Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


a way/script to pull names from a query-based distribution group

Posted on 2008-10-24
Medium Priority
Last Modified: 2012-05-05
I am being tasked to find a way to pull names from a query-based distribution group for another department so they can manually verify who is actually in the groups to make sure they belong in them. Is there a script that someone has used before that can provide this information? I've been searching high and low for any sort of answer and have found nothing other than it isn't possible.
Question by:Medassurant
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 71

Expert Comment

by:Chris Dent
ID: 22802387

Yes, but you'd just be executing the query and parsing the results. Query based distribution groups have no membership except a point in time membership when a query is executed to expand membership.

If you just want to execute the query you'll need to let us know the server of Exchange. The method for 2003 differs from 2007.


Author Comment

ID: 22811827
Sorry. I didn't think about that. it's Exchange 2003.

Author Comment

ID: 22811852
Actually, if I could get it for both that would be great. We are in the process of converting from 2003 to 2007 so having the 2007 version for the future would  be awesome.
Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

LVL 71

Accepted Solution

Chris Dent earned 1500 total points
ID: 22811932

You have quite a few methods available to you here. You could use AD Users and Computers Custom query, but that might be a bit hard work if you need to do this a lot.

We can also use DSQuery to get information like this, but it's not as flexible as would perhaps be nice. Then there's PowerShell which I love, but will need you to download things.

So... this example is VbScript (save as .vbs).

You need to fill in the value for "strFilter", this should contain the string used to filter the group. Do you need a base for the search other than the domain root (it fills that in for you at the moment, defaultNamingContext)?

It will return all fields listed in strFields (they must be entered as a comma delimited list).

The file returned by the script is Tab Delimited but should open up in Excel moderately neatly.


strFilter = "(sAMAccountName=*dentc)"
strFields = "distinguishedName,name,department"
Set objFileSystem = CreateObject("Scripting.FileSystemObject")
Set objFile = objFileSystem.OpenTextFile("groupmembers.txt", 2, True, 0)
objFile.WriteLine Replace(strFields, ",", VbTab)
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objRootDSE = GetObject("LDAP://RootDSE")
Set objRecordSet = objConnection.Execute( _
  "<LDAP://" & objRootDSE.Get("defaultNamingContext") & ">;" & _
  strFilter & ";" & strFields & ";subtree")
Set objRootDSE = Nothing
Dim arrLine()
While Not objRecordSet.EOF
  arrFields = Split(strFields, ",")
  ReDim arrLine(0)
  For i = 0 to UBound(arrFields)
    ReDim Preserve arrLine(i) : arrLine(i) = ""
    On Error Resume Next
    arrLine(i) = objRecordSet.Fields(arrFields(i)).Value
    On Error Goto 0
  objFile.WriteLine Join(arrLine, VbTab)

Open in new window

LVL 71

Assisted Solution

by:Chris Dent
Chris Dent earned 1500 total points
ID: 22812016

For Exchange 2007 it's nice and easy :) It's done from the Exchange Management Shell, you'd just need to fill in the group name, this one  exports the data returned to a CSV file.


$Group = Get-DynamicDistributionGroup "YourGroup"
$Recipients = Get-Recipient -RecipientPreviewFilter $Group.RecipientFilter
$Recipients | Export-CSV -Path "members.csv"

Open in new window


Author Closing Comment

ID: 31509825
I'm not sure that the question was fully understood. After getting these answers,(and nto understanding much myself), I showed it to our Senior SysAdmin just to take a look because to me, it looked like it was only doing a search on job title and giving out the results where what I needed was essentially to query a query I guess. To actually find a way to view the "Preview" in a query based distribution group. Which by other forums and such I've seen, just isn't possible.
LVL 71

Expert Comment

by:Chris Dent
ID: 22842686

The server itself only expands the lists at a point in time, only when it is required to do so to actually send to the recipients.

That means we don't have a static data set we can query. Instead our only option is to execute the query used by the list against AD. That's what the scripts above do, the Exchange 2007 version is must more elegant (or at least shorter) but technically isn't different in approach.

The Preview button works in exactly the same way. It ignores the group itself, and simply executes the query against AD, returning the results to the form or page to display them.

Looking at the VbScript above again, we have these fields at the top:

strFilter = "(sAMAccountName=*dentc)"
strFields = "distinguishedName,name,department"

Fields is just what the search returns, we can add as many as we want in there, it doesn't alter the search in any way, but if the results are being handed to someone else to verify it can include enough to make verification easy.

Filter on the other hand should be the LDAP filter used in the Query for the dynamic list. Running the script should return us exactly the same results as using the Preview button.

We could potentially extend the script so that it reads the query directly from the group rather than having it set by us. That wouldn't be very hard to sort out.


Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question