Script returning domain groups and members, but not in human-readable format ( LDAP , ADO )

Posted on 2006-06-06
Last Modified: 2008-02-01
I'm trying to create a list of groups and members from my domain by using a script, using a slight variant of the script shown here:

It returns what I'm assuming are my groups and members, but I'm guessing that these are keys.  I'd much rather have the human-readable versions, like PDP-ReportUsers and JSmith.

Current output:
A3A0B63E8776453C962 (Global/Security)
   Member: 385008F11037446BA14 (User)
   Member: 0E0016186820401EBF8 (User)
   Member: 723803D5FCF1451196F (User)
   Member: 53C0B0383AD44C71A10 (User)
87117A422B4386B690D (Global/Security)
   Member: BC1B99EFF47F46D49D7 (User)
   Member: 4BCA7A31391B4A9C968 (User)
Question by:Rakafkaven
    LVL 70

    Accepted Solution


    Okay it's echoing Account Names.. we can change that:

    The first line we want to alter is this one:

     Wscript.Echo objGroup.sAMAccountName _
        & " (" & GetType(objGroup.groupType) & ")"
      Call GetMembers(objGroup)

    Lets try changing it to:

    WScript.Echo objGroup.Get("name") &_
        " (" & GetType(objGroup.groupType) & ")"

    That should deal with the Group Name itself. Then we need to alter the GetMembers subroutine a little. Change this statement:

        Wscript.Echo "   Member: " & objMember.sAMAccountName _
          & " (" & strType & ")"


        Wscript.Echo "   Member: " & objMember.Get("name") _
          & " (" & strType & ")"

    That should hopefully return a more visually pleasing attribute.

    LVL 4

    Author Comment

    Perfect once again.  Thanks!
    LVL 70

    Expert Comment

    by:Chris Dent

    Pleasure :)
    LVL 4

    Author Comment

    While text files are all well and good, if anyone is trying to do the same thing and wants the data in a usable format, here's an Access module that will work in any database with the following tables:

    groups - fields: actname, name, type
    members - fields: actname, name, type, memof

    Option Explicit
    Dim db As Database
    Dim rsG As DAO.Recordset
    Dim rsM As DAO.Recordset
    Dim gAct As String

    Sub DCMain()
        Set db = CurrentDb
        Set rsG = db.OpenRecordset("groups")
        Set rsM = db.OpenRecordset("members")
        Call GetData
        Set rsG = Nothing
        Set rsM = Nothing
        Set db = Nothing
    End Sub
    Sub GetData()
    'modified 6/6/06; based on:
        ' DocumentGroups.vbs
        ' VBScript program to document all groups in Active Directory.
        ' Outputs group name, type of group, all members, and types of member.
        ' Lists all groups that are members, but does not list the nested group
        ' membership.
        ' ----------------------------------------------------------------------
        ' Copyright (c) 2002 Richard L. Mueller
        ' Hilltop Lab web site -
        ' Version 1.0 - November 10, 2002
        ' Version 1.1 - February 19, 2003 - Standardize Hungarian notation.
        ' Version 1.2 - March 11, 2003 - Remove SearchScope property.
        ' This script is designed to be run at a command prompt, using the
        ' Cscript host. The output can be redirected to a text file.
        ' For example:
        ' cscript //nologo DocumentGroups.vbs > groups.txt
        ' You have a royalty-free right to use, modify, reproduce, and
        ' distribute this script file in any way you find useful, provided that
        ' you agree that the copyright owner above has no warranty, obligations,
        ' or liability for such use.
    Dim objConnection, objCommand, objRootDSE, strDNSDomain, strQuery
    Dim objRecordSet, strDN, objGroup
    Dim x

        ' Use ADO to search Active Directory.
        Set objConnection = CreateObject("ADODB.Connection")
        Set objCommand = CreateObject("ADODB.Command")
        objConnection.Provider = "ADsDSOObject"
        objConnection.Open "Active Directory Provider"
        Set objCommand.ActiveConnection = objConnection
        ' Determine the DNS domain from the RootDSE object.
        Set objRootDSE = GetObject("LDAP://RootDSE")
        strDNSDomain = objRootDSE.Get("defaultNamingContext")
        ' Search for all groups, return the Distinguished Name of each.
        strQuery = "<LDAP://" & strDNSDomain _
          & ">;(objectClass=group);aDSPath;subtree"
        'Wscript.Echo strQuery
        objCommand.CommandText = strQuery
        objCommand.Properties("Page Size") = 100
        objCommand.Properties("Timeout") = 30
        objCommand.Properties("Cache Results") = False
        Set objRecordSet = objCommand.Execute
        If objRecordSet.EOF Then
          MsgBox ("No groups found")
          Set objRootDSE = Nothing
          Set objConnection = Nothing
          Set objCommand = Nothing
          Set objRecordSet = Nothing
          Exit Sub
        End If
        ' Enumerate all groups, bind to each, and document group members.
        Do Until objRecordSet.EOF
            Set objGroup = GetObject(objRecordSet.Fields("aDSPath"))
            gAct = objGroup.sAMAccountName
                rsG!actname = gAct
                rsG!Type = GetType(objGroup.groupType)
                rsG!Name = objGroup.Get("name")
            Call GetMembers(objGroup)
        ' Clean up.
        Set objRootDSE = Nothing
        Set objGroup = Nothing
        Set objConnection = Nothing
        Set objCommand = Nothing
        Set objRecordSet = Nothing
    End Sub

    Function GetType(intType)
    ' Function to determine group type from the GroupType attribute.
      If (intType And &H1) <> 0 Then
        GetType = "Built-in"
      ElseIf (intType And &H2) <> 0 Then
        GetType = "Global"
      ElseIf (intType And &H4) <> 0 Then
        GetType = "Local"
      ElseIf (intType And &H8) <> 0 Then
        GetType = "Universal"
      End If
      If (intType And &H80000000) <> 0 Then
        GetType = GetType & "/Security"
        GetType = GetType & "/Distribution"
      End If
    End Function

    Sub GetMembers(objADObject)
    ' Subroutine to document group membership.
    ' Members can be users or groups.
      Dim objMember, strType
      For Each objMember In objADObject.Members
        If UCase(Left(objMember.objectCategory, 8)) = "CN=GROUP" Then
          strType = "Group"
          strType = "User"
        End If
            rsM!actname = objMember.sAMAccountName
            rsM!Name = objMember.Get("name")
            rsM!Type = strType
            rsM!memof = gAct
      Set objMember = Nothing
    End Sub


    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    Suggested Solutions

    Introduction While answering a recent question about filtering a custom class collection, I realized that this could be accomplished with very little code by using the ScriptControl (SC) library.  This article will introduce you to the SC library a…
    Article by: Martin
    Here are a few simple, working, games that you can use as-is or as the basis for your own games. Tic-Tac-Toe This is one of the simplest of all games.   The game allows for a choice of who goes first and keeps track of the number of wins for…
    Get people started with the process of using Access VBA to control Excel using automation, Microsoft Access can control other applications. An example is the ability to programmatically talk to Excel. Using automation, an Access application can laun…
    This lesson covers basic error handling code in Microsoft Excel using VBA. This is the first lesson in a 3-part series that uses code to loop through an Excel spreadsheet in VBA and then fix errors, taking advantage of error handling code. This l…

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now