Solved

Read list of AD security groups and export list of users

Posted on 2011-03-01
11
481 Views
Last Modified: 2012-05-11
Hey,

The script below exports a list of users in a security group which works fine.  However I need it to read a list of groups from a txt/csv file and return the members of each group to a txt/csv file.

Help appreciated!


'Script begins here
Dim objGroup, objUser, objFSO, objFile, strDomain, strGroup, Domain, Group
'Change DomainName to the name of the domain the group is in
strDomain = Inputbox ("Enter the Domain name", "Data needed", "Default domain name")
'Change GroupName to the name of the group whose members you want to export
strGroup = InputBox ("Enter the Group name", "Data needed", "Default group name")
Set objFSO = CreateObject("Scripting.FileSystemObject")
'On the next line change the name and path of the file that export data will be written to.
Set objFile = objFSO.CreateTextFile("C:\" & strGroup & " - Members.txt")
Set objGroup = GetObject("WinNT://" & strDomain & "/" & strGroup & ",group")
For Each objUser In objGroup.Members
    objFile.WriteLine objUser.FullName
Next
objFile.Close
Set objFile = Nothing
Set objFSO = Nothing
Set objUser = Nothing
Set objGroup = Nothing
Wscript.Echo "Done"
Wscript.Echo "Please check the c: for your output file"

Open in new window

0
Comment
Question by:SickBoy23
  • 8
  • 3
11 Comments
 
LVL 12

Expert Comment

by:prashanthd
ID: 35009547
Hi,

Try the following code, give the input and output file types

--------------------------------------------------------------------------

On Error Resume Next

inputfile="c:\grouplist.txt" 'file with group names
outputfile="c:\group_members.txt" 'writes output to following file

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(outputfile, 2, True)

Dim objRootDSE, strDomain, strUsername, objConnection, objCommand, objRecordSet, strDN
Const ADS_SCOPE_SUBTREE = 2

' Get domain components
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(inputfile, 1)

' Set ADO connection
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

' Set ADO command
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

Do While objTextFile.AtEndOfStream <> True
   
    strGroupname = Trim(objTextFile.ReadLine)
    objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='group' AND samAccountName = '" & strGroupname & "'"
   
    ' Set recordset to hold the query result
    Set objRecordSet = objCommand.Execute
   
    ' If a Group was found - Retrieve the distinguishedName
    If Not objRecordSet.EOF Then
        strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
       
        Set objGroup = GetObject(strDN)
        objGroup.GetInfo
        arrMemberOf = objGroup.GetEx("member")
       
        For Each strMember In arrMemberOf          
            Set objuser = GetObject("LDAP://"& strmember)
            uname=objuser.displayName            
            'WScript.Echo strGroupname &","& uname
            objtextfile.WriteLine strGroupname &","& uname
        Next
    Else
        WScript.echo strGroupname & ", No Group found"
    End If
   
Loop
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35009604
Modified a few things, to create new file for each group, only mention input file path

On Error Resume Next

inputfile="c:\grouplist.txt" 'file with group names


Set objFSO = CreateObject("Scripting.FileSystemObject")

Dim objRootDSE, strDomain, strUsername, objConnection, objCommand, objRecordSet, strDN
Const ADS_SCOPE_SUBTREE = 2

' Get domain components
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(inputfile, 1)

' Set ADO connection
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

' Set ADO command
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

Do While objTextFile.AtEndOfStream <> True
   
    strGroupname = Trim(objTextFile.ReadLine)
   
    objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='group' AND samAccountName = '" & strGroupname & "'"
   
    ' Set recordset to hold the query result
    Set objRecordSet = objCommand.Execute
   
    ' If a Group was found - Retrieve the distinguishedName
    If Not objRecordSet.EOF Then
        Set objTextFile = objFSO.CreateTextFile("C:\" & strGroupname & " - Members.txt")
        strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
       
        Set objGroup = GetObject(strDN)
        objGroup.GetInfo
        arrMemberOf = objGroup.GetEx("member")
       
        For Each strMember In arrMemberOf          
            Set objuser = GetObject("LDAP://"& strmember)
            uname=objuser.displayName            
            'WScript.Echo strGroupname &","& uname
            objtextfile.WriteLine uname
        Next
    Else
        WScript.echo strGroupname & ", No Group found"
    End If
   
Loop
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35024592
Hi,

Did you try the above code?
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 

Author Comment

by:SickBoy23
ID: 35026185
Hi thanks for your help the script writes the group to the text file however the script keeps looping and writing the same users to the txt file and does not move onto the next group.  I have to kill the script to get it to stop.

Note our security groups have spaces in the names - would that affect your script?

Any ideas?
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35026232
Hi,

Missed out to close the file, can you try now
On Error Resume Next

inputfile="c:\grouplist.txt" 'file with group names


Set objFSO = CreateObject("Scripting.FileSystemObject")

Dim objRootDSE, strDomain, strUsername, objConnection, objCommand, objRecordSet, strDN
Const ADS_SCOPE_SUBTREE = 2

' Get domain components
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(inputfile, 1)

' Set ADO connection
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

' Set ADO command
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

Do While objTextFile.AtEndOfStream <> True
   
    strGroupname = Trim(objTextFile.ReadLine)
   
    objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='group' AND samAccountName = '" & strGroupname & "'"
   
    ' Set recordset to hold the query result
    Set objRecordSet = objCommand.Execute
   
    ' If a Group was found - Retrieve the distinguishedName
    If Not objRecordSet.EOF Then
        Set objTextFile = objFSO.CreateTextFile("C:\" & strGroupname & " - Members.txt")
        strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
       
        Set objGroup = GetObject(strDN)
        objGroup.GetInfo
        arrMemberOf = objGroup.GetEx("member")
       
        For Each strMember In arrMemberOf          
            Set objuser = GetObject("LDAP://"& strmember)
            uname=objuser.displayName            
            'WScript.Echo strGroupname &","& uname
            objtextfile.WriteLine uname
        Next
		objtextfile.Close
    Else
        WScript.echo strGroupname & ", No Group found"
    End If
   
Loop

Open in new window

0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35026382
Spaces in group names will not affect the script
0
 

Author Comment

by:SickBoy23
ID: 35036446
Different results now script looks really unstable and keeps re-writing groups. the file size jumps up and down and member list keeps changing almost in a loop.

can you test at your end?
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35036455
sure...will test and get back.

regards
Prashanth
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35036562
Tested and corrected the issue, Please test the following
On Error Resume Next

inputfile="c:\grouplist.txt" 'file with group names


Set objFSO = CreateObject("Scripting.FileSystemObject")

Dim objRootDSE, strDomain, strUsername, objConnection, objCommand, objRecordSet, strDN
Const ADS_SCOPE_SUBTREE = 2

' Get domain components
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(inputfile, 1)

' Set ADO connection
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

' Set ADO command
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

Do While objTextFile.AtEndOfStream <> True
   
    strGroupname = Trim(objTextFile.ReadLine)
   
    objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='group' AND samAccountName = '" & strGroupname & "'"
   
    ' Set recordset to hold the query result
    Set objRecordSet = objCommand.Execute
   
    ' If a Group was found - Retrieve the distinguishedName
    If Not objRecordSet.EOF Then
        Set objTextFile1 = objFSO.CreateTextFile("C:\" & strGroupname & " - Members.txt")
        strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
       
        Set objGroup = GetObject(strDN)
        objGroup.GetInfo
        arrMemberOf = objGroup.GetEx("member")
       
        For Each strMember In arrMemberOf          
            Set objuser = GetObject("LDAP://"& strmember)
            uname=objuser.displayName            
            'WScript.Echo strGroupname &","& uname
            objtextfile1.WriteLine uname
        Next
		objtextfile1.Close
    Else
        WScript.echo strGroupname & ", No Group found"
    End If
   
Loop

Open in new window

0
 
LVL 12

Accepted Solution

by:
prashanthd earned 500 total points
ID: 35039123
have you tested the code?
0
 

Author Closing Comment

by:SickBoy23
ID: 35058588
Thanks for your help on this!
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction During my participation as a VBScript contributor at Experts Exchange, one of the most common questions I come across is this: "I have a script that runs against only one computer. How can I make it run against a list of computers in …
This is pretty cool.  The purpose of this VB Script is to help you document where JAR (Java ARchive) files and specifically java class files are located so that you can address issues seen with a client or that you can speak intelligently with a dev…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question