Solved

Vbscript to enum groups and group memebrs from a specific OU not from Root of  AD

Posted on 2011-02-11
6
522 Views
Last Modified: 2012-06-27
I have run the script from solution:
http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_24978862.html

It works great for just Distribution groups. The problem I have is that some of the groups we use for distributiol groups are Security groups. I have organized them in a ou in ad the Dn is:
OU=Groups - Distribution,DC=azle,DC=esc11,DC=net

I need to run this script to look at both dist groups and security groups.. Please Help!! thanks..
Set oRootDSE = GetObject("LDAP://RootDSE")
Set objConn = CreateObject("ADODB.Connection")
Set objComm =   CreateObject("ADODB.Command")
objConn.Provider = "ADsDSOObject"
objConn.Open "Active Directory Provider"
Set objComm.ActiveConnection = objConn
objComm.Properties("Page Size") = 1000
 
strBase   =  "<LDAP://" & oRootDSE.get("defaultNamingContext") & ">;"
strFilter = "(sAMAccountType=268435457);" 
strAttrs  = "distinguishedName,memberof,sAMAccountName;"
strScope  = "subtree"
 
objComm.CommandText = strBase & strFilter & strAttrs & strScope
Set objRS = objComm.Execute
 
objRS.MoveFirst
Do Until objRS.EOF
	Set objGroup = GetObject("LDAP://" & Replace(objRS.Fields("distinguishedName").Value,"/","\/"))
	WScript.Echo objGroup.cn & "," & memberString(objGroup)
 
	
	objRS.MoveNext
Loop
 
Set oRootDSE = Nothing
Set objConn = Nothing
Set objComm = Nothing
Set objUser = Nothing
 
 
Function memberString(objGroup)
	If Not IsEmpty(objgroup.member) Then
		For Each memberDN In objGroup.GetEx("member")
			Set objMember = GetObject("LDAP://" & memberDN)
			out = out & objmember.cn & "; "
		Next
	End If
	If Right(out,2) = "; " Then out = Left(out,Len(out)-2)
	memberString = out
End Function

Open in new window

0
Comment
Question by:AzleISD
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 4

Assisted Solution

by:IceCode
IceCode earned 500 total points
ID: 34872930
Change line 10 to: strFilter = "(&(objectCategory=group));"
0
 

Author Comment

by:AzleISD
ID: 34872995
awesome now I just need to get it to run just in the ou not the entire AD...
0
 
LVL 4

Expert Comment

by:IceCode
ID: 34873002
oh sorry, give me a few minutes.
0
Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

 

Author Comment

by:AzleISD
ID: 34873014
not a problem Thanks for the quick response!!
0
 
LVL 4

Accepted Solution

by:
IceCode earned 500 total points
ID: 34873051
I think it's just line 9 should be: strBase   =  "<LDAP://OU=Groups - distribution," & oRootDSE.get("defaultNamingContext") & ">;"
0
 

Author Closing Comment

by:AzleISD
ID: 34873640
That is is thanks for your help!
0

Featured Post

Salesforce Made Easy to Use

On-screen guidance at the moment of need enables you & your employees to focus on the core, you can now boost your adoption rates swiftly and simply with one easy tool.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Last week, our Skyport webinar on “How to secure your Active Directory” (https://www.experts-exchange.com/videos/5810/Webinar-Is-Your-Active-Directory-as-Secure-as-You-Think.html?cid=Gene_Skyport) provided 218 attendees with a step-by-step guide for…
Recently, Microsoft released a best-practice guide for securing Active Directory. It's a whopping 300+ pages long. Those of us tasked with securing our company’s databases and systems would, ideally, have time to devote to learning the ins and outs…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question