Solved

Read list of AD security groups and export list of users

Posted on 2011-03-01
11
485 Views
Last Modified: 2012-05-11
Hey,

The script below exports a list of users in a security group which works fine.  However I need it to read a list of groups from a txt/csv file and return the members of each group to a txt/csv file.

Help appreciated!


'Script begins here
Dim objGroup, objUser, objFSO, objFile, strDomain, strGroup, Domain, Group
'Change DomainName to the name of the domain the group is in
strDomain = Inputbox ("Enter the Domain name", "Data needed", "Default domain name")
'Change GroupName to the name of the group whose members you want to export
strGroup = InputBox ("Enter the Group name", "Data needed", "Default group name")
Set objFSO = CreateObject("Scripting.FileSystemObject")
'On the next line change the name and path of the file that export data will be written to.
Set objFile = objFSO.CreateTextFile("C:\" & strGroup & " - Members.txt")
Set objGroup = GetObject("WinNT://" & strDomain & "/" & strGroup & ",group")
For Each objUser In objGroup.Members
    objFile.WriteLine objUser.FullName
Next
objFile.Close
Set objFile = Nothing
Set objFSO = Nothing
Set objUser = Nothing
Set objGroup = Nothing
Wscript.Echo "Done"
Wscript.Echo "Please check the c: for your output file"

Open in new window

0
Comment
Question by:SickBoy23
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 3
11 Comments
 
LVL 12

Expert Comment

by:prashanthd
ID: 35009547
Hi,

Try the following code, give the input and output file types

--------------------------------------------------------------------------

On Error Resume Next

inputfile="c:\grouplist.txt" 'file with group names
outputfile="c:\group_members.txt" 'writes output to following file

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(outputfile, 2, True)

Dim objRootDSE, strDomain, strUsername, objConnection, objCommand, objRecordSet, strDN
Const ADS_SCOPE_SUBTREE = 2

' Get domain components
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(inputfile, 1)

' Set ADO connection
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

' Set ADO command
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

Do While objTextFile.AtEndOfStream <> True
   
    strGroupname = Trim(objTextFile.ReadLine)
    objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='group' AND samAccountName = '" & strGroupname & "'"
   
    ' Set recordset to hold the query result
    Set objRecordSet = objCommand.Execute
   
    ' If a Group was found - Retrieve the distinguishedName
    If Not objRecordSet.EOF Then
        strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
       
        Set objGroup = GetObject(strDN)
        objGroup.GetInfo
        arrMemberOf = objGroup.GetEx("member")
       
        For Each strMember In arrMemberOf          
            Set objuser = GetObject("LDAP://"& strmember)
            uname=objuser.displayName            
            'WScript.Echo strGroupname &","& uname
            objtextfile.WriteLine strGroupname &","& uname
        Next
    Else
        WScript.echo strGroupname & ", No Group found"
    End If
   
Loop
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35009604
Modified a few things, to create new file for each group, only mention input file path

On Error Resume Next

inputfile="c:\grouplist.txt" 'file with group names


Set objFSO = CreateObject("Scripting.FileSystemObject")

Dim objRootDSE, strDomain, strUsername, objConnection, objCommand, objRecordSet, strDN
Const ADS_SCOPE_SUBTREE = 2

' Get domain components
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(inputfile, 1)

' Set ADO connection
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

' Set ADO command
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

Do While objTextFile.AtEndOfStream <> True
   
    strGroupname = Trim(objTextFile.ReadLine)
   
    objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='group' AND samAccountName = '" & strGroupname & "'"
   
    ' Set recordset to hold the query result
    Set objRecordSet = objCommand.Execute
   
    ' If a Group was found - Retrieve the distinguishedName
    If Not objRecordSet.EOF Then
        Set objTextFile = objFSO.CreateTextFile("C:\" & strGroupname & " - Members.txt")
        strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
       
        Set objGroup = GetObject(strDN)
        objGroup.GetInfo
        arrMemberOf = objGroup.GetEx("member")
       
        For Each strMember In arrMemberOf          
            Set objuser = GetObject("LDAP://"& strmember)
            uname=objuser.displayName            
            'WScript.Echo strGroupname &","& uname
            objtextfile.WriteLine uname
        Next
    Else
        WScript.echo strGroupname & ", No Group found"
    End If
   
Loop
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35024592
Hi,

Did you try the above code?
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:SickBoy23
ID: 35026185
Hi thanks for your help the script writes the group to the text file however the script keeps looping and writing the same users to the txt file and does not move onto the next group.  I have to kill the script to get it to stop.

Note our security groups have spaces in the names - would that affect your script?

Any ideas?
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35026232
Hi,

Missed out to close the file, can you try now
On Error Resume Next

inputfile="c:\grouplist.txt" 'file with group names


Set objFSO = CreateObject("Scripting.FileSystemObject")

Dim objRootDSE, strDomain, strUsername, objConnection, objCommand, objRecordSet, strDN
Const ADS_SCOPE_SUBTREE = 2

' Get domain components
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(inputfile, 1)

' Set ADO connection
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

' Set ADO command
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

Do While objTextFile.AtEndOfStream <> True
   
    strGroupname = Trim(objTextFile.ReadLine)
   
    objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='group' AND samAccountName = '" & strGroupname & "'"
   
    ' Set recordset to hold the query result
    Set objRecordSet = objCommand.Execute
   
    ' If a Group was found - Retrieve the distinguishedName
    If Not objRecordSet.EOF Then
        Set objTextFile = objFSO.CreateTextFile("C:\" & strGroupname & " - Members.txt")
        strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
       
        Set objGroup = GetObject(strDN)
        objGroup.GetInfo
        arrMemberOf = objGroup.GetEx("member")
       
        For Each strMember In arrMemberOf          
            Set objuser = GetObject("LDAP://"& strmember)
            uname=objuser.displayName            
            'WScript.Echo strGroupname &","& uname
            objtextfile.WriteLine uname
        Next
		objtextfile.Close
    Else
        WScript.echo strGroupname & ", No Group found"
    End If
   
Loop

Open in new window

0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35026382
Spaces in group names will not affect the script
0
 

Author Comment

by:SickBoy23
ID: 35036446
Different results now script looks really unstable and keeps re-writing groups. the file size jumps up and down and member list keeps changing almost in a loop.

can you test at your end?
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35036455
sure...will test and get back.

regards
Prashanth
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35036562
Tested and corrected the issue, Please test the following
On Error Resume Next

inputfile="c:\grouplist.txt" 'file with group names


Set objFSO = CreateObject("Scripting.FileSystemObject")

Dim objRootDSE, strDomain, strUsername, objConnection, objCommand, objRecordSet, strDN
Const ADS_SCOPE_SUBTREE = 2

' Get domain components
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(inputfile, 1)

' Set ADO connection
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

' Set ADO command
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

Do While objTextFile.AtEndOfStream <> True
   
    strGroupname = Trim(objTextFile.ReadLine)
   
    objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='group' AND samAccountName = '" & strGroupname & "'"
   
    ' Set recordset to hold the query result
    Set objRecordSet = objCommand.Execute
   
    ' If a Group was found - Retrieve the distinguishedName
    If Not objRecordSet.EOF Then
        Set objTextFile1 = objFSO.CreateTextFile("C:\" & strGroupname & " - Members.txt")
        strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
       
        Set objGroup = GetObject(strDN)
        objGroup.GetInfo
        arrMemberOf = objGroup.GetEx("member")
       
        For Each strMember In arrMemberOf          
            Set objuser = GetObject("LDAP://"& strmember)
            uname=objuser.displayName            
            'WScript.Echo strGroupname &","& uname
            objtextfile1.WriteLine uname
        Next
		objtextfile1.Close
    Else
        WScript.echo strGroupname & ", No Group found"
    End If
   
Loop

Open in new window

0
 
LVL 12

Accepted Solution

by:
prashanthd earned 500 total points
ID: 35039123
have you tested the code?
0
 

Author Closing Comment

by:SickBoy23
ID: 35058588
Thanks for your help on this!
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello again, all.  For those of you that have been following along, you'll know that this is my third article on this topic (though it is not Part III).  This article is sort of remedial, and probably the topic with which I should have started the s…
When it comes to writing scripts for a Client/Server computing environment it is essential to consider some way of enabling the authentication functionality within a script. This sort of consideration mainly comes into the picture when we are dealin…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question