• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 619
  • Last Modified:

VBScript to check Active directory OU for users in multiple groups

I need to check an OU to make sure the users are not in multiple groups and return users and groups if they are and do nothing if all is well.
0
Frog_1337
Asked:
Frog_1337
1 Solution
 
Mike KlineCommented:
another way is to use adfind or powershell, I wrote a blog entry on how to find users that are not in certain groups.   Just take away the not (!) symbol to find out if they are in the groups
http://adisfun.blogspot.com/2009/06/find-users-who-are-not-in-specific.html
I'll let the VBScript guys handle that part...not by strong point.
Thanks
Mike
0
 
Chris DentPowerShell DeveloperCommented:

They're only supposed to be in one group? Does that include the Primary Group?

Chris
0
 
Frog_1337Author Commented:
I am assuming so yes...would it be possible to give me two options?
0
 
Psy053Commented:
I've just knocked up a quick VBScript that will search for all users with a specified OU, and will then list all users who are a member of more than one group, and will also list the groups.

The objUser.memberOf will not detect the Users Primary group, however, this shouldn't be too much of an issue for you, as the primary group should be "Domain Users" for all of your users.

Const ADS_SCOPE_SUBTREE = 2
strDomain = "YourDomain.Local"
strOUPath = "'LDAP://OU=Users,OU=SomeOU,DC=YourDomain,DC=local'"

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection

objCommand.CommandText = "SELECT distinguishedName FROM " & strOUPath & " WHERE objectCategory='user'"  

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 

Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst

Do Until objRecordSet.EOF
	Dim GroupArray()
	ReDim GroupArray(100)
		
	StrGroupCount = 0
	strUser = objRecordSet.Fields("distinguishedName")
	Set objUser = GetObject("LDAP://" & strUser)
	StrUserName = objUser.CN
	ArrMemberOf = objUser.memberOf

	Err.Clear
	On Error Resume Next

	For Each StrGroup in ArrMemberOf
		GroupArray(StrGroupCount) = StrGroup
		StrGroupCount = StrGroupCount + 1
	Next
	
	ReDim Preserve GroupArray(StrGroupCount)

	If StrGroupCount > 1 Then
		WScript.Echo "User:",strUserName,"is in",strGroupCount,"groups"
		For Each strListedGroup in GroupArray
			WScript.Echo strListedGroup
		Next
		WScript.Echo vbcr
	End If
	
objRecordSet.MoveNext

Loop

Open in new window

0
 
Frog_1337Author Commented:
Excellent scripting
0

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now