[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

How do I get the member of the users from the active directory group.

Posted on 2010-08-22
11
Medium Priority
?
667 Views
Last Modified: 2012-05-10
Hi Experts,

I need to get the name of the members from the active directory group. In our active directory we have got lots of group and lots of members. I need to find out which users is in which group.

Is there a way to find out in a table format. Please help me . Our AD has lots of OU as well. Powershell guru please help me.
0
Comment
Question by:koala-london
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
  • 2
  • +4
11 Comments
 
LVL 17

Accepted Solution

by:
Steve earned 600 total points
ID: 33498495
0
 
LVL 17

Assisted Solution

by:Steve
Steve earned 600 total points
ID: 33498497
0
 
LVL 39

Assisted Solution

by:Krzysztof Pytko
Krzysztof Pytko earned 300 total points
ID: 33498529
Run this command from command-line on a server or workstation with Administrative Tools installed

dsquery group -name verw_is | dsget group -members -expand |dsget user -fn -ln -samid -email -desc >c:\members.txt

and import it to Excel sheet.

0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 
LVL 4

Assisted Solution

by:Bart-Vandyck
Bart-Vandyck earned 300 total points
ID: 33498553


In powershell it is prettey to list all members of group. Feed it a list with group names and export it to a csv, xml file,...


$group = [ADSI]"LDAP://CN=<groupname>,OU=<OU-Name>,DC=<domain>,DC=<domain>"
$group.member

Open in new window

0
 

Author Comment

by:koala-london
ID: 33498766
Hi iSiek

I got error "target object for this command is missing". we have lots of DC in our domain. I am abit new to powershell and script. could you provide me a complete command please?
0
 
LVL 2

Assisted Solution

by:johnnytanki
johnnytanki earned 300 total points
ID: 33498792
1. Save the below as EnumGroup.vbs.
2. Run cscript //nologo EnumGroup.vbs "cn=Sales,ou=West,dc=MyDomain,dc=com" > Sales.txt where "cn=Sales,ou=West,dc=MyDomain,dc=com"  is your desired group


Option Explicit

Dim objGroup, strDN, objMemberList
Dim adoConnection, adoCommand, objRootDSE, strDNSDomain

' Dictionary object to track group membership.
Set objMemberList = CreateObject("Scripting.Dictionary")
objMemberList.CompareMode = vbTextCompare

' Check for required argument.
If (Wscript.Arguments.Count < 1) Then
    Wscript.Echo "Required argument  " _
        & "of group missing."
    Wscript.Echo "For example:" & vbCrLf _
        & "cscript //nologo EnumGroup.vbs " _
        & """cn=Test Group,ou=Sales,dc=MyDomain,dc=com"""
    Wscript.Quit(0)
End If

' Bind to the group object with the LDAP provider.
strDN = Wscript.Arguments(0)
On Error Resume Next
Set objGroup = GetObject("LDAP://" & strDN)
If (Err.Number <> 0) Then
    On Error GoTo 0
    Wscript.Echo "Group not found" & vbCrLf & strDN
    Wscript.Quit(1)
End If
On Error GoTo 0

' Retrieve DNS domain name from RootDSE.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")

' Setup ADO.
Set adoConnection = CreateObject("ADODB.Connection")
Set adoCommand = CreateObject("ADODB.Command")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

' Enumerate group membership.
Wscript.Echo "Members of group " & objGroup.sAMAccountName
Call EnumGroup(objGroup, "  ")

' Clean Up.
adoConnection.Close
Set objGroup = Nothing
Set objRootDSE = Nothing
Set adoCommand = Nothing
Set adoConnection = Nothing

Sub EnumGroup(ByVal objADGroup, ByVal strOffset)
    ' Recursive subroutine to enumerate group membership.
    ' objMemberList is a dictionary object with global scope.
    ' objADGroup is a group object bound with the LDAP provider.
    ' This subroutine outputs a list of group members, one member
    ' per line. Nested group members are included. Users are also
    ' included if their primary group is objADGroup. objMemberList
    ' prevents an infinite loop if nested groups are circular.

    Dim strFilter, strAttributes, adoRecordset, intGroupToken
    Dim objMember, strQuery, strNTName

    ' Retrieve "primaryGroupToken" of group.
    objADGroup.GetInfoEx Array("primaryGroupToken"), 0
    intGroupToken = objADGroup.Get("primaryGroupToken")

    ' Use ADO to search for users whose "primaryGroupID" matches the
    ' group "primaryGroupToken".
    strFilter = "(primaryGroupID=" & intGroupToken & ")"
    strAttributes = "sAMAccountName"
    strQuery = ";" & strFilter & ";" _
        & strAttributes & ";subtree"
    adoCommand.CommandText = strQuery
    Set adoRecordset = adoCommand.Execute
    Do Until adoRecordset.EOF
        strNTName = adoRecordset.Fields("sAMAccountName").Value
        If (objMemberList.Exists(strNTName) = False) Then
            objMemberList.Add strNTName, True
            Wscript.Echo strOffset & strNTName & " (Primary)"
        Else
            Wscript.Echo strOffset & strNTName & " (Primary, Duplicate)"
        End If
        adoRecordset.MoveNext
    Loop
    adoRecordset.Close

    For Each objMember In objADGroup.Members
        If (objMemberList.Exists(objMember.sAMAccountName) = False) Then
            objMemberList.Add objMember.sAMAccountName, True
            If (UCase(Left(objMember.objectCategory, 8)) = "CN=GROUP") Then
                Wscript.Echo strOffset & objMember.sAMAccountName & " (Group)"
                Call EnumGroup(objMember, strOffset & "  ")
            Else
                Wscript.Echo strOffset & objMember.sAMAccountName
            End If
        Else
            Wscript.Echo strOffset & objMember.sAMAccountName & " (Duplicate)"
        End If
    Next
    Set objMember = Nothing
    Set adoRecordset = Nothing
End Sub

0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 33498808
I'm sorry, I didn't remove my group name from command :)
Replace Verw_IS group name please by your own group name which you want to examine :]
0
 
LVL 42

Expert Comment

by:Meir Rivkin
ID: 33499017
change $grouName to your required AD group name.
$grouName = "GUI"
$objSearcher = New-Object System.DirectoryServices.DirectorySearcher
$objSearcher.Filter = "(&(objectCategory=group) (name=$grouName))"
$distName = $objSearcher.FindOne().GetDirectoryEntry().distinguishedName
$ADGroup = [ADSI]"LDAP://$distName"
write-host $ADGroup.member

Open in new window

0
 

Author Comment

by:koala-london
ID: 33499566
Thanks Guys. I'm gonna try it and let you know
0
 
LVL 71

Expert Comment

by:Chris Dent
ID: 33519045

What do you actually want to see in the output?

There are a number of methods to get information about group members. These are in addition to the approach sedgwick has used.

Chris
# Quest CmdLets
Get-QADGroupMember "Your Group"

# Exchange CmdLets (mail enabled groups only)
Get-DistributionGroupMember "Your Group"

# AD CmdLets
Get-ADGroupMember "Your Group"

Open in new window

0
 

Author Closing Comment

by:koala-london
ID: 33678680
all thanks
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
Let's recap what we learned from yesterday's Skyport Systems webinar.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question