VBScript to check Active directory OU for users in multiple groups

Posted on 2010-01-07
Last Modified: 2012-05-08
I need to check an OU to make sure the users are not in multiple groups and return users and groups if they are and do nothing if all is well.
Question by:Frog_1337
    LVL 57

    Expert Comment

    by:Mike Kline
    another way is to use adfind or powershell, I wrote a blog entry on how to find users that are not in certain groups.   Just take away the not (!) symbol to find out if they are in the groups
    I'll let the VBScript guys handle that part...not by strong point.
    LVL 70

    Expert Comment

    by:Chris Dent

    They're only supposed to be in one group? Does that include the Primary Group?


    Author Comment

    I am assuming so yes...would it be possible to give me two options?
    LVL 14

    Accepted Solution

    I've just knocked up a quick VBScript that will search for all users with a specified OU, and will then list all users who are a member of more than one group, and will also list the groups.

    The objUser.memberOf will not detect the Users Primary group, however, this shouldn't be too much of an issue for you, as the primary group should be "Domain Users" for all of your users.

    strDomain = "YourDomain.Local"
    strOUPath = "'LDAP://OU=Users,OU=SomeOU,DC=YourDomain,DC=local'"
    Set objConnection = CreateObject("ADODB.Connection")
    Set objCommand =   CreateObject("ADODB.Command")
    objConnection.Provider = "ADsDSOObject"
    objConnection.Open "Active Directory Provider"
    Set objCOmmand.ActiveConnection = objConnection
    objCommand.CommandText = "SELECT distinguishedName FROM " & strOUPath & " WHERE objectCategory='user'"  
    objCommand.Properties("Page Size") = 1000
    objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
    Set objRecordSet = objCommand.Execute
    Do Until objRecordSet.EOF
    	Dim GroupArray()
    	ReDim GroupArray(100)
    	StrGroupCount = 0
    	strUser = objRecordSet.Fields("distinguishedName")
    	Set objUser = GetObject("LDAP://" & strUser)
    	StrUserName = objUser.CN
    	ArrMemberOf = objUser.memberOf
    	On Error Resume Next
    	For Each StrGroup in ArrMemberOf
    		GroupArray(StrGroupCount) = StrGroup
    		StrGroupCount = StrGroupCount + 1
    	ReDim Preserve GroupArray(StrGroupCount)
    	If StrGroupCount > 1 Then
    		WScript.Echo "User:",strUserName,"is in",strGroupCount,"groups"
    		For Each strListedGroup in GroupArray
    			WScript.Echo strListedGroup
    		WScript.Echo vbcr
    	End If

    Open in new window


    Author Closing Comment

    Excellent scripting

    Featured Post

    Enabling OSINT in Activity Based Intelligence

    Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

    Join & Write a Comment

    [b]Ok so now I will show you how to add a user name to the description at login. [/b] First connect to your DC (Domain Controller / Active Directory Server) SET PERMISSIONS FOR SCRIPT TO UPDATE COMPUTER DESCRIPTION TO USERNAME 1. Open Active …
    Mapping Drives using Group policy preferences Are you still using old scripts to map your network drives if so this article will show you how to get away for old scripts and move toward Group Policy Preference for mapping them. First things f…
    This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
    This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

    754 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now