?
Solved

Expand Groups

Posted on 2005-04-15
7
Medium Priority
?
348 Views
Last Modified: 2010-04-13
Is there a program of some sort that will fully expand a group so I can see all users that are in the group?  I've used "net group /domain" and I can see only the members that are actually in the group but it does not show the members of nested groups.

For example, I have an All Associates group that contains nested groups of all sites in the organization.  If I "net group /domain all" it doesn't tell me the users that are ultimately in the group.  I haven't heard of any program that can do this but I'm hoping that I just missed it.
0
Comment
Question by:Eagle6990
  • 3
  • 3
7 Comments
 
LVL 5

Expert Comment

by:sai2480
ID: 13793916
Try this...

http://www.systemtools.com/free_main.htm

Above link only exports the users.
hope this would help.

Säi
0
 
LVL 17

Author Comment

by:Eagle6990
ID: 13819975
That isn't really what I'm looking for.  I want to on demand, export all users of a group including users in nested groups.  I will try a pointer question and then delete this question if no other suggestions are made.
0
 
LVL 15

Expert Comment

by:Colosseo
ID: 13820009
Hi,

I can create a vb script for you that will enumerate all users of a group including those in nested groups but I cant do it until tomorrow at work so that I can test it if thats even any use to you?

Scott
0
Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
LVL 17

Author Comment

by:Eagle6990
ID: 13820045
That would be awesome.  I'm just looking for easy syntax like
expandgroup "All associates"

where "all associates" is the group (global and domain local) and it outputs the usernames of everyone in it.

I'll increase the points to 500 if you have to write it from scratch.
0
 
LVL 15

Accepted Solution

by:
Colosseo earned 2000 total points
ID: 13822232
Hi

you can give this a go to start with... cut and paste the code into a new vbs file

you will have to change this line

  strBase = "<LDAP://dc=myCompany,dc=com>"

to the root of your active directory, apart from that when the code runs it will prompt you to type in the name of the group. From there it will search the AD for the group, return its ADsPath and then use this as the start of enumerating its users and sub-groups.

If a user is found in more than one group then he/she will be returned for each group... if this happens (assuming that you get the code working) I can add some additional code in that will use the dictionary to filter out duplicate users.

But lets get this working for you first :)


<<< CUT BELOW HERE >>>

  Dim strUsers
  Dim strGroupName

  do_Search

' The main procedure. Firstly gets the ADsPath of the group entered and then enumerates all members
' of that group to return all users and the users of all sub-groups
Private Sub do_Search()

  ' This string will store the results for output
  strUsers = ""
 
  ' Get the name of the group to search from the user
  strGroupName = InputBox("Please enter the group name to search", "Enter Group Name")
 
  ' If the user entered a group
  If strGroupName <> "" Then
 
    ' This will return the full adspath for this group
    strADsPath = get_Group_ADsPath

    ' Enumerate groups
    enumerate_Groups (strADsPath)
 
    ' Return the result
    MsgBox strUsers
 
  Else
   
    MsgBox "No group name entered... Search Cancelled!", vbOKOnly + vbInformation, "Input Error"
 
  End If

End Sub

' This procedure enumerates all the members of a group and depending on each ones class
' calls the correct function
Private Sub enumerate_Groups(strPath)

  ' Connect to the group
  Set oGroup = GetObject(strPath)
 
  ' For each member of the group
  For Each oMember In oGroup.members
    ' If this member is a user
    If oMember.Class = "user" Then
      ' Add the user to the output list
      add_User oMember.cn
    ' If this member is a group
    ElseIf oMember.Class = "group" Then
      ' Enumerate the members of this group
      enumerate_Groups (oMember.ADsPath)
    End If
  Next
 
  ' Tidy up
  Set oGroup = Nothing

End Sub

' At the moment this procedure just adds each users name to a string but this can be changed to output to
' a file for example
Private Sub add_User(strName)

  ' Add this user to the output string and include the new line character afterwards
  strUsers = strUsers & strName & Chr(10)

End Sub

Private Function get_Group_ADsPath()

  Dim objCommand, objConnection, strBase, strFilter, strAttributes

  Dim strQuery, objRecordset

  Set objCommand = CreateObject("ADODB.Command")
  Set objConnection = CreateObject("ADODB.Connection")
 
  objConnection.Provider = "ADsDSOObject"
  objConnection.Open "Active Directory Provider"
  objCommand.ActiveConnection = objConnection

  strBase = "<LDAP://dc=myCompany,dc=com>"
  strFilter = "(&(objectCategory=group)(objectClass=group)(cn=" & strGroupName & "))"
  strAttributes = "ADsPath"
  strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
 
  objCommand.CommandText = strQuery
  objCommand.Properties("Page Size") = 100
  objCommand.Properties("Timeout") = 30
  objCommand.Properties("Cache Results") = False
 
  Set objRecordset = objCommand.Execute

  If objRecordset.EOF Then

    get_Group_ADsPath = "not found"

  Else

    get_Group_ADsPath = objRecordset.fields("ADsPath")
     
  End If
 
  objRecordset.Close: Set objRecordset = Nothing
  objConnection.Close: Set objConnection = Nothing

End Function

<<< CUT ABOVE HERE >>>

HTH

Scott
0
 
LVL 17

Author Comment

by:Eagle6990
ID: 13824510
Awesome.  It works!

Think you could tell me what I would need to change to have it also be displayed in the command prompt or two a text file?  One group has 300 users in it and I can't see all of them.

Thank you very much for your time and effort.
0
 
LVL 15

Expert Comment

by:Colosseo
ID: 13825316
Hi

here is a version that will now create a text file in the c root called users.txt and output all the users there instead.

remember and change  strBase = "<LDAP://dc=myCompany,dc=com>" back to your root

You can change the name of the users.txt file to what ever file you want to create... or use an input box to allow the user to specify or generate a dynamic name based on the date and time... let me know if  you would like some help with that.

Cheers

Scott
 
  Dim strGroupName
  Dim oFSO
  Dim oOutputFile

  do_Search

' The main procedure. Firstly gets the ADsPath of the group entered and then enumerates all members
' of that group to return all users and the users of all sub-groups
Private Sub do_Search()

  ' This string will store the results for output
  strUsers = ""
 
  ' Get the name of the group to search from the user
  strGroupName = InputBox("Please enter the group name to search", "Enter Group Name")
 
  ' If the user entered a group
  If strGroupName <> "" Then

    ' Create file system reference
    Set oFSO = CreateObject("Scripting.FileSystemObject")  

    ' Create the output file
    Set oOutputFile = oFSO.CreateTextFile("c:\users.txt")

    ' This will return the full adspath for this group
    strADsPath = get_Group_ADsPath

    ' Enumerate groups
    enumerate_Groups (strADsPath)
   
    ' Close the output file
    oOutputFile.Close : Set oOutputFile = Nothing

    ' Tidy up
    Set oFSO = Nothing

    MsgBox  "Search Complete!", vbOKOnly + vbInformation, "System Message"
 
  Else
   
    MsgBox "No group name entered... Search Cancelled!", vbOKOnly + vbInformation, "Input Error"
 
  End If

End Sub

' This procedure enumerates all the members of a group and depending on each ones class
' calls the correct function
Private Sub enumerate_Groups(strPath)

  ' Connect to the group
  Set oGroup = GetObject(strPath)
 
  ' For each member of the group
  For Each oMember In oGroup.members
    ' If this member is a user
    If oMember.Class = "user" Then
      ' Add the user to the output list
      add_User oMember.cn
    ' If this member is a group
    ElseIf oMember.Class = "group" Then
      ' Enumerate the members of this group
      enumerate_Groups (oMember.ADsPath)
    End If
  Next
 
  ' Tidy up
  Set oGroup = Nothing

End Sub

' This procedure writes a new line to the output file for each user
Private Sub add_User(strName)

  ' Add this user to the output file
  oOutputFile.WriteLine(strName)

End Sub

Private Function get_Group_ADsPath()

  Dim objCommand, objConnection, strBase, strFilter, strAttributes

  Dim strQuery, objRecordset

  Set objCommand = CreateObject("ADODB.Command")
  Set objConnection = CreateObject("ADODB.Connection")
 
  objConnection.Provider = "ADsDSOObject"
  objConnection.Open "Active Directory Provider"
  objCommand.ActiveConnection = objConnection

 strBase = "<LDAP://dc=myCompany,dc=com>"
  strFilter = "(&(objectCategory=group)(objectClass=group)(cn=" & strGroupName & "))"
  strAttributes = "ADsPath"
  strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
 
  objCommand.CommandText = strQuery
  objCommand.Properties("Page Size") = 100
  objCommand.Properties("Timeout") = 30
  objCommand.Properties("Cache Results") = False
 
  Set objRecordset = objCommand.Execute

  If objRecordset.EOF Then

    get_Group_ADsPath = "not found"

  Else

    get_Group_ADsPath = objRecordset.fields("ADsPath")
     
  End If
 
  objRecordset.Close: Set objRecordset = Nothing
  objConnection.Close: Set objConnection = Nothing

End Function
0

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
I came across an unsolved Outlook issue and here is my solution.
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question