Script to get AD Users from a specific OU and the group memberships

I need a Script to get AD Users from a specific OU and the security groups they are in.  This will need to be exported to a flat file to be placed in a sql table.

I have been unsuccessful to get a script that will do this.  
mtpokketsAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

top_rungCommented:
Wouldn't exporting the list from AD Users and Computer work for you?  It will dump all the objects in a TXT file.  

Select the OU and click on the icon on the toolbar that look like a paper with a grey arrow on it.
0
mtpokketsAuthor Commented:
This will need to be done automatically in a scheduled task to run daily for a report.
0
top_rungCommented:
I haven't done this, but I did find this article....

http://technet.microsoft.com/en-us/library/bb727091.aspx


"Using VBScript to Export All Objects in the Marketing OU
In this example, you use a text editor such as Notepad to create a VBScript program. The script searches the Marketing OU and creates a text file that lists all of the user objects and a subset of their attributes.

To create the export script

Copy the following text into your text editor:

'Global variables
 Dim oContainer
 Dim OutPutFile
 Dim FileSystem
 'Initialize global variables
 Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject")
 Set OutPutFile = FileSystem.CreateTextFile("marketing.txt", True)
 SetoContainer=GetObject("LDAP://OU=marketing,DC=reskit,DC=com")
 'Enumerate Container
 EnumerateUsers oContainer
 'Clean up
 OutPutFile.Close
 Set FileSystem = Nothing
 Set oContainer = Nothing
 WScript.Echo "Finished"
 WScript.Quit(0)
 Sub EnumerateUsers(oCont)
 Dim oUser
 For Each oUser In oCont
 Select Case LCase(oUser.Class)
 Case "user"
 If Not IsEmpty(oUser.distinguishedName) Then
 OutPutFile.WriteLine "dn: " & oUser.distinguishedName
 End If
 If Not IsEmpty(oUser.name) Then
 OutPutFile.WriteLine "name: " & oUser.Get ("name")
 End If
 'need to do this because oUser.name would get back the Relative
 Distinguished name (i.e. CN=Jo Brown)
 If Not IsEmpty(oUser.st) Then
 OutPutFile.WriteLine "st: " & oUser.st
 End If
 If Not IsEmpty(oUser.streetAddress) Then
 OutPutFile.WriteLine "streetAddress: " & oUser.streetAddress
 End If
 Case "organizationalunit" , "container"
 EnumerateUsers oUser
 End Select
 OutPutFile.WriteLine
 Next
 End Sub
Save the file as Export.vbs.

At the command prompt type export.vbs and press Enter. This creates a file named Marketing.txt, which contains a list of users and some of their attributes, such as distinguished name, name, state, and street address.

With appropriate modification, this script can be used with any application that supports COM and Visual Basic technologies. Such applications include Microsoft Visual Basic, Microsoft Excel, and Microsoft Access. Scripting can also be hosted by Internet Explorer and Internet Information Services 5.0, which is part of Windows 2000 Server."


0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Farhan KaziSystems EngineerCommented:
Can you plz post the sample format in which this list to be exported?
0
mtpokketsAuthor Commented:
top_rung, we're getting closer - while the example you gave me almost worked (with a few modifications), it did not give me the "memberOf" and this is where I seem to be hitting a road block.  This is not coming up as an attribute.  Of all the scripts I found, I can get all of their attributes but not their group membership.  I found one script that is giving me a total dump of everything but I need only the users in a specific OU (like Marketing).

farhankasi, the format needs to be in a text file - possibly csv.  Our SQL DBAs will handle that part but I have to schedule a task that will give them this information daily.
0
top_rungCommented:
I was able to determine that you must be a member of one of the following to be able to read/return the MemberOf value.

" Account Operators
" Print Operators
" Server Operators
" Backup Operators
" Administrators

Does that help at all?

0
mtpokketsAuthor Commented:
I am an administrator in the test lab where I am testing these scripts and am an Account Operator in Production.  The script you provided above did work but it didn't give me quite what I need, it didn't give me the groups that each user has (aka memberOf).
0
binarykukiCommented:
Here you go

On Error Resume Next
 
Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D
 
Set objOU = GetObject _
    ("LDAP://cn=Users,dc=NA,dc=fabrikam,dc=com")
  
ObjOU.Filter= Array("user")
 
For Each objUser in objOU
    WScript.Echo objUser.cn & " is a member of: " 
    WScript.Echo vbTab & "Primary Group ID: " & _
        objUser.Get("primaryGroupID")
  
    arrMemberOf = objUser.GetEx("memberOf")
  
    If Err.Number <>  E_ADS_PROPERTY_NOT_FOUND Then
        For Each Group in arrMemberOf
            WScript.Echo vbTab & Group
        Next
    Else
        WScript.Echo vbTab & "memberOf attribute is not set"
        Err.Clear
    End If
    Wscript.Echo 
Next
	

Open in new window

0
mtpokketsAuthor Commented:
Hi Binarykuku, that is the script that I first started with 2 days ago but I couldn't get it to read the specific OU (until now) so I'm getting closer.  

Now I need this one to output the file to a text file (like the one above did from top_rung.
0
binarykukiCommented:
Change the file to what ever.
On Error Resume Next
 
Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile("c:\OUUserlist.txt", ForAppending, True)
 
Set objOU = GetObject _
    ("LDAP://cn=Users,dc=NA,dc=fabrikam,dc=com")
  
ObjOU.Filter= Array("user")
 
For Each objUser in objOU
    ObjTextFile.writeline objUser.cn & " is a member of: " 
    ObjTextFile.writeline  vbTab & "Primary Group ID: " & _
        objUser.Get("primaryGroupID")
  
    arrMemberOf = objUser.GetEx("memberOf")
  
    If Err.Number <>  E_ADS_PROPERTY_NOT_FOUND Then
        For Each Group in arrMemberOf
            ObjTextFile.writeline  vbTab & Group
        Next
    Else
        ObjTextFile.writeline  vbTab & "memberOf attribute is not set"
        Err.Clear
    End If
    ObjTextFile.writeline  
Next
 
ObjTextFile.close

Open in new window

0
mtpokketsAuthor Commented:
I was hopeful but I didn't get a file - I didn't get an error either though.  
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Active Directory

From novice to tech pro — start learning today.