I need Active Directory Group Member Report

I need a free utility or dos based script that will report all of my active directory groups in the entire domain including their members.

I have found some things online, but where I am running into trouble is with nested groups.  I need it to handle nested groups.
LVL 3
lpenrodAsked:
Who is Participating?
 
oBdACommented:
Not quite, sorry.
This will only list the first 100 groups if there are more than a hundred, and it will create a list with multiple entries of user names without any association to the groups they're in.
This should do the trick (can't test it at the moment, though). It currently logs into one large file, separating the groups with 10 dashes, followed by the group DN.
If you'd like it better, this can be changed to create one file named like the group for each group, instead of the large single file.

@echo off
setlocal
:: *** Path and name to the file with the group membership:
set LogFile=GroupMembership.txt
for /f "delims=" %%a in ('dsquery group -limit 0') do call :process %%a
goto :eof
:process
set GroupDN=%~1
echo ---------- %GroupDN% Begin ----------
dsget group "%GroupDN%" -members -expand
echo ---------- %GroupDN% End ----------
goto :eof
0
 
Netman66Commented:
The Support Tools should do the job.

dsquery group | dsget group -members  >> c:\groupmembership.txt

0
 
carolinatechsolutionsCommented:
I cannot get the "GroupMembership.txt" file to appear.  (yes, I know it's a year old!)

I have attempted to include a full path and searched (it should be in the working directory) and it is not created.
0
 
oBdACommented:
Currently, it's only generating output to the console; you can redirect the output to a text file by adding
>SomeReport.txt
after the command:
ListGroupMembership.cmd >SomeReport.txt
Or use the one below:
@echo off
setlocal
:: *** Path and name to the file with the group membership:
set LogFile=GroupMembership.txt
if exist "%LogFile%" del "%LogFile%"
for /f "delims=" %%a in ('dsquery group -limit 0') do call :process %%a
goto :eof
:process
set GroupDN=%~1
echo Processing %GroupDN%
>>"%LogFile%" echo ---------- %GroupDN% Begin ----------
>>"%LogFile%" dsget group "%GroupDN%" -members -expand
>>"%LogFile%" echo ---------- %GroupDN% End ----------
goto :eof

Open in new window

0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.