Enumerate Nested Users via LDAP ADSI- Can be VB
Posted on 2005-05-03
I am trying to build a group access report. You can assume that the starting group ADSI path is passed into a ASP page. I need to take that AD group, look at all the nested users and groups and build a report with all users and the containers (nested groups) that they have access to. So I want a complete view of every user that has access to the group (like the adminstrators group) listed on one report and not have to manually look in each nested group to see who is there. For the example below: Domain2\Enterprise Admins and Domain1\Domain Admins are nested in Domain1\Administrators.
UserName Fullname Description Group Name
-------- -------- ----------- ---------------
user1 Jones,Bob CA User Domain1\Administrators
user2 Hots,Bob NC User Domain1\Domain Admins
user3 Tots,Bob SC User Domain1\Domain Admins
user4 Otts,Deb US Field Domain2\Enterprise Admins
4 Users found
So a group can potentially have multiple nestings (like Domain2\Enterprise Admins could have groups nested in it too) and I need the logic to be able to go as deep as it needs to back out all the users from each nested group. That is what makes this one so much fun :) This can be done in VB or VBscript. Would like it sorted by the Group Name columns if possible and show the same user again and again if they are members of multiple nested groups. Should be able to handle hundreds of entries, but I won't be running it on the Domain Users group of course.