Solved

Members of group

Posted on 2006-11-26
19
627 Views
Last Modified: 2012-05-05
I have a list of groups in the excel spread. I want to know what are the members in each group.Can any one help me with a script which would do this.I need to do this on  a weekly basis.I am using windows 2003
0
Comment
Question by:life_j
19 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 18017111
Would something like this from http://www.microsoft.com/technet/scriptcenter/resources/qanda/feb05/hey0203.mspx work for you?

strComputer = "atl-ws-01"
Set objGroup = GetObject("WinNT://" & strComputer & strGroup)
i = 0
For Each objUser in objGroup.Members
   wscript.echo objUser
    i = i + 1
Next

Wscript.Echo "Number of users in group: " & i
0
 
LVL 7

Author Comment

by:life_j
ID: 18017370
No, I am not looking for the above.

I have a excel file which has a list of groups in our AD.This is not a complete list but few specific groups.
I need to find the members in this groups.
What I want to do is. have command for example like csvde in which I want to pass a parameter with a for look in to the csvde command for each group.

I think you got my logic.But I don't know how to do this.

Thanks
0
 
LVL 10

Expert Comment

by:Phadke_hemant
ID: 18017480
Instead of script you can use following commands -

1) dsquery group

Finds groups in the directory that match the specified search criteria. If the predefined search criteria in this command is insufficient, use the more general version of the query command, dsquery *.

Syntax
dsquery group [{StartNode | forestroot | domainroot}] [-o {dn | rdn | samid}] [-scope {subtree | onelevel | base}] [-name Filter] [-desc Filter] [-samid Filter] [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}] [-q] [-r] [-gc] [-limit NumberOfObjects] [{-uc | -uco | -uci}]

Parameters
[{StartNode | forestroot | domainroot}
Specifies the node where the search will start. You can specify the forest root (forestroot), domain root (domainroot), or a node’s distinguished name (StartNode). If forestroot is specified, the search is done using the global catalog. The default value is domainroot.
-o {dn | rdn | samid}
Specifies the format in which the list of entries found by the search will be displayed. A dn value displays the distinguished name of each entry. A rdn value displays the relative distinguished name of each entry. A samid value displays the SAM account name of each entry. By default, the dn format is used.
-scope (subtree | onelevel | base)
Specifies the scope of the search. A value of subtree indicates that the scope is a subtree rooted at start node. A value of onelevel indicates the immediate children of the start node only. A value of base indicates the single object represented by start node. If forestroot is specified as StartNode, subtree is the only valid scope. By default, the subtree search scope is used.
-name Name
Searches for groups whose name attributes (value of CN attribute) matches Name. For example, "jon*" or "*ith" or "j*th".
-desc Description
Searches for groups whose description attribute matches Description. For example, "jon*" or "*ith" or "j*th".
-samid SAMName
Searches for groups whose SAM account name matches SAMName.
{-s Server | -d Domain}
Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.
-u UserName
Specifies the user name with which the user logs on to a remote server. By default, -u uses the user name with which the user logged on. You can use any of the following formats to specify a user name:
user name (for example, Linda)
domain\user name (for example, widgets\Linda)
user principal name (UPN) (for example, Linda@widgets.microsoft.com)
-p {Password | *}
Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
-q
Suppresses all output to standard output (quiet mode).
-r
Specifies that the search use recursion or follow referrals during search. By default, the search will not follow referrals during search.
-gc
Specifies that the search use the Active Directory global catalog.
-limit NumberOfObjects
Specifies the number of objects that match the given criteria to be returned. If the value of NumberOfObjects is 0, all matching objects are returned. If this parameter is not specified, by default the first 100 results are displayed.
{-uc | -uco | -uci}
Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.

2) dsget group

Displays the various properties of a group including the members of a group in the directory. There are two variations of this command. The first variation allows you to view the properties of multiple groups. The second variation allows you to view the group membership information of a single group.

Syntax
dsget group GroupDN ... [-dn] [-samid] [-sid] [-desc] [-secgrp] [-scope] [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}] [-c] [-q] [-l] [{-uc | -uco | -uci}] [-part PartitionDN [-qlimit] [-qused]]

dsget group GroupDN [{-memberof | -members}] [-expand] [{-s Server | -d Domain}] [-u UserName] [-p {Password | *}] [-c] [-q] [-l] [{-uc | -uco | -uci}]
Parameters
GroupDN ...
Required. Specifies the distinguished names of the group objects that you want to view. If values are omitted, they are obtained through standard input (stdin) to support piping of output from another command to input of this command. Compare with GroupDN in the next command variation.
-dn
Displays that distinguished names of the groups.
-samid
Displays the SAM account names of the groups.
-sid
Displays the group security IDs (SIDs).
-desc
Displays the descriptions of the groups.
-secgrp
Displays information about whether groups are security groups (yes) or a distribution groups (no).
-scope
Display information about whether group scopes are local, global, or universal.
GroupDN
Required. Specifies the distinguished name of the computer you want to view.
{-memberof | -members}
Displays the immediate list of groups of which the group is a member (-memberof). Displays the immediate list of members of the group (-members).
-expand
In the case of the -memberof parameter, requests that the recursively expanded list of groups in which the group is a member be returned. This option takes the immediate group membership list of the group, and then recursively expands each group in this list to determine its group memberships as well to arrive at a complete closure set of the groups.
In case of the -members parameter, requests that the recursively expanded list of members of the group be displayed. This parameter takes the immediate list of members of the group and then recursively expands each group in this list to determine its group memberships as well to arrive at a complete closure set of the members.

{-s Server | -d Domain}
Connects to a specified remote server or domain. By default, the computer is connected to the domain controller in the logon domain.
-u UserName
Specifies the user name with which the user logs on to a remote server. By default, the logged on user name is used. You can specify a user name using one of the following formats:
user name (for example, Linda)
domain\user name (for example, widgets\Linda)
user principal name (UPN) (for example, Linda@widgets.microsoft.com)
-p {Password | *}
Specifies to use either a password or a * to log on to a remote server. If you type *, you are prompted for a password.
-c
Reports errors, but continues with the next object in the argument list when multiple target objects are specified (continuous operation mode). Without this option, the command exits on the first error.
-q
Suppresses all output to standard output (quiet mode).
-l
Displays entries in a list format. By default, entries are displayed in a table format.
{-uc | -uco | -uci}
Specifies that output or input data is formatted in Unicode. The following table lists and describes each format.
-part PartitionDN
Connects to the directory partition with the distinguished name of PartitionDN.
-qlimit
Displays the effective quota of the group within the specified directory partition.
-qused
Displays how much of its quota the group has used within the specified directory partition.
0
 
LVL 7

Author Comment

by:life_j
ID: 18023973
@Phadke_hemant

You provided lots of info.But I can find any thing that would solve my problem.
0
 
LVL 48

Expert Comment

by:Jay_Jay70
ID: 18025273
LJ,

I know there is a way to incorporate this command into a script which will call a file that has your group names listed in it

dsget group "cn=groupname,OU=OUName,DC=Comain,DC=Local" -members > c:\members.txt

maybe sirbounty can help with the command to pull the file?
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18025365
I was referring to a script like this:
It should loop through each group and examine the members of each.  You didn't specify what you wanted to do with each user found, so I've just echoed it out to the screen...

strComputer = "atl-ws-01"  'replace this with your domain control / GC
strXLSFile = "c:\grp.xls" 'replace with the excel sheet

On Error Resume Next
Set objExcel = CreateObject("Excel.Application")

' Open specified spreadsheet and select the first worksheet.
objExcel.WorkBooks.Open strXLSFile
Set objSheet = objExcel.ActiveWorkbook.Worksheets(1)
intRow = 2
Do While objSheet.Cells(intRow, 1).Value <> ""
  Set objGroup = GetObject("WinNT://" & strComputer & objSheet.Cells(intRow,1).Value)
  i = 0
  For Each objUser in objGroup.Members
   wscript.echo objUser.Name
    i = i + 1
  Next
  intRow = intRow + 1
Loop

' Close workbook and quit Excel.
objExcel.ActiveWorkbook.Close
objExcel.Application.Quit

' Clean up.
Set objExcel = Nothing
Set objSheet = Nothing
0
 
LVL 7

Author Comment

by:life_j
ID: 18033881
Thanks sirbounty

I wanted the output to be dumped into  text file
This is what I have done but doesn't work.Also I tried just copying you script and running it but that didn't work either.Do I need to run this script on a server or can I run it from my machine

option explicit

Dim  objFile,strline,strComputer, strXLSFile,objExcel,objFile,introw


Set objExcel = CreateObject("Excel.Application")
Set objFile = objFileSystem.OpenTextFile("GroupMembers.txt", 2, True, 0)
objFile.WriteLine "Group Member1" & VbTab  & "Group Member1"

strComputer = "nsyd1print1.apac.corp"
strXLSFile = "G:\IS\Documents\users\Mallik\Less Then 2 User Groups\Groups.xls"


objExcel.WorkBooks.Open strXLSFile
Set objSheet = objExcel.ActiveWorkbook.Worksheets(1)
intRow = 2
Do While objSheet.Cells(intRow, 1).Value <> ""
  Set objGroup = GetObject("WinNT://" & strComputer & objSheet.Cells(intRow,1).Value)
  i = 0
  For Each objUser in objGroup.Members
   strline=objUser.Name
   strline=strline & objuser.name
    i = i + 1
  Next
  intRow = intRow + 1
Loop

' Close workbook and quit Excel.
objExcel.ActiveWorkbook.Close
objExcel.Application.Quit

' Clean up.
Set objExcel = Nothing
Set objSheet = Nothing
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18036773
This line - you should specify the source folder for GroupMembers.txt
Set objFile = objFileSystem.OpenTextFile("GroupMembers.txt", 2, True, 0)

When you say it's not working - what error/problem did you see?
You can run the script from anywhere, specifying the computername as you did..
0
 
LVL 7

Author Comment

by:life_j
ID: 18042253
I have specified the folder and ran the script again.But doesn't work
 I can't see any errors.It runs but doesn't create the GroupMembers.txt file.
How can I do a trace on vbs scripts.Also where does the errors show up.I know it just displays on the screen. other then do I need to check somewhere else too.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 7

Author Comment

by:life_j
ID: 18042933
Increasing the points
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18042937
You need to close the file,
objFile.Close

In order to troubleshoot the script. you'll need to place some echos in there...

Do While objSheet.Cells(intRow, 1).Value <> ""
    msgbox objSheet.Cells(intRow,1).Value
  Set objGroup = GetObject("WinNT://" & strComputer & objSheet.Cells(intRow,1).Value)
  i = 0
  For Each objUser in objGroup.Members
   msgbox objUser.Name
   strline=objUser.Name
   strline=strline & objuser.name
    i = i + 1
  Next
  intRow = intRow + 1
Loop
0
 
LVL 7

Author Comment

by:life_j
ID: 18051303
I fixed few things with help of msgbox's could trace the script. But nothing displays for msgbox objUser.Name.
Id thier a propert called name for objuser.
msgbox objSheet.Cells(intRow,1).Value This works fine

0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18051356
I'm not on my domain this week (vacation :), but try this:

msgbox objUser.Fields(0).Value
or msgbox objUser.saMAccountName
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18051395
Code from http://www.activexperts.com/activmonitor/windowsmanagement/adminscripts/usersgroups/localgroups/
indicates Name is a valid property when iterating through the group 'this' way...

strComputer = "atl-win2k-01"
Set colGroups = GetObject("WinNT://" & strComputer & "")
colGroups.Filter = Array("group")
For Each objGroup In colGroups
    For Each objUser in objGroup.Members
        If objUser.name = "kenmyer" Then
            Wscript.Echo objGroup.Name
        End If
    Next
Next
0
 
LVL 7

Author Comment

by:life_j
ID: 18065812
@sirbounty

I can figure out with the links that you have given me.

This is the original question. Chris-dent has given me the script to find groups with less then 2 members.Now I want to find out the members of each group

Can any one help me

http://www.experts-exchange.com/Operating_Systems/Windows_Server_2003/Q_21940119.html
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18065878
Simply remove the logical comparison:

Option Explicit

'''remove this line: Const MIN_MEMBERS = 2
Const ADS_SCOPE_SUBTREE = 2

Dim objConnection, objCommand, objRecordSet, objGroup, objRootDSE, objFile, objFileSystem
Dim strLine

Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objFile = objFileSystem.OpenTextFile("Groups.txt", 2, True, 0)
objFile.WriteLine "Group Name" & VbTab & "Directory Path" & "Number of Members"

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection

Set objRootDSE = GetObject("LDAP://RootDSE")
objCommand.CommandText = "SELECT name, aDSPath " &_
     "FROM 'LDAP://" & objRootDSE.Get("defaultNamingContext") & "' WHERE objectClass='group'"
Set objRootDSE = Nothing

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 600
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False

Set objRecordSet = objCommand.Execute

While Not objRecordSet.EOF
     Set objGroup = GetObject(objRecordSet.Fields("aDSPath"))
'''REMOVE this line:     If objGroup.Members.Count < MIN_MEMBERS Then
          strLine = objRecordSet.Fields("name") & VbTab
          strLine = strLine & objRecordSet.Fields("aDSPath") & VbTab
'OPTIONAL remove the next line - displays the  count:
         strLine = strLine & objGroup.Members.Count
          objFile.WriteLine strLine
'''REMOVE:     End If
     Set objGroup = Nothing
     objRecordSet.MoveNext
Wend

objConnection.Close
Set objRecordSet = Nothing
Set objCommand = Nothing
Set objConnection = Nothing

Set objFile = Nothing
Set objFileSystem = Nothing
0
 
LVL 7

Author Comment

by:life_j
ID: 18073689
I want  the members in each group too.
0
 
LVL 67

Accepted Solution

by:
sirbounty earned 500 total points
ID: 18082013
How about this then...

Const ADS_SCOPE_SUBTREE = 2
strComputer = "."
Dim objConnection, objCommand, objRecordSet, objGroup, objRootDSE, objFile, objFileSystem,strLine

Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objFile = objFileSystem.OpenTextFile("Groups.txt", 2, True, 0)
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
objCommand.CommandText = "SELECT name, aDSPath " & _
     "FROM 'LDAP://" & objRootDSE.Get("defaultNamingContext") & "' WHERE objectClass='group'"
Set objRootDSE = Nothing
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 600
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute

While Not objRecordSet.EOF
  On Error Resume Next
  Set objGroup = GetObject(objRecordSet.Fields("adSPath").Value)
  objFile.WriteLine "Members of " & objGroup
  For Each objUser In objGroup.Member
    objFile.WriteLine objUser
  Next
  Set objGroup = Nothing
  objRecordSet.MoveNext
Wend

objConnection.Close
Set objRecordSet = Nothing
Set objCommand = Nothing
Set objConnection = Nothing
Set objFile = Nothing
Set objFileSystem = Nothing
0
 
LVL 7

Author Comment

by:life_j
ID: 18091077
I didn't want the member of  I wanted the members in the groups.This is what I had to chnage in your script.

For Each objMember in objGroup.Members
strLine = strLine & objMember.Get("name") & ","
Next
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
This video discusses moving either the default database or any database to a new volume.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now