We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Course Of The Month
5 days, 20 hours left to enrollBecome a Premium Member and unlock a new, free course in leading technologies each month.
Solved
Script that can query all Security groups in a OU and get me the user names and the shares he is in.
Posted on 2008-09-30
Hi,
Script that can query all Security groups in a OU and get me the user names and the shares he is in.
Like if an user is in 5 groups that are in that particular OU. then
Username
Group1
Group2
Group3
Group4
Group5
So i know how many shared folders a user has access to.
Need to do this for all groups in one OU. In some cases there are Nested groups in that security group. In that case pull the nested group users also.
Regards
Sharath
Script that can query all Security groups in a OU and get me the user names and the shares he is in.
Like if an user is in 5 groups that are in that particular OU. then
Username
Group1
Group2
Group3
Group4
Group5
So i know how many shared folders a user has access to.
Need to do this for all groups in one OU. In some cases there are Nested groups in that security group. In that case pull the nested group users also.
Regards
Sharath
[X]
Welcome to Experts Exchange
Add your voice to the tech community where 5M+ people just like you are talking about what matters.
- Help others & share knowledge
- Earn cash & points
- Learn & ask questions
-
13
-
5
4
22 Comments
Not sure this is possible the way you've asked it.
You can enumerate the security groups, and perhaps the folks attached to it, but locating all shares that user has access to is probably not possible...
You can enumerate the security groups, and perhaps the folks attached to it, but locating all shares that user has access to is probably not possible...
Ok then is it possible like
Query all groups in the OU in ADS and find each user and match him in all other groups.
So the results would be as
User Name
Group Name1
Group Name2
Group Name3
So finally i will know which all groups a user is in a particular OU.
Query all groups in the OU in ADS and find each user and match him in all other groups.
So the results would be as
User Name
Group Name1
Group Name2
Group Name3
So finally i will know which all groups a user is in a particular OU.
Sorry for the delay here Sharath. I'm not quite certain that I fully understand what you're looking for.
What do you mean by query all groups in the OU and find him in all other groups?
Should be able to list the user and all groups he/she is a member of - is that what you're asking for?
What do you mean by query all groups in the OU and find him in all other groups?
Should be able to list the user and all groups he/she is a member of - is that what you're asking for?
Sirbounty.
Sharath can be a member of 5 groups. So i want the details like this. I want this to be queried in just 1 particulat ADS OU.
So i get the output as this
Sharath
Group1
Group2
Group3
Group4
Group5
This will help me find out whcih user is a member of what groups. As all these groups in the OU are only used for our file server shares reason. So i know which user has which folder access...
Sharath can be a member of 5 groups. So i want the details like this. I want this to be queried in just 1 particulat ADS OU.
So i get the output as this
Sharath
Group1
Group2
Group3
Group4
Group5
This will help me find out whcih user is a member of what groups. As all these groups in the OU are only used for our file server shares reason. So i know which user has which folder access...
I guess I'm having difficulty understanding why you're limiting it to OU.
Why not print out all the groups that the user belongs to?
Or even print out the groups and then list all the users in that group?
Why not print out all the groups that the user belongs to?
Or even print out the groups and then list all the users in that group?
A user can be a member of 10 + groups and a group will have 100+ members.
As one OU i have 100 + Security groups that has 100's of users in each.
All the Groups in this OU are only related to my File servers. Now when i need to know which user has access to which share i can use this script to get a users and group names. So this would help me find the folders they have access.
The shares in the file server names are identical to the group names.
Say i have a share name as
HR Files
then i have groups as
HR Files-SGW
HR Files-SGR
SGW = Security group Write
SGR = Security group Read.
So if i get the names i can remove the SGW & SGR and then the users and folder names are ready...
Hope this makes sense...
As one OU i have 100 + Security groups that has 100's of users in each.
All the Groups in this OU are only related to my File servers. Now when i need to know which user has access to which share i can use this script to get a users and group names. So this would help me find the folders they have access.
The shares in the file server names are identical to the group names.
Say i have a share name as
HR Files
then i have groups as
HR Files-SGW
HR Files-SGR
SGW = Security group Write
SGR = Security group Read.
So if i get the names i can remove the SGW & SGR and then the users and folder names are ready...
Hope this makes sense...
OK. This is going to take a little effort to do.
So let me rephrase what I think you want. You want to get all groups and nested groups under a particular OU which ends with -SGW and -SGR. With all the user members consolidate all their memberships. Do you want the keep the NestedGroup relationship in some way?
Output example 1:
User1
Group1
Group2
NestedGroup1
NestedGroup2
Group3
Output example 2:
User1
Group1
Group2;NestedGroup1;Nested
Group3
So let me rephrase what I think you want. You want to get all groups and nested groups under a particular OU which ends with -SGW and -SGR. With all the user members consolidate all their memberships. Do you want the keep the NestedGroup relationship in some way?
Output example 1:
User1
Group1
Group2
NestedGroup1
NestedGroup2
Group3
Output example 2:
User1
Group1
Group2;NestedGroup1;Nested
Group3
Any group that's in the OU has to be scanned.
Ok for example "Sharath" is a member of 5 groups in the OU.
So the script has to scan all groups in the OU and get the results as this.
Sharath
Group1
Group2
Nestedgroup1 Group3
Groups4
So at the end i know all the folders where these groups are used and there members.As the folder name and the group name match.
Ok for example "Sharath" is a member of 5 groups in the OU.
So the script has to scan all groups in the OU and get the results as this.
Sharath
Group1
Group2
Nestedgroup1 Group3
Groups4
So at the end i know all the folders where these groups are used and there members.As the folder name and the group name match.
OK. So in your example with names it could be this. Where Domain Admins is nested into Manager Files-SGW?
Sharath
IT Files-SGW
Sales Files-SGR
Domain Admins Manager Files-SGW
Shared Files-SGW
Sharath
IT Files-SGW
Sales Files-SGR
Domain Admins Manager Files-SGW
Shared Files-SGW
OK. Is this how you want it to work. The output is not correct yet.
Gets all groups under an OU with -SGW or -SGR and list group members + list nested group members
I will need to consolidate the data and output it sorted by user if this is what you want.
Gets all groups under an OU with -SGW or -SGR and list group members + list nested group members
I will need to consolidate the data and output it sorted by user if this is what you want.
Const E_ADS_PROPERTY_NOT_FOUND = &H8000500D
On Error Resume Next
Set objOU = GetObject _
("LDAP://ou=groups,dc=domain,dc=com")
objOU.Filter = Array("Group")
For Each objOUGroup In objOU
If UCase(Right(objOUGroup.cn, 4)) = "-SGW" Or UCase(Right(objOUGroup.cn, 4)) = "-SGR" Then
wscript.echo objOUGroup.cn
arrMembers = objOUGroup.GetEx("member")
If Err.Number <> E_ADS_PROPERTY_NOT_FOUND Then
For Each strmember In arrMembers
wscript.echo vbTab & strmember
Call NestedGroup(strmember, 2)
Next
Else
wscript.echo vbTab & "No Members"
Err.Clear
End If
End If
Next
Sub NestedGroup(Group, NumTabs)
On Error Resume Next
Set objGroup = GetObject _
("LDAP://" & Group)
objGroup.GetInfo
If LCase(objGroup.Class) = "group" Then
PrintTabs = ""
For I = 1 To NumTabs
PrintTabs = PrintTabs + vbTab
Next
arrGroupMembers = objGroup.GetEx("member")
If Err.Number <> E_ADS_PROPERTY_NOT_FOUND Then
For Each strmember In arrGroupMembers
wscript.echo PrintTabs & strmember
Call NestedGroup(strmember, NumTabs + 1)
Next
End If
End If
End Sub
Try this. I was adjusting the output.
This formatting is a little different than your other post.
Change the OU to search from.
OUToSearch = "cn=user,dc=domain,dc=com"
This formatting is a little different than your other post.
Change the OU to search from.
OUToSearch = "cn=user,dc=domain,dc=com"
Const E_ADS_PROPERTY_NOT_FOUND = &H8000500D
Const ForWriting = 2
CSVFile = "C:\OUGroupMembership.csv"
OUToSearch = "cn=user,dc=domain,dc=com"
On Error Resume Next
Set objDict = CreateObject("Scripting.Dictionary")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objCSVFile = objFSO.OpenTextFile(CSVFile, ForWriting, True)
Set objOU = GetObject _
("LDAP://" & OUToSearch)
objOU.Filter = Array("Group")
For Each objOUGroup In objOU
If UCase(Right(objOUGroup.cn, 4)) = "-SGW" Or UCase(Right(objOUGroup.cn, 4)) = "-SGR" Then
wscript.echo objOUGroup.cn
arrMembers = objOUGroup.GetEx("member")
If Err.Number <> E_ADS_PROPERTY_NOT_FOUND Then
For Each strmember In arrMembers
wscript.echo vbTab & strmember
Call NestedGroup(strmember, Chr(34) & objOUGroup.cn & Chr(34))
Next
Else
wscript.echo vbTab & "No Members"
Err.Clear
End If
End If
Next
For Each User In objDict.Keys
arrMultipleGroups = split(objDict(User),"#")
objCSVFile.WriteLine Chr(34) & User & Chr(34)
For Each GroupMembership in arrMultipleGroups
objCSVFile.WriteLine GroupMembership
Next
objCSVFile.WriteLine Chr(34) & Chr(34)
objCSVFile.WriteLine Chr(34) & Chr(34)
Next
Set objFSO = Nothing
objCSVFile.Close
wscript.echo
Sub NestedGroup(strGroup, ParentGroup)
On Error Resume Next
Set objGroup = GetObject _
("LDAP://" & strGroup)
objGroup.GetInfo
strGroupName = objGroup.sAMAccountName
If LCase(objGroup.Class) = "group" Then
PGroup = objGroup.cn
arrGroupMembers = objGroup.GetEx("member")
If Err.Number <> E_ADS_PROPERTY_NOT_FOUND Then
For Each strmember In arrGroupMembers
wscript.echo strmember, Chr(34) & PGroup & Chr(34) & "," & ParentGroup
Call NestedGroup(strmember, Chr(34) & PGroup & Chr(34) & "," & ParentGroup)
Next
End If
ELSE
If objDict.Exists(strGroupName) Then
objDict.Item(strGroupName) = ParentGroup & "#" & objDict.Item(strGroupName)
Else
objDict.Add strGroupName, ParentGroup
End If
End If
End Sub
Featured Post
We value your feedback.
Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!
Question has a verified solution.
If you are experiencing a similar issue, please ask a related question
If like me you are one who spends a lot of time working and scripting with cmd.exe, sometimes it is handy to be able to quickly view a calendar for a given month and year. This script will quickly do just that!  Save the code posted below to a .bat …
Over the years I have built up my own little library of code snippets that I refer to when programming or writing a script. Many of these have come from the web or adaptations from snippets I find on the Web. Periodically I add to them when I come…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…
- Shell Scripting
- Programming Languages-Other
- Scripting Languages
- Programming
- Notepad
- *AutoHotkey, *Scripts
Suggested Courses
Course of the Month5 days, 20 hours left to enroll
705 members asked questions and received personalized solutions in the past 7 days.
Join the community of 500,000 technology professionals and ask your questions.