some tweaking).

Alsace.
Alsace

For complete flexibility you should consider VBScript. Look for a tool that enumerates groups and returns information about their attributes.

www.15seconds.com and the Microsoft ScriptCenter are excellent scripting resources.
Cheers

JamesDS
To view the members by name in the group membership as well, you'll have to change the users' Distinguished Name, as I suggested before; this is the one you see in the regular "Name" column. You can right-click those and change them; this will NOT change their logon name.
Avatar of alsace

ASKER

Understood oBdA - and I think I will need to get someone to painstakingly rename everyone in the domain, but for my requirements this is a completely redundant exercise, as it will require me changing each users name - which will need me to identify each user in the group that I want, which is exactly what I wanted to avoid if I could. I realise this is the long term solution, but I wanted to pull out the Display Name attribute for group membership a really quick way, as the default group membership view shows the name attribute - which in our case is the pre W2K logon.

This was obviously harder than I thought! I really appreciate your help guys... as such I have increased the Q value to 250 and will split the points - 150 to JamesDS, and 100 to oBdA for the long term solution.

Cheers,

Alsace