Solved

Users & Group members of AD Groups

Posted on 2011-02-15
15
888 Views
Last Modified: 2012-05-11
I am trying to find a VBS Script that displays or exports to a text \ excel file the users & groups which are members of an ad group or groups in an OU.

GroupA - List of Users
             Group - List of Users

GroupB - List of Users
             Group - List of Users
0
Comment
Question by:ESSIMANDT
  • 5
  • 5
  • 3
  • +1
15 Comments
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34895166
You can use DS tools for that. On a DC or workstation with Administrative Tools/RSAT installed in command-line type:

dsquery group -name "DNSGroupName" | dsget group -members -expand | dsget user -fn -ln -samid >>c:\members.txt

or if you wish you can use Quest PowerShell cmdlets.

Regards,
Krzysztof
0
 
LVL 11

Expert Comment

by:Tasmant
ID: 34895266
If groups contains user and groups i think the pipe dsget group will return an error, unless you specify the -c switch to continue if error occurs.

An alternative could be to use this syntax
dsquery * -limit 0 -filter "(&(memberof:1.2.840.113556.1.4.1941:=CN=mygroup,DC=domain,DC=com))" -attr samaccountname cn > membersofmygroup.txt

Else you can use VBS: you can find examples here:
http://www.rlmueller.net/MemberOf.htm
0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34895307
Nope, because of -expand switch :) It gets also users from sub groups (if exists within queried group)

Krzysztof
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 11

Expert Comment

by:Tasmant
ID: 34895337
Personnaly on a group containing users and others groups, your command works if i write:
dsquery group -name "w2k migrated users" | dsget group -members -expand | dsget user -fn -ln -samid -c
but for each group in the current group requested, i get errors. It's not really an issue and you're right, but the log file isn't very clear.
with mine it's maybe a quite longer but no error occurs.
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 34895343
Here is a vbs that writes members of all the groups, or all groups in an OU if you specify to Excel.

http://adfordummiez.com/?p=129
0
 

Author Comment

by:ESSIMANDT
ID: 34895679
The VBS script works but does not give you the members of the group within a group.

I want to be able to display or export the users & groups of an AD group.

dsget does not display the name of the group within a group, it just displays all member users.
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 34895692
It don't display members of nested groups on the same sheet as the "parent" group. You will just see its group name, and there will be a new sheet for that group.

0
 
LVL 39

Expert Comment

by:Krzysztof Pytko
ID: 34895779
Use PowerShell for that and try accepted answer from KenMcF in this EE post
http://www.experts-exchange.com/Programming/Languages/Scripting/Powershell/Q_26809078.html

Krzysztof
0
 

Author Comment

by:ESSIMANDT
ID: 34895811
I tried the VBS script on a parent group which had a nested group, but there was no output for the nested group.
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 34896239
It will create the nested group in a new sheet.

i.e.
-------------------------------------------
Group A members (sheet #1):

Bob Doe
John Wayne
Group_B
Jermain Defoe

Count: 4
-------------------------------------------
Group_B members (sheet #2):

Harry Redknapp

Count: 1
0
 

Author Comment

by:ESSIMANDT
ID: 34897368
I understand waht you are saying, but it does not create a new tab for the nested group.

i.e.
-------------------------------------------
Group A members (sheet #1):

Bob Doe
John Wayne
Group_B
Jermain Defoe

Count: 4
-------------------------------------------
Group_B members (sheet #2): This part does not happen for Group_B

Harry Redknapp

Count: 1
0
 
LVL 21

Expert Comment

by:snusgubben
ID: 34898421
hmm weird. I tested that just before posting.

I'll guess you can see it better from where you are that I'm able to :)
0
 

Author Comment

by:ESSIMANDT
ID: 35015488
My question is in 1 Zone(s).
My question has 12 Total comment(s).

My reason is: I need a VBS or any other script that will list or export all AD users of a group & nested groups.

Group A
       Users
              Nested Group A
                                  Users
              Nested Group B
                                  Users
0
 
LVL 21

Accepted Solution

by:
snusgubben earned 125 total points
ID: 35015729
I have not tested this script but you can give it a try. You'll have to give the sAMAccount of the group as an argument.

http://gallery.technet.microsoft.com/scriptcenter/b160d928-fb9e-4c49-a194-f2e5a3e806ae
0
 

Author Closing Comment

by:ESSIMANDT
ID: 35034857
tHANK yOU
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Active Directory Recycle Bin - AD Size Increase. 2 24
get bulk group members list in CSV 15 24
Active Directory Photo Tab 4 22
Lync 2010 4 19
Is your Office 365 signature not working the way you want it to? Are signature updates taking up too much of your time? Let's run through the most common problems that an IT administrator can encounter when dealing with Office 365 email signatures.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question