Solved

Find all members in a group

Posted on 2007-04-10
21
509 Views
Last Modified: 2010-03-05
Hi,

I need to find all the members in a group.Need to export the contents to a txt file.Like users who are members and their mail ID.

THX
Sharath
0
Comment
Question by:bsharath
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
21 Comments
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 18882977
adfind -b cn=GroupA,dc=domain,dc=com -asq member
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18882988
Here's a script that I've recently written that should do just that for you...save as FindMembers.vbs and double-click it to run.


Dim objFSO, objConnection, objCommand, objRecordSet, objGroup, objUser
Dim strOutput, ts, strComputer
Dim rootDSE, sADSPath, colGroups
 
Const ADS_SCOPE_SUBTREE = 2
 
Set objFSO=CreateObject("Scripting.FileSystemObject")
strOutput= "C:\LocalGroupMembers.log"
set ts = objFSO.CreateTextFile(strOutput)
 
Set rootDSE = GetObject("LDAP://rootDSE")
sADSPath = rootDSE.Get("defaultNamingContext")
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.CommandText = "Select Name, canonicalName FROM 'LDAP://" & sADSPath & "' " & "WHERE objectClass='computer' ORDER BY Name"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 300
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
 
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
  strComputer = objRecordSet.Fields("Name").Value
  ts.WriteLine "=================" & "Querying " & strComputer & "================="
  ts.WriteLine
  Set colGroups = GetObject("WinNT://" & strComputer & "")
  colGroups.Filter = Array("group")
  For Each objGroup In colGroups
    ts.WriteLine objGroup.Name & " contains the following members:"
    ts.WriteLine "----------------------------------------------------"
    For Each objUser in objGroup.Members
        ts.WriteLine objUser.Name
    Next
    ts.WriteLine "----------------------------------------------------"
  Next
   objRecordSet.MoveNext
Loop
 
ts.Close
wscript.echo "Complete"
 
Set objFSO=Nothing
Set ts = Nothing
Set rootDSE = Nothing
Set objConnection = Nothing
Set objCommand =   Nothing
Set objRecordSet = Nothing
Set colGroups = Nothing
wscript.quit
 
0
 
LVL 11

Author Comment

by:bsharath
ID: 18883020
sirbounty:

Should i make any changes in this script
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 67

Expert Comment

by:sirbounty
ID: 18883103
If you have root access, it's not necessary, but looking over this again, it's designed to pull group membership of all devices in the domain...doesn't look like that's what you wanted (I misread)...use this version instead - no need to change anything, unless you want the output file placed elsewhere (currently c:\GroupMembers.log)

'FindMembers.vbs
Const ADS_SCOPE_SUBTREE = 2

Dim objConnection, objCommand, objRecordSet, objGroup, objUser
Dim strOutput, ts, strComputer
Dim rootDSE, sADSPath, colGroups
 
Dim objFSO: Set objFSO = CreateObject("Scripting.FileSystemObject")
strOutput = "C:\GroupMembers.log"  'change to reflect your output...
 
Set rootDSE = GetObject("LDAP://rootDSE")
sADSPath = rootDSE.Get("defaultNamingContext")
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 300
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
 
Set ts = objFSO.CreateTextFile(strOutput)

objCommand.CommandText = "Select Name, adSPath FROM 'LDAP://" & sADSPath & "' " & "WHERE objectClass='group'"
Set objRecordSet = objCommand.Execute
 
objRecordSet.MoveFirst
 
Do Until objRecordSet.EOF
      strGroup = objRecordSet.Fields("Name").Value
      ts.WriteLine "Members of " & strGroup
      Set objGroup = GetObject(objRecordSet.Fields("adspath").Value)
        If objGroup.Members.Count > 0 Then
          For Each strUser In objGroup.Member
            Set objUser = GetObject("LDAP://" & strUser)
            ts.WriteLine vbTab & objUser.givenName & " " & objUser.sn
          Next
        End If
        objRecordSet.MoveNext
        ts.WriteLine
    Loop
 ts.Close
Wscript.Echo "Complete"
 
Set objFSO = Nothing
Set ts = Nothing
Set rootDSE = Nothing
Set objConnection = Nothing
Set objCommand = Nothing
Set objRecordSet = Nothing
Set colGroups = Nothing
Wscript.quit
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 18883318
Hello bsharath,

This is what I use

-=-=-=-=-=-=-=-=-=-=-=-=-=-  Code Below  -=-=-=-=-=-=-=-=-=-=-=-=-=-  

Dim myNetwork
Set myNetwork = CreateObject("Wscript.Network")

strDomain = myNetwork.UserDomain

Set objDomain = getobject("WinNT://" & strDomain) 'Grab the domain object
objDomain.filter = Array("Group") 'Filter for just computers.

Dim myFSO
Set myFSO = CreateObject("Scripting.FileSystemObject")
Set myFile = myFSO.CreateTextFile("GroupMembership.txt",1)

myOutput = ""

For each objGroup in objDomain
    myOutput = myOutput & objGroup.Name & vbcrlf
   For Each objUser in objGroup.Members
'          myOutput = myOutput & vbtab & objUser.Name & vbcrlf
         If right(objUser.name,1) <> "$" Then
              myOutput = myOutput & vbtab & objUser.Name & vbcrlf
         End if
   Next
Next

WScript.Echo myOutput
myfile.writeline myOutput

-=-=-=-=-=-=-=-=-=-=-=-=-=-  End Code  -=-=-=-=-=-=-=-=-=-=-=-=-=-  

Then open GroupMembership.txt file and it should have everything you need.  

Regards,

PeteLong
0
 
LVL 11

Author Comment

by:bsharath
ID: 18883514
sirbounty:

I get this error.

---------------------------
Windows Script Host
---------------------------
Script:   C:\file.vbs
Line:      34
Char:     11
Error:     Object not a collection
Code:    800A01C3
Source:                 Microsoft VBScript runtime error

---------------------------
OK  
---------------------------
0
 
LVL 11

Author Comment

by:bsharath
ID: 18883555
PeteLong:

I get this error

---------------------------
Windows Script Host
---------------------------
Script:      C:\ab.vbs
Line:      11
Char:      1
Error:      Permission denied
Code:      800A0046
Source:       Microsoft VBScript runtime error

---------------------------
OK  
---------------------------
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18883570
Change this Do loop...

 
Do Until objRecordSet.EOF
      strGroup = objRecordSet.Fields("Name").Value
      ts.WriteLine "Members of " & strGroup
      Set objGroup = GetObject(objRecordSet.Fields("adspath").Value)
      If IsArray(objGroup.Member) Then
        If objGroup.Members.Count > 0 Then
          For Each strUser In objGroup.Member
            Set objUser = GetObject("LDAP://" & strUser)
            ts.WriteLine vbTab & objUser.givenName & " " & objUser.sn
          Next
        End If
      End If
      objRecordSet.MoveNext
      ts.WriteLine
    Loop
 ts.Close
Wscript.Echo "Complete"
0
 
LVL 11

Author Comment

by:bsharath
ID: 18887007
sirbounty:

I get this error.

C:\>cscript file.vbs
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

C:\file.vbs(36, 13) (null): There is no such object on the server.
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18887021
Hmm - I'm not at work now, but try
For Each strUser In objGroup.Members
(with an 's' on the end of Members)
0
 
LVL 11

Author Comment

by:bsharath
ID: 18887033
PeteLong:

Your script got me the data but not the email id's.Can you modify this script to retrieve the mail id's

Regards
Sharath
0
 
LVL 11

Author Comment

by:bsharath
ID: 18887053
sirbounty:
I get this error.

C:\file.vbs(36, 13) Microsoft VBScript runtime error: Wrong number of arguments
or invalid property assignment
0
 
LVL 11

Author Comment

by:bsharath
ID: 18890075
Any help
0
 
LVL 67

Accepted Solution

by:
sirbounty earned 500 total points
ID: 18890273
Try this version - remember to adjust the group name below (it appears, after re-reading this, you only want 'one' group?)

'FindMembers.vbs
On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2
strGroup = "MktAdmins"  'adjust to the group name here...

Dim objConnection, objCommand, objRecordSet, objGroup, objUser
Dim strOutput, ts, strComputer
Dim rootDSE, sADSPath, colGroups
 
Dim objFSO: Set objFSO = CreateObject("Scripting.FileSystemObject")
strOutput = "C:\GroupMembers.log"  'change to reflect your output...

Set rootDSE = GetObject("LDAP://rootDSE")
sADSPath = rootDSE.Get("defaultNamingContext")
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 300
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
 
Set ts = objFSO.CreateTextFile(strOutput)

objCommand.CommandText = "Select Name, adSPath FROM 'LDAP://" & sADSPath & "' " & "WHERE objectClass='group' And Name='" & strGroup & "'"
Set objRecordSet = objCommand.Execute
 
objRecordSet.MoveFirst
 
Do Until objRecordSet.EOF
      strGroup = objRecordSet.Fields("Name").Value
      ts.WriteLine "Members of " & strGroup
      Set objGroup = GetObject(objRecordSet.Fields("adspath").Value)
      If objGroup.Members.Count > 0 Then
        For Each strUser In objGroup.Member
          Set objUser = GetObject("LDAP://" & strUser)
          ts.WriteLine vbTab & objUser.givenName & " " & objUser.sn & " (" & objUser.mail & ")"
        Next
        Set objGroup = Nothing
      End If
      objRecordSet.MoveNext
      ts.WriteLine
    Loop
 ts.Close
Wscript.Echo "Complete"
 
Set objFSO = Nothing
Set ts = Nothing
Set rootDSE = Nothing
Set objConnection = Nothing
Set objCommand = Nothing
Set objRecordSet = Nothing
Set colGroups = Nothing
Wscript.quit

0
 
LVL 11

Author Comment

by:bsharath
ID: 18890396
Thanks a lot this worked.Great help.


I have many groups in another domain controller.Is it possible to get the group details from that domain controller.

0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18895388
"Is it possible to get the group details from that domain controller."
Not sure what you mean by this?
0
 
LVL 11

Author Comment

by:bsharath
ID: 18895414
We create all groups on our main domain controller.I am not sure on the architecture to explain

will this script search any group in the ADS
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18895428
Oh, yes - this searches from the 'root'...
So if your root domain is
house.com
it'll start the search from there and go down...
kitchen.house.com
bedroom.house.com
closet.bedroom.house.com
etc...

To specify only a certain domain, replace this line:
sADSPath = rootDSE.Get("defaultNamingContext")

with
sADSPath = "DC=Development,DC=Company,DC=Com"

Case doesn't matter so much, but it needs to be in that format...
0
 
LVL 11

Author Comment

by:bsharath
ID: 18895496
I tried but did not work.

I have 1 main domain in which i have 3 child domain i need to get data from the main domain.Can you check.
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18895502
With that same script?
How'd you lay out the sadspath?
Any errors - or just no results?
0
 
LVL 11

Author Comment

by:bsharath
ID: 18895519
Yes the same script.
I change it as "DC=main,DC=Company,DC=Com"
No results
0

Featured Post

What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question