?
Solved

I need to use dsquery to pull the ID's from a bunch of groups

Posted on 2009-02-20
11
Medium Priority
?
519 Views
Last Modified: 2012-05-06
I have a few groups that i need to pull of the ID and dump it to a excel file. I know dsquery can do this, but I just can not get the syntax write. Could someone help?
0
Comment
Question by:rdefino
  • 4
  • 3
  • 2
  • +1
11 Comments
 
LVL 57

Expert Comment

by:Mike Kline
ID: 23695014
What do you mean ID?   Do you just need the group names?
Thanks
Mike
0
 

Author Comment

by:rdefino
ID: 23695026
I need to be able to pull of the users ID's (accounts) from a group and dump it to an excel file.
0
 
LVL 7

Expert Comment

by:crokeefe28
ID: 23695070
dsquery user -samid * -limit 2000 >c:\test.xls

you can replace the samid with any number of listings (RDN, DN, or samid)
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 57

Expert Comment

by:Mike Kline
ID: 23695087
you can use dsget
dsget group "group DN" -members
I personally prefer adfind by MVP Joe Richards
http://www.joeware.net/freetools/tools/adfind/index.htm
He has a nifty shortcut for groups
adfind -sc g:"group name" member
Thanks
Mike
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 23695092
dsquery group -name *yourgroupnamehere* | dsget group -mem
bers | dsget user -samid
0
 
LVL 7

Expert Comment

by:crokeefe28
ID: 23695103
Don't know if this will help by I use it to pull group membership and dump into an HTML file.  copy the code to a text file and give it a vbs extension
Option Explicit 
 
Dim objConnection, objCommand, objRootDSE, strDNSDomain, strQuery 
Dim objRecordSet, strDN, objGroup 
Dim FileSystem, oFile 
' Open Text File for Output 
Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject") 
Set oFile = FileSystem.CreateTextFile("GroupMemebrshipNew.html", True) 
 
oFile.writeLine "<HTML><HEAD><TITLE>Group Membership for MyDomain.com</TITLE><HEAD><BODY>" 
oFile.writeLine "<h4><TABLE width=100% border=0 padding=0 cellspacing=0 valign=top>" 
 
 
' Use ADO to search Active Directory. 
Set objConnection = CreateObject("ADODB.Connection") 
Set objCommand = CreateObject("ADODB.Command") 
objConnection.Provider = "ADsDSOObject" 
objConnection.Open "Active Directory Provider" 
Set objCommand.ActiveConnection = objConnection 
 
' Determine the DNS domain from the RootDSE object. 
Set objRootDSE = GetObject("LDAP://RootDSE") 
strDNSDomain = objRootDSE.Get("defaultNamingContext") 
 
' Search for all groups, return the Distinguished Name of each. 
strQuery = "<LDAP://" & strDNSDomain _ 
& ">;(objectClass=group);distinguishedName;subtree" 
objCommand.CommandText = strQuery 
objCommand.Properties("Page Size") = 100 
objCommand.Properties("Timeout") = 30 
objCommand.Properties("Cache Results") = False 
 
Set objRecordSet = objCommand.Execute 
If objRecordSet.EOF Then 
Wscript.Echo "No groups found" 
objConnection.Close 
Set objRootDSE = Nothing 
Set objConnection = Nothing 
Set objCommand = Nothing 
Set objRecordSet = Nothing 
Wscript.Quit 
End If 
 
' Enumerate all groups, bind to each, and document group members. 
Do Until objRecordSet.EOF 
strDN = objRecordSet.Fields("distinguishedName") 
Set objGroup = GetObject("LDAP://" & strDN) 
 
' OUTPUT 
oFile.writeLine "<TR>" 
oFile.writeLine "<TD width=20% valign=top bgcolor=black><font color=white><strong><u>" & "Group Name:" &_ 
"</u></strong></font></TD><TD width=80% valign=top><strong>" &_ 
objGroup.SAMaccountName & "</strong></TD>" 
oFile.writeLine "</TR><TR>" 
oFile.writeLine "<TD valign=top bgcolor=black><font color=white><strong><u>" & "Distinguished Name:" &_ 
"</u></strong></font></TD><TD valign=top><strong>" &_ 
objGroup.distinguishedName & "</strong></TD>" 
oFile.writeLine "</TR><TR>" 
oFile.writeLine "<TD valign=top bgcolor=black><font color=white><strong><u>" & "Description:" &_ 
"</u></strong></font></TD><TD valign=top><strong>" &_ 
objGroup.description & "</strong></TD>" 
oFile.writeLine "</TR><TR>" 
oFile.writeLine "<TD valign=top bgcolor=black><font color=white><strong><u>" & "Type:" & "</u></strong></font></TD><TD valign=top><strong>" & GetType(objGroup.groupType) & "</strong></TD>" 
oFile.writeLine "</TR>" 
 
oFile.writeLine "<TR><TD valign=top bgcolor=black><font color=white><strong><u>Members:</font></TD><TD align=left valign=top>" 
oFile.writeLine "<TABLE width=70% border=0 cellspacing=0 cellpadding=0>" 
oFile.writeLine "<Tr>" 
oFile.writeLine " <TD valign=top><strong><u> Name </u></strong></TD>" 
oFile.writeLine " <TD valign=top><strong><u> Account </u></strong></TD>" 
oFile.writeLine " <TD valign=top><strong><u> Type </u></strong></TD>" 
oFile.writeLine "</Tr>" 
Call GetMembers(objGroup) 
oFile.writeLine "</TABLE>" 
 
oFile.writeLine "</TD></TR>" 
 
oFile.writeLine "<TR><TD COLSPAN=2><hr width=90%></TD></TR>" 
 
 
objRecordSet.MoveNext 
 
Loop 
oFile.writeLine "</TABLE></BODY></HTML>" 
 
msgBox "Done !!!" 
 
' Clean up. 
objConnection.Close 
Set objRootDSE = Nothing 
Set objGroup = Nothing 
Set objConnection = Nothing 
Set objCommand = Nothing 
Set objRecordSet = Nothing 
 
Function GetType(intType) 
' Function to determine group type from the GroupType attribute. 
If (intType And &h01) <> 0 Then 
GetType = "Built-in" 
ElseIf (intType And &h02) <> 0 Then 
GetType = "Global" 
ElseIf (intType And &h04) <> 0 Then 
GetType = "Local" 
ElseIf (intType And &h08) <> 0 Then 
GetType = "Universal" 
End If 
If (intType And &h80000000) <> 0 Then 
GetType = GetType & "/Security" 
Else 
GetType = GetType & "/Distribution" 
End If 
End Function 
 
Sub GetMembers(objADObject) 
' Subroutine to document group membership. 
' Members can be users or groups. 
Dim objMember, strType 
For Each objMember In objADObject.Members 
If UCase(Left(objMember.objectCategory, 8)) = "CN=GROUP" Then 
strType = "Group" 
Else 
strType = "User" 
End If 
 
' OUTPUT 
 
oFile.writeLine "<TR>" 
oFile.writeLine "<TD valign=top>" & objMember.displayName & _ 
"</TD><TD valign=top>" & objMember.SAMaccountName & _ 
"</TD><TD valign=top>" & strType & "</TD>" 
oFile.writeLine "</TR>" 
' Wscript.Echo " Member: " & objMember.sAMAccountName & " (" & strType & ")" 
Next 
Set objMember = Nothing 
End Sub

Open in new window

0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 23695114
ps: the group name can be a partial name....

For example...I have a group called "MO Customer Care"....

The following would work....
dsquery group -name *MO Cust* | dsget group -mem
bers | dsget user -samid > C:\membersofcustomercare.csv
0
 
LVL 25

Accepted Solution

by:
Ron Malmstead earned 1000 total points
ID: 23695129

dsquery group -name *MO Cust* | dsget group -members | dsget user -samid > C:\membersofcustomercare.csv
excel C:\membersofcustomercare.csv

Open in new window

0
 
LVL 57

Expert Comment

by:Mike Kline
ID: 23695175
Just want to add to my adfind comment above.  What I wrote will spit out the DN of the members which may or may not be what you want
The latest version of adfind lets you write a command where you can spit out any attributes you want
 For example to list members of domain admins with their samaccountname firstname and last name in CSV format use:
 
adfind -default -f name="domain admins" member -list | adfind -s base samaccountname  givenname sn -nodn -csv
Thanks
Mike
0
 

Author Comment

by:rdefino
ID: 23695204
when running this syntax the excel file is empty:

 dsquery group -name *MO Cust* | dsget group -members | dsget user -samid > C:\membersofcustomercare.csv

I did enter in my group name.

if i remove the "C:\membersofcustomercare.csv" portion, it does get the account id's.
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 23696283
It won't show the output, it just writes it to the file.

the "> C:\membersofcustomercare.csv"...sends it to the file, which you can open with excel.


0

Featured Post

Creating Active Directory Users from a Text File

If your organization has a need to mass-create AD user accounts, watch this video to see how its done without the need for scripting or other unnecessary complexities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wouldn't it be nice if objects in Active Directory automatically moved into the correct Organizational Units? This is what AutoAD aims to do and as a plus, it automatically creates Sites, Subnets, and Organizational Units.
It’s time for spooky stories and consuming way too much sugar, including the many treats we’ve whipped for you in the world of tech. Check it out!
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question