Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.
One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.
Script that can query all Security groups in a OU and get me the user names and the shares he is in.
Hi,
Script that can query all Security groups in a OU and get me the user names and the shares he is in.
Like if an user is in 5 groups that are in that particular OU. then
Username
Group1
Group2
Group3
Group4
Group5
So i know how many shared folders a user has access to.
Need to do this for all groups in one OU. In some cases there are Nested groups in that security group. In that case pull the nested group users also.
Regards
Sharath
Script that can query all Security groups in a OU and get me the user names and the shares he is in.
Like if an user is in 5 groups that are in that particular OU. then
Username
Group1
Group2
Group3
Group4
Group5
So i know how many shared folders a user has access to.
Need to do this for all groups in one OU. In some cases there are Nested groups in that security group. In that case pull the nested group users also.
Regards
Sharath
Asked:
-
13
-
5
4
1 Solution
Ok then is it possible like
Query all groups in the OU in ADS and find each user and match him in all other groups.
So the results would be as
User Name
Group Name1
Group Name2
Group Name3
So finally i will know which all groups a user is in a particular OU.
Query all groups in the OU in ADS and find each user and match him in all other groups.
So the results would be as
User Name
Group Name1
Group Name2
Group Name3
So finally i will know which all groups a user is in a particular OU.
Sorry for the delay here Sharath. I'm not quite certain that I fully understand what you're looking for.
What do you mean by query all groups in the OU and find him in all other groups?
Should be able to list the user and all groups he/she is a member of - is that what you're asking for?
What do you mean by query all groups in the OU and find him in all other groups?
Should be able to list the user and all groups he/she is a member of - is that what you're asking for?
Sirbounty.
Sharath can be a member of 5 groups. So i want the details like this. I want this to be queried in just 1 particulat ADS OU.
So i get the output as this
Sharath
Group1
Group2
Group3
Group4
Group5
This will help me find out whcih user is a member of what groups. As all these groups in the OU are only used for our file server shares reason. So i know which user has which folder access...
Sharath can be a member of 5 groups. So i want the details like this. I want this to be queried in just 1 particulat ADS OU.
So i get the output as this
Sharath
Group1
Group2
Group3
Group4
Group5
This will help me find out whcih user is a member of what groups. As all these groups in the OU are only used for our file server shares reason. So i know which user has which folder access...
I guess I'm having difficulty understanding why you're limiting it to OU.
Why not print out all the groups that the user belongs to?
Or even print out the groups and then list all the users in that group?
Why not print out all the groups that the user belongs to?
Or even print out the groups and then list all the users in that group?
A user can be a member of 10 + groups and a group will have 100+ members.
As one OU i have 100 + Security groups that has 100's of users in each.
All the Groups in this OU are only related to my File servers. Now when i need to know which user has access to which share i can use this script to get a users and group names. So this would help me find the folders they have access.
The shares in the file server names are identical to the group names.
Say i have a share name as
HR Files
then i have groups as
HR Files-SGW
HR Files-SGR
SGW = Security group Write
SGR = Security group Read.
So if i get the names i can remove the SGW & SGR and then the users and folder names are ready...
Hope this makes sense...
As one OU i have 100 + Security groups that has 100's of users in each.
All the Groups in this OU are only related to my File servers. Now when i need to know which user has access to which share i can use this script to get a users and group names. So this would help me find the folders they have access.
The shares in the file server names are identical to the group names.
Say i have a share name as
HR Files
then i have groups as
HR Files-SGW
HR Files-SGR
SGW = Security group Write
SGR = Security group Read.
So if i get the names i can remove the SGW & SGR and then the users and folder names are ready...
Hope this makes sense...
OK. This is going to take a little effort to do.
So let me rephrase what I think you want. You want to get all groups and nested groups under a particular OU which ends with -SGW and -SGR. With all the user members consolidate all their memberships. Do you want the keep the NestedGroup relationship in some way?
Output example 1:
User1
Group1
Group2
NestedGroup1
NestedGroup2
Group3
Output example 2:
User1
Group1
Group2;NestedGroup1;Nested
Group3
So let me rephrase what I think you want. You want to get all groups and nested groups under a particular OU which ends with -SGW and -SGR. With all the user members consolidate all their memberships. Do you want the keep the NestedGroup relationship in some way?
Output example 1:
User1
Group1
Group2
NestedGroup1
NestedGroup2
Group3
Output example 2:
User1
Group1
Group2;NestedGroup1;Nested
Group3
Any group that's in the OU has to be scanned.
Ok for example "Sharath" is a member of 5 groups in the OU.
So the script has to scan all groups in the OU and get the results as this.
Sharath
Group1
Group2
Nestedgroup1 Group3
Groups4
So at the end i know all the folders where these groups are used and there members.As the folder name and the group name match.
Ok for example "Sharath" is a member of 5 groups in the OU.
So the script has to scan all groups in the OU and get the results as this.
Sharath
Group1
Group2
Nestedgroup1 Group3
Groups4
So at the end i know all the folders where these groups are used and there members.As the folder name and the group name match.
OK. So in your example with names it could be this. Where Domain Admins is nested into Manager Files-SGW?
Sharath
IT Files-SGW
Sales Files-SGR
Domain Admins Manager Files-SGW
Shared Files-SGW
Sharath
IT Files-SGW
Sales Files-SGR
Domain Admins Manager Files-SGW
Shared Files-SGW
OK. Is this how you want it to work. The output is not correct yet.
Gets all groups under an OU with -SGW or -SGR and list group members + list nested group members
I will need to consolidate the data and output it sorted by user if this is what you want.
Gets all groups under an OU with -SGW or -SGR and list group members + list nested group members
I will need to consolidate the data and output it sorted by user if this is what you want.
Const E_ADS_PROPERTY_NOT_FOUND = &H8000500D
On Error Resume Next
Set objOU = GetObject _
("LDAP://ou=groups,dc=domain,dc=com")
objOU.Filter = Array("Group")
For Each objOUGroup In objOU
If UCase(Right(objOUGroup.cn, 4)) = "-SGW" Or UCase(Right(objOUGroup.cn, 4)) = "-SGR" Then
wscript.echo objOUGroup.cn
arrMembers = objOUGroup.GetEx("member")
If Err.Number <> E_ADS_PROPERTY_NOT_FOUND Then
For Each strmember In arrMembers
wscript.echo vbTab & strmember
Call NestedGroup(strmember, 2)
Next
Else
wscript.echo vbTab & "No Members"
Err.Clear
End If
End If
Next
Sub NestedGroup(Group, NumTabs)
On Error Resume Next
Set objGroup = GetObject _
("LDAP://" & Group)
objGroup.GetInfo
If LCase(objGroup.Class) = "group" Then
PrintTabs = ""
For I = 1 To NumTabs
PrintTabs = PrintTabs + vbTab
Next
arrGroupMembers = objGroup.GetEx("member")
If Err.Number <> E_ADS_PROPERTY_NOT_FOUND Then
For Each strmember In arrGroupMembers
wscript.echo PrintTabs & strmember
Call NestedGroup(strmember, NumTabs + 1)
Next
End If
End If
End Sub
Try this. I was adjusting the output.
This formatting is a little different than your other post.
Change the OU to search from.
OUToSearch = "cn=user,dc=domain,dc=com"
This formatting is a little different than your other post.
Change the OU to search from.
OUToSearch = "cn=user,dc=domain,dc=com"
Const E_ADS_PROPERTY_NOT_FOUND = &H8000500D
Const ForWriting = 2
CSVFile = "C:\OUGroupMembership.csv"
OUToSearch = "cn=user,dc=domain,dc=com"
On Error Resume Next
Set objDict = CreateObject("Scripting.Dictionary")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objCSVFile = objFSO.OpenTextFile(CSVFile, ForWriting, True)
Set objOU = GetObject _
("LDAP://" & OUToSearch)
objOU.Filter = Array("Group")
For Each objOUGroup In objOU
If UCase(Right(objOUGroup.cn, 4)) = "-SGW" Or UCase(Right(objOUGroup.cn, 4)) = "-SGR" Then
wscript.echo objOUGroup.cn
arrMembers = objOUGroup.GetEx("member")
If Err.Number <> E_ADS_PROPERTY_NOT_FOUND Then
For Each strmember In arrMembers
wscript.echo vbTab & strmember
Call NestedGroup(strmember, Chr(34) & objOUGroup.cn & Chr(34))
Next
Else
wscript.echo vbTab & "No Members"
Err.Clear
End If
End If
Next
For Each User In objDict.Keys
arrMultipleGroups = split(objDict(User),"#")
objCSVFile.WriteLine Chr(34) & User & Chr(34)
For Each GroupMembership in arrMultipleGroups
objCSVFile.WriteLine GroupMembership
Next
objCSVFile.WriteLine Chr(34) & Chr(34)
objCSVFile.WriteLine Chr(34) & Chr(34)
Next
Set objFSO = Nothing
objCSVFile.Close
wscript.echo
Sub NestedGroup(strGroup, ParentGroup)
On Error Resume Next
Set objGroup = GetObject _
("LDAP://" & strGroup)
objGroup.GetInfo
strGroupName = objGroup.sAMAccountName
If LCase(objGroup.Class) = "group" Then
PGroup = objGroup.cn
arrGroupMembers = objGroup.GetEx("member")
If Err.Number <> E_ADS_PROPERTY_NOT_FOUND Then
For Each strmember In arrGroupMembers
wscript.echo strmember, Chr(34) & PGroup & Chr(34) & "," & ParentGroup
Call NestedGroup(strmember, Chr(34) & PGroup & Chr(34) & "," & ParentGroup)
Next
End If
ELSE
If objDict.Exists(strGroupName) Then
objDict.Item(strGroupName) = ParentGroup & "#" & objDict.Item(strGroupName)
Else
objDict.Add strGroupName, ParentGroup
End If
End If
End Sub
Question has a verified solution.
Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.
Have a better answer? Share it in a comment.
Join & Write a Comment Already a member? Login.
Featured Post
The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!
Tackle projects and never again get stuck behind a technical roadblock.
Join Now
You can enumerate the security groups, and perhaps the folks attached to it, but locating all shares that user has access to is probably not possible...