Expand Groups
Is there a program of some sort that will fully expand a group so I can see all users that are in the group? I've used "net group /domain" and I can see only the members that are actually in the group but it does not show the members of nested groups.
For example, I have an All Associates group that contains nested groups of all sites in the organization. If I "net group /domain all" it doesn't tell me the users that are ultimately in the group. I haven't heard of any program that can do this but I'm hoping that I just missed it.
For example, I have an All Associates group that contains nested groups of all sites in the organization. If I "net group /domain all" it doesn't tell me the users that are ultimately in the group. I haven't heard of any program that can do this but I'm hoping that I just missed it.
ASKER
That isn't really what I'm looking for. I want to on demand, export all users of a group including users in nested groups. I will try a pointer question and then delete this question if no other suggestions are made.
Hi,
I can create a vb script for you that will enumerate all users of a group including those in nested groups but I cant do it until tomorrow at work so that I can test it if thats even any use to you?
Scott
I can create a vb script for you that will enumerate all users of a group including those in nested groups but I cant do it until tomorrow at work so that I can test it if thats even any use to you?
Scott
ASKER
That would be awesome. I'm just looking for easy syntax like
expandgroup "All associates"
where "all associates" is the group (global and domain local) and it outputs the usernames of everyone in it.
I'll increase the points to 500 if you have to write it from scratch.
expandgroup "All associates"
where "all associates" is the group (global and domain local) and it outputs the usernames of everyone in it.
I'll increase the points to 500 if you have to write it from scratch.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Awesome. It works!
Think you could tell me what I would need to change to have it also be displayed in the command prompt or two a text file? One group has 300 users in it and I can't see all of them.
Thank you very much for your time and effort.
Think you could tell me what I would need to change to have it also be displayed in the command prompt or two a text file? One group has 300 users in it and I can't see all of them.
Thank you very much for your time and effort.
Hi
here is a version that will now create a text file in the c root called users.txt and output all the users there instead.
remember and change strBase = "<LDAP://dc=myCompany,dc=c
You can change the name of the users.txt file to what ever file you want to create... or use an input box to allow the user to specify or generate a dynamic name based on the date and time... let me know if you would like some help with that.
Cheers
Scott
Dim strGroupName
Dim oFSO
Dim oOutputFile
do_Search
' The main procedure. Firstly gets the ADsPath of the group entered and then enumerates all members
' of that group to return all users and the users of all sub-groups
Private Sub do_Search()
' This string will store the results for output
strUsers = ""
' Get the name of the group to search from the user
strGroupName = InputBox("Please enter the group name to search", "Enter Group Name")
' If the user entered a group
If strGroupName <> "" Then
' Create file system reference
Set oFSO = CreateObject("Scripting.Fi
' Create the output file
Set oOutputFile = oFSO.CreateTextFile("c:\us
' This will return the full adspath for this group
strADsPath = get_Group_ADsPath
' Enumerate groups
enumerate_Groups (strADsPath)
' Close the output file
oOutputFile.Close : Set oOutputFile = Nothing
' Tidy up
Set oFSO = Nothing
MsgBox "Search Complete!", vbOKOnly + vbInformation, "System Message"
Else
MsgBox "No group name entered... Search Cancelled!", vbOKOnly + vbInformation, "Input Error"
End If
End Sub
' This procedure enumerates all the members of a group and depending on each ones class
' calls the correct function
Private Sub enumerate_Groups(strPath)
' Connect to the group
Set oGroup = GetObject(strPath)
' For each member of the group
For Each oMember In oGroup.members
' If this member is a user
If oMember.Class = "user" Then
' Add the user to the output list
add_User oMember.cn
' If this member is a group
ElseIf oMember.Class = "group" Then
' Enumerate the members of this group
enumerate_Groups (oMember.ADsPath)
End If
Next
' Tidy up
Set oGroup = Nothing
End Sub
' This procedure writes a new line to the output file for each user
Private Sub add_User(strName)
' Add this user to the output file
oOutputFile.WriteLine(strN
End Sub
Private Function get_Group_ADsPath()
Dim objCommand, objConnection, strBase, strFilter, strAttributes
Dim strQuery, objRecordset
Set objCommand = CreateObject("ADODB.Comman
Set objConnection = CreateObject("ADODB.Connec
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnectio
strBase = "<LDAP://dc=myCompany,dc=c
strFilter = "(&(objectCategory=group)(
strAttributes = "ADsPath"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Pag
objCommand.Properties("Tim
objCommand.Properties("Cac
Set objRecordset = objCommand.Execute
If objRecordset.EOF Then
get_Group_ADsPath = "not found"
Else
get_Group_ADsPath = objRecordset.fields("ADsPa
End If
objRecordset.Close: Set objRecordset = Nothing
objConnection.Close: Set objConnection = Nothing
End Function
here is a version that will now create a text file in the c root called users.txt and output all the users there instead.
remember and change strBase = "<LDAP://dc=myCompany,dc=c
You can change the name of the users.txt file to what ever file you want to create... or use an input box to allow the user to specify or generate a dynamic name based on the date and time... let me know if you would like some help with that.
Cheers
Scott
Dim strGroupName
Dim oFSO
Dim oOutputFile
do_Search
' The main procedure. Firstly gets the ADsPath of the group entered and then enumerates all members
' of that group to return all users and the users of all sub-groups
Private Sub do_Search()
' This string will store the results for output
strUsers = ""
' Get the name of the group to search from the user
strGroupName = InputBox("Please enter the group name to search", "Enter Group Name")
' If the user entered a group
If strGroupName <> "" Then
' Create file system reference
Set oFSO = CreateObject("Scripting.Fi
' Create the output file
Set oOutputFile = oFSO.CreateTextFile("c:\us
' This will return the full adspath for this group
strADsPath = get_Group_ADsPath
' Enumerate groups
enumerate_Groups (strADsPath)
' Close the output file
oOutputFile.Close : Set oOutputFile = Nothing
' Tidy up
Set oFSO = Nothing
MsgBox "Search Complete!", vbOKOnly + vbInformation, "System Message"
Else
MsgBox "No group name entered... Search Cancelled!", vbOKOnly + vbInformation, "Input Error"
End If
End Sub
' This procedure enumerates all the members of a group and depending on each ones class
' calls the correct function
Private Sub enumerate_Groups(strPath)
' Connect to the group
Set oGroup = GetObject(strPath)
' For each member of the group
For Each oMember In oGroup.members
' If this member is a user
If oMember.Class = "user" Then
' Add the user to the output list
add_User oMember.cn
' If this member is a group
ElseIf oMember.Class = "group" Then
' Enumerate the members of this group
enumerate_Groups (oMember.ADsPath)
End If
Next
' Tidy up
Set oGroup = Nothing
End Sub
' This procedure writes a new line to the output file for each user
Private Sub add_User(strName)
' Add this user to the output file
oOutputFile.WriteLine(strN
End Sub
Private Function get_Group_ADsPath()
Dim objCommand, objConnection, strBase, strFilter, strAttributes
Dim strQuery, objRecordset
Set objCommand = CreateObject("ADODB.Comman
Set objConnection = CreateObject("ADODB.Connec
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnectio
strBase = "<LDAP://dc=myCompany,dc=c
strFilter = "(&(objectCategory=group)(
strAttributes = "ADsPath"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Pag
objCommand.Properties("Tim
objCommand.Properties("Cac
Set objRecordset = objCommand.Execute
If objRecordset.EOF Then
get_Group_ADsPath = "not found"
Else
get_Group_ADsPath = objRecordset.fields("ADsPa
End If
objRecordset.Close: Set objRecordset = Nothing
objConnection.Close: Set objConnection = Nothing
End Function
http://www.systemtools.com/free_main.htm
Above link only exports the users.
hope this would help.
Säi