Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 686
  • Last Modified:

Exporting AD Group Members

Hello everyone,

Hopefully this will be an easy one for you...

When I look at the members of an AD group all I see is 'members' (showing their logon name) and 'Active Directory Folder' (showing domain\Users). Unfortunately the logon name does not show their first and last names, rather it shows their logon name we gave them when we had our NT domain. Now that we have migrated to W2K I can see their names in the users view but the group view dows not seem to have first and last names....

My question is this: How do you view this information without looking at each members login name, then going to their User Object properties to find their first and last names? And better yet, is there a way of exporting it into a txt file?

Thanks,

Alsace.
0
alsace
Asked:
alsace
  • 2
  • 2
  • 2
2 Solutions
 
JamesDSCommented:
alsace
Take a look at DUMPSEC from SOMARSOFT.COM - an excellent reporting tool that outputs into text files, screen and Excel format.

You could try altering the displayname field to "LastName, FirstName" by renaming each user. The Account itself will retain the same login name (see the Account tab in the properties), but will display as anything you like.

Cheers

JamesDS
0
 
oBdACommented:
The fastest thing to do is to open your ADUC MMC, then from the "View" menu, choose "Add/Remove columns". Add "Display Name".
What you're currently seeing in the MMC in the "Name" column is the Distinguished Name of the AD object. You can right-click the user and change the name there; this will not change the logon name (so the users won't notice this), but you will then see the changed user's name in the Name column.
In addition to this, you still have (in the user's profile itself) first name, last name, display name, the User Principal Name, and the pre-Windows 2000 logon name (which is the one your users are logging on with). Except for the display name and the pre-W2k name, all those names will be empty after the NT4 migration.
0
 
alsaceAuthor Commented:
Thanks for thefeedback guys...

oBdA - This technique helped if I wanted to see the first and last names in the USERS view, but the fields are not populated in the GROUP view (which is what I want). Furthermore, when I actually go into the group properties it only shows the username and active directory folder views...not the first and last name attributes..

JamesDS - This tool was pretty good (especially for freeware), but again when dumping group membership it specifies usernames by default, and I can't see how this can be changed (I found another tool on the same site - 'exporter' - which was also good but had the same results..)

I basically want to be able to customise the view by choosing the ATTRIBUTES in the schema that I want (in this case first name, last name) rather than the username. Unfortunately my predecessors decided to use a login name that had no bearing whatsoever on the user's actual names...so therein lies my problem.

I have found a workaround however - I used DumpSec (as suggested by jamesDS) to export the group members of the groups I was interested in (by username). I then did the same with all users in our domain using the 'Dump Users As Table Fast (names only)' option - this gave me usernames and full names, but no group m'ships. I saved each export as a CSV, combined them, and then did a VLOOKUP in excel to map the usernames (in the group membership export) to full names (in the domain users export). his worked a treat.

The only problem it is fiddly - I 'm sure there must be a tool to view the schema attributes of the members of a group, and export the ones that I want...?

Thanks again guys - appreciate your help.... if there are no closer replies within the next 24hrs I am going to award the points to JamesDS as it achived what I wanted (with some tweaking).

Alsace.
0
Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
JamesDSCommented:
Alsace

For complete flexibility you should consider VBScript. Look for a tool that enumerates groups and returns information about their attributes.

www.15seconds.com and the Microsoft ScriptCenter are excellent scripting resources.
Cheers

JamesDS
0
 
oBdACommented:
To view the members by name in the group membership as well, you'll have to change the users' Distinguished Name, as I suggested before; this is the one you see in the regular "Name" column. You can right-click those and change them; this will NOT change their logon name.
0
 
alsaceAuthor Commented:
Understood oBdA - and I think I will need to get someone to painstakingly rename everyone in the domain, but for my requirements this is a completely redundant exercise, as it will require me changing each users name - which will need me to identify each user in the group that I want, which is exactly what I wanted to avoid if I could. I realise this is the long term solution, but I wanted to pull out the Display Name attribute for group membership a really quick way, as the default group membership view shows the name attribute - which in our case is the pre W2K logon.

This was obviously harder than I thought! I really appreciate your help guys... as such I have increased the Q value to 250 and will split the points - 150 to JamesDS, and 100 to oBdA for the long term solution.

Cheers,

Alsace
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

  • 2
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now