lotharpenguin
asked on
Is there a way to dump group members in a Universal Group
I am looking to get all the members of a universal group. The current script below prompts for a group name and dumps members, but on Universal groups it ignores members outside of my domain and does not list them.
I would like to be able to dump all members of the group regardless of domain.
Can anyone offer a script that does so? Thanks!
I would like to be able to dump all members of the group regardless of domain.
Can anyone offer a script that does so? Thanks!
Option Explicit
Dim Group, count
Dim GroupName
Dim GroupDomain
Dim Member
Dim txt
Dim oFileSys, strCurrDir, strDefaultNamingContext, oRoot, objUser
Set oFileSys = WScript.CreateObject("Scripting.FileSystemObject")
strCurrDir = oFileSys.GetAbsolutePathName(".")
' ******************************************
' Edit This for your Environment!
' ******************************************
GroupDomain = "domain.com"
' ******************************************
' Find our default naming context...
Set oRoot = GetObject("LDAP://rootDSE")
strDefaultNamingContext = oRoot.get("defaultNamingContext")
Set oRoot = Nothing
GroupName = InputBox ("Group Name to list Members: ", "Enter Group Name")
If GroupName = "" Then
MsgBox("Must enter a group name!")
WScript.quit(1)
End If
Set oFileSys = CreateObject ("Scripting.FileSystemObject")
Set txt = oFileSys.OpenTextFile (strCurrDir & "\" & GroupName & " members.txt", 8, True)
Set Group = GetObject("WinNT://" & GroupDomain & "/" & GroupName & ",group")
count = 0
For Each Member in Group.Members
WScript.Echo "Finding Username " & Member.Name
On Error Resume next
Err.Clear()
Set objUser = GetObject(getLdapUN(Member.Name))
If Err<>0 Then
WScript.Echo "Error getting information for: " & Member.Name
txt.WriteLine Member.Name & vbtab & "Error - No Rights" & vbtab & "Error - No Rights"
Else
WScript.Echo "Description: " & objUser.description
WScript.Echo "Office: " & objUser.physicalDeliveryOfficeName
txt.WriteLine Member.Name & vbtab & objUser.description & vbtab & objUser.physicalDeliveryOfficeName
End if
count = count + 1
Next
WScript.Echo vbcrlf
WScript.Echo "A total of " & count & " accounts are members of the " & GroupName & " group."
WScript.Echo vbcrlf
WScript.Echo "Text file " & strCurrDir & "\" & GroupName & " members.txt" & " contains the list of users in this group."
' *************************************************
' Functions and Subroutines
' *************************************************
Function getLdapUN(strUN)
Dim oConnect, Command, strLdapQuery, Rs
getLdapUN = False
Set oConnect = CreateObject("ADODB.Connection")
Set Command = CreateObject("ADODB.Command")
'--- search for object in AD ---
strldapquery = "<LDAP://" & strDefaultNamingContext & ">;" & _
"(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & _
strUN & "));ADsPath,cn;subtree"
oConnect.Provider = "ADsDSOObject"
oConnect.Open "Active Directory Provider"
Set Command.ActiveConnection = oConnect
Command.CommandText = strldapquery 'strSQL
Set Rs = Command.Execute 'Execute the query
'WScript.Echo "Records: " & Rs.RecordCount
If Rs.RecordCount > 0 Then
getLdapUN = rs("AdsPath")
End If
Set oConnect = Nothing
Set Command = Nothing
End Function
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
OMG..How did I miss that. Time to try this in the morning.
ASKER
DSquery was certainly the right answer.
ASKER
I'll add that dsquery was in fact what I needed to use but here is the full command to get the info form a specific group and not just all groups.
dsquery * "DC=domain,DC=com" -limit 0 -scope subtree -filter "(&(objectCategory=group)(groupType=-2147483640))" | dsget group "CN=groupname,OU=ouname,DC=domain,DC=com" -members > members.txt
ASKER