Solved

a way/script to pull names from a query-based distribution group

Posted on 2008-10-24
7
1,376 Views
Last Modified: 2012-05-05
I am being tasked to find a way to pull names from a query-based distribution group for another department so they can manually verify who is actually in the groups to make sure they belong in them. Is there a script that someone has used before that can provide this information? I've been searching high and low for any sort of answer and have found nothing other than it isn't possible.
0
Comment
Question by:Medassurant
  • 4
  • 3
7 Comments
 
LVL 70

Expert Comment

by:Chris Dent
ID: 22802387

Yes, but you'd just be executing the query and parsing the results. Query based distribution groups have no membership except a point in time membership when a query is executed to expand membership.

If you just want to execute the query you'll need to let us know the server of Exchange. The method for 2003 differs from 2007.

Chris
0
 
LVL 2

Author Comment

by:Medassurant
ID: 22811827
Sorry. I didn't think about that. it's Exchange 2003.
0
 
LVL 2

Author Comment

by:Medassurant
ID: 22811852
Actually, if I could get it for both that would be great. We are in the process of converting from 2003 to 2007 so having the 2007 version for the future would  be awesome.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 22811932

You have quite a few methods available to you here. You could use AD Users and Computers Custom query, but that might be a bit hard work if you need to do this a lot.

We can also use DSQuery to get information like this, but it's not as flexible as would perhaps be nice. Then there's PowerShell which I love, but will need you to download things.

So... this example is VbScript (save as .vbs).

You need to fill in the value for "strFilter", this should contain the string used to filter the group. Do you need a base for the search other than the domain root (it fills that in for you at the moment, defaultNamingContext)?

It will return all fields listed in strFields (they must be entered as a comma delimited list).

The file returned by the script is Tab Delimited but should open up in Excel moderately neatly.

Chris

strFilter = "(sAMAccountName=*dentc)"
strFields = "distinguishedName,name,department"
 
Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objFile = objFileSystem.OpenTextFile("groupmembers.txt", 2, True, 0)
 
objFile.WriteLine Replace(strFields, ",", VbTab)
 
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
 
Set objRootDSE = GetObject("LDAP://RootDSE")
Set objRecordSet = objConnection.Execute( _
  "<LDAP://" & objRootDSE.Get("defaultNamingContext") & ">;" & _
  strFilter & ";" & strFields & ";subtree")
Set objRootDSE = Nothing
 
Dim arrLine()
 
While Not objRecordSet.EOF
  arrFields = Split(strFields, ",")
 
  ReDim arrLine(0)
  For i = 0 to UBound(arrFields)
    ReDim Preserve arrLine(i) : arrLine(i) = ""
    On Error Resume Next
    arrLine(i) = objRecordSet.Fields(arrFields(i)).Value
    On Error Goto 0
  Next
 
  objFile.WriteLine Join(arrLine, VbTab)
 
  objRecordSet.MoveNext
WEnd

Open in new window

0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 500 total points
ID: 22812016

For Exchange 2007 it's nice and easy :) It's done from the Exchange Management Shell, you'd just need to fill in the group name, this one  exports the data returned to a CSV file.

Chris

$Group = Get-DynamicDistributionGroup "YourGroup"
$Recipients = Get-Recipient -RecipientPreviewFilter $Group.RecipientFilter
$Recipients | Export-CSV -Path "members.csv"

Open in new window

0
 
LVL 2

Author Closing Comment

by:Medassurant
ID: 31509825
I'm not sure that the question was fully understood. After getting these answers,(and nto understanding much myself), I showed it to our Senior SysAdmin just to take a look because to me, it looked like it was only doing a search on job title and giving out the results where what I needed was essentially to query a query I guess. To actually find a way to view the "Preview" in a query based distribution group. Which by other forums and such I've seen, just isn't possible.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 22842686

The server itself only expands the lists at a point in time, only when it is required to do so to actually send to the recipients.

That means we don't have a static data set we can query. Instead our only option is to execute the query used by the list against AD. That's what the scripts above do, the Exchange 2007 version is must more elegant (or at least shorter) but technically isn't different in approach.

The Preview button works in exactly the same way. It ignores the group itself, and simply executes the query against AD, returning the results to the form or page to display them.

Looking at the VbScript above again, we have these fields at the top:

strFilter = "(sAMAccountName=*dentc)"
strFields = "distinguishedName,name,department"

Fields is just what the search returns, we can add as many as we want in there, it doesn't alter the search in any way, but if the results are being handed to someone else to verify it can include enough to make verification easy.

Filter on the other hand should be the LDAP filter used in the Query for the dynamic list. Running the script should return us exactly the same results as using the Preview button.

We could potentially extend the script so that it reads the query directly from the group rather than having it set by us. That wouldn't be very hard to sort out.

Chris
0

Featured Post

Is Your AD Toolbox Looking More Like a Toybox?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html) provided 218 attendees with a step-by-step guide for identifying Acti…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question