Solved

Find all members in a group

Posted on 2007-04-10
21
497 Views
Last Modified: 2010-03-05
Hi,

I need to find all the members in a group.Need to export the contents to a txt file.Like users who are members and their mail ID.

THX
Sharath
0
Comment
Question by:bsharath
21 Comments
 
LVL 30

Expert Comment

by:LauraEHunterMVP
ID: 18882977
adfind -b cn=GroupA,dc=domain,dc=com -asq member
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18882988
Here's a script that I've recently written that should do just that for you...save as FindMembers.vbs and double-click it to run.


Dim objFSO, objConnection, objCommand, objRecordSet, objGroup, objUser
Dim strOutput, ts, strComputer
Dim rootDSE, sADSPath, colGroups
 
Const ADS_SCOPE_SUBTREE = 2
 
Set objFSO=CreateObject("Scripting.FileSystemObject")
strOutput= "C:\LocalGroupMembers.log"
set ts = objFSO.CreateTextFile(strOutput)
 
Set rootDSE = GetObject("LDAP://rootDSE")
sADSPath = rootDSE.Get("defaultNamingContext")
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.CommandText = "Select Name, canonicalName FROM 'LDAP://" & sADSPath & "' " & "WHERE objectClass='computer' ORDER BY Name"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 300
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
 
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
  strComputer = objRecordSet.Fields("Name").Value
  ts.WriteLine "=================" & "Querying " & strComputer & "================="
  ts.WriteLine
  Set colGroups = GetObject("WinNT://" & strComputer & "")
  colGroups.Filter = Array("group")
  For Each objGroup In colGroups
    ts.WriteLine objGroup.Name & " contains the following members:"
    ts.WriteLine "----------------------------------------------------"
    For Each objUser in objGroup.Members
        ts.WriteLine objUser.Name
    Next
    ts.WriteLine "----------------------------------------------------"
  Next
   objRecordSet.MoveNext
Loop
 
ts.Close
wscript.echo "Complete"
 
Set objFSO=Nothing
Set ts = Nothing
Set rootDSE = Nothing
Set objConnection = Nothing
Set objCommand =   Nothing
Set objRecordSet = Nothing
Set colGroups = Nothing
wscript.quit
 
0
 
LVL 11

Author Comment

by:bsharath
ID: 18883020
sirbounty:

Should i make any changes in this script
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18883103
If you have root access, it's not necessary, but looking over this again, it's designed to pull group membership of all devices in the domain...doesn't look like that's what you wanted (I misread)...use this version instead - no need to change anything, unless you want the output file placed elsewhere (currently c:\GroupMembers.log)

'FindMembers.vbs
Const ADS_SCOPE_SUBTREE = 2

Dim objConnection, objCommand, objRecordSet, objGroup, objUser
Dim strOutput, ts, strComputer
Dim rootDSE, sADSPath, colGroups
 
Dim objFSO: Set objFSO = CreateObject("Scripting.FileSystemObject")
strOutput = "C:\GroupMembers.log"  'change to reflect your output...
 
Set rootDSE = GetObject("LDAP://rootDSE")
sADSPath = rootDSE.Get("defaultNamingContext")
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 300
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
 
Set ts = objFSO.CreateTextFile(strOutput)

objCommand.CommandText = "Select Name, adSPath FROM 'LDAP://" & sADSPath & "' " & "WHERE objectClass='group'"
Set objRecordSet = objCommand.Execute
 
objRecordSet.MoveFirst
 
Do Until objRecordSet.EOF
      strGroup = objRecordSet.Fields("Name").Value
      ts.WriteLine "Members of " & strGroup
      Set objGroup = GetObject(objRecordSet.Fields("adspath").Value)
        If objGroup.Members.Count > 0 Then
          For Each strUser In objGroup.Member
            Set objUser = GetObject("LDAP://" & strUser)
            ts.WriteLine vbTab & objUser.givenName & " " & objUser.sn
          Next
        End If
        objRecordSet.MoveNext
        ts.WriteLine
    Loop
 ts.Close
Wscript.Echo "Complete"
 
Set objFSO = Nothing
Set ts = Nothing
Set rootDSE = Nothing
Set objConnection = Nothing
Set objCommand = Nothing
Set objRecordSet = Nothing
Set colGroups = Nothing
Wscript.quit
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 18883318
Hello bsharath,

This is what I use

-=-=-=-=-=-=-=-=-=-=-=-=-=-  Code Below  -=-=-=-=-=-=-=-=-=-=-=-=-=-  

Dim myNetwork
Set myNetwork = CreateObject("Wscript.Network")

strDomain = myNetwork.UserDomain

Set objDomain = getobject("WinNT://" & strDomain) 'Grab the domain object
objDomain.filter = Array("Group") 'Filter for just computers.

Dim myFSO
Set myFSO = CreateObject("Scripting.FileSystemObject")
Set myFile = myFSO.CreateTextFile("GroupMembership.txt",1)

myOutput = ""

For each objGroup in objDomain
    myOutput = myOutput & objGroup.Name & vbcrlf
   For Each objUser in objGroup.Members
'          myOutput = myOutput & vbtab & objUser.Name & vbcrlf
         If right(objUser.name,1) <> "$" Then
              myOutput = myOutput & vbtab & objUser.Name & vbcrlf
         End if
   Next
Next

WScript.Echo myOutput
myfile.writeline myOutput

-=-=-=-=-=-=-=-=-=-=-=-=-=-  End Code  -=-=-=-=-=-=-=-=-=-=-=-=-=-  

Then open GroupMembership.txt file and it should have everything you need.  

Regards,

PeteLong
0
 
LVL 11

Author Comment

by:bsharath
ID: 18883514
sirbounty:

I get this error.

---------------------------
Windows Script Host
---------------------------
Script:   C:\file.vbs
Line:      34
Char:     11
Error:     Object not a collection
Code:    800A01C3
Source:                 Microsoft VBScript runtime error

---------------------------
OK  
---------------------------
0
 
LVL 11

Author Comment

by:bsharath
ID: 18883555
PeteLong:

I get this error

---------------------------
Windows Script Host
---------------------------
Script:      C:\ab.vbs
Line:      11
Char:      1
Error:      Permission denied
Code:      800A0046
Source:       Microsoft VBScript runtime error

---------------------------
OK  
---------------------------
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18883570
Change this Do loop...

 
Do Until objRecordSet.EOF
      strGroup = objRecordSet.Fields("Name").Value
      ts.WriteLine "Members of " & strGroup
      Set objGroup = GetObject(objRecordSet.Fields("adspath").Value)
      If IsArray(objGroup.Member) Then
        If objGroup.Members.Count > 0 Then
          For Each strUser In objGroup.Member
            Set objUser = GetObject("LDAP://" & strUser)
            ts.WriteLine vbTab & objUser.givenName & " " & objUser.sn
          Next
        End If
      End If
      objRecordSet.MoveNext
      ts.WriteLine
    Loop
 ts.Close
Wscript.Echo "Complete"
0
 
LVL 11

Author Comment

by:bsharath
ID: 18887007
sirbounty:

I get this error.

C:\>cscript file.vbs
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.

C:\file.vbs(36, 13) (null): There is no such object on the server.
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18887021
Hmm - I'm not at work now, but try
For Each strUser In objGroup.Members
(with an 's' on the end of Members)
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 11

Author Comment

by:bsharath
ID: 18887033
PeteLong:

Your script got me the data but not the email id's.Can you modify this script to retrieve the mail id's

Regards
Sharath
0
 
LVL 11

Author Comment

by:bsharath
ID: 18887053
sirbounty:
I get this error.

C:\file.vbs(36, 13) Microsoft VBScript runtime error: Wrong number of arguments
or invalid property assignment
0
 
LVL 11

Author Comment

by:bsharath
ID: 18890075
Any help
0
 
LVL 67

Accepted Solution

by:
sirbounty earned 500 total points
ID: 18890273
Try this version - remember to adjust the group name below (it appears, after re-reading this, you only want 'one' group?)

'FindMembers.vbs
On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2
strGroup = "MktAdmins"  'adjust to the group name here...

Dim objConnection, objCommand, objRecordSet, objGroup, objUser
Dim strOutput, ts, strComputer
Dim rootDSE, sADSPath, colGroups
 
Dim objFSO: Set objFSO = CreateObject("Scripting.FileSystemObject")
strOutput = "C:\GroupMembers.log"  'change to reflect your output...

Set rootDSE = GetObject("LDAP://rootDSE")
sADSPath = rootDSE.Get("defaultNamingContext")
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 300
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
 
Set ts = objFSO.CreateTextFile(strOutput)

objCommand.CommandText = "Select Name, adSPath FROM 'LDAP://" & sADSPath & "' " & "WHERE objectClass='group' And Name='" & strGroup & "'"
Set objRecordSet = objCommand.Execute
 
objRecordSet.MoveFirst
 
Do Until objRecordSet.EOF
      strGroup = objRecordSet.Fields("Name").Value
      ts.WriteLine "Members of " & strGroup
      Set objGroup = GetObject(objRecordSet.Fields("adspath").Value)
      If objGroup.Members.Count > 0 Then
        For Each strUser In objGroup.Member
          Set objUser = GetObject("LDAP://" & strUser)
          ts.WriteLine vbTab & objUser.givenName & " " & objUser.sn & " (" & objUser.mail & ")"
        Next
        Set objGroup = Nothing
      End If
      objRecordSet.MoveNext
      ts.WriteLine
    Loop
 ts.Close
Wscript.Echo "Complete"
 
Set objFSO = Nothing
Set ts = Nothing
Set rootDSE = Nothing
Set objConnection = Nothing
Set objCommand = Nothing
Set objRecordSet = Nothing
Set colGroups = Nothing
Wscript.quit

0
 
LVL 11

Author Comment

by:bsharath
ID: 18890396
Thanks a lot this worked.Great help.


I have many groups in another domain controller.Is it possible to get the group details from that domain controller.

0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18895388
"Is it possible to get the group details from that domain controller."
Not sure what you mean by this?
0
 
LVL 11

Author Comment

by:bsharath
ID: 18895414
We create all groups on our main domain controller.I am not sure on the architecture to explain

will this script search any group in the ADS
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18895428
Oh, yes - this searches from the 'root'...
So if your root domain is
house.com
it'll start the search from there and go down...
kitchen.house.com
bedroom.house.com
closet.bedroom.house.com
etc...

To specify only a certain domain, replace this line:
sADSPath = rootDSE.Get("defaultNamingContext")

with
sADSPath = "DC=Development,DC=Company,DC=Com"

Case doesn't matter so much, but it needs to be in that format...
0
 
LVL 11

Author Comment

by:bsharath
ID: 18895496
I tried but did not work.

I have 1 main domain in which i have 3 child domain i need to get data from the main domain.Can you check.
0
 
LVL 67

Expert Comment

by:sirbounty
ID: 18895502
With that same script?
How'd you lay out the sadspath?
Any errors - or just no results?
0
 
LVL 11

Author Comment

by:bsharath
ID: 18895519
Yes the same script.
I change it as "DC=main,DC=Company,DC=Com"
No results
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now