Solved

Read list of AD security groups and export list of users

Posted on 2011-03-01
11
480 Views
Last Modified: 2012-05-11
Hey,

The script below exports a list of users in a security group which works fine.  However I need it to read a list of groups from a txt/csv file and return the members of each group to a txt/csv file.

Help appreciated!


'Script begins here
Dim objGroup, objUser, objFSO, objFile, strDomain, strGroup, Domain, Group
'Change DomainName to the name of the domain the group is in
strDomain = Inputbox ("Enter the Domain name", "Data needed", "Default domain name")
'Change GroupName to the name of the group whose members you want to export
strGroup = InputBox ("Enter the Group name", "Data needed", "Default group name")
Set objFSO = CreateObject("Scripting.FileSystemObject")
'On the next line change the name and path of the file that export data will be written to.
Set objFile = objFSO.CreateTextFile("C:\" & strGroup & " - Members.txt")
Set objGroup = GetObject("WinNT://" & strDomain & "/" & strGroup & ",group")
For Each objUser In objGroup.Members
    objFile.WriteLine objUser.FullName
Next
objFile.Close
Set objFile = Nothing
Set objFSO = Nothing
Set objUser = Nothing
Set objGroup = Nothing
Wscript.Echo "Done"
Wscript.Echo "Please check the c: for your output file"

Open in new window

0
Comment
Question by:SickBoy23
  • 8
  • 3
11 Comments
 
LVL 12

Expert Comment

by:prashanthd
ID: 35009547
Hi,

Try the following code, give the input and output file types

--------------------------------------------------------------------------

On Error Resume Next

inputfile="c:\grouplist.txt" 'file with group names
outputfile="c:\group_members.txt" 'writes output to following file

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(outputfile, 2, True)

Dim objRootDSE, strDomain, strUsername, objConnection, objCommand, objRecordSet, strDN
Const ADS_SCOPE_SUBTREE = 2

' Get domain components
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(inputfile, 1)

' Set ADO connection
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

' Set ADO command
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

Do While objTextFile.AtEndOfStream <> True
   
    strGroupname = Trim(objTextFile.ReadLine)
    objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='group' AND samAccountName = '" & strGroupname & "'"
   
    ' Set recordset to hold the query result
    Set objRecordSet = objCommand.Execute
   
    ' If a Group was found - Retrieve the distinguishedName
    If Not objRecordSet.EOF Then
        strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
       
        Set objGroup = GetObject(strDN)
        objGroup.GetInfo
        arrMemberOf = objGroup.GetEx("member")
       
        For Each strMember In arrMemberOf          
            Set objuser = GetObject("LDAP://"& strmember)
            uname=objuser.displayName            
            'WScript.Echo strGroupname &","& uname
            objtextfile.WriteLine strGroupname &","& uname
        Next
    Else
        WScript.echo strGroupname & ", No Group found"
    End If
   
Loop
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35009604
Modified a few things, to create new file for each group, only mention input file path

On Error Resume Next

inputfile="c:\grouplist.txt" 'file with group names


Set objFSO = CreateObject("Scripting.FileSystemObject")

Dim objRootDSE, strDomain, strUsername, objConnection, objCommand, objRecordSet, strDN
Const ADS_SCOPE_SUBTREE = 2

' Get domain components
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(inputfile, 1)

' Set ADO connection
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

' Set ADO command
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

Do While objTextFile.AtEndOfStream <> True
   
    strGroupname = Trim(objTextFile.ReadLine)
   
    objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='group' AND samAccountName = '" & strGroupname & "'"
   
    ' Set recordset to hold the query result
    Set objRecordSet = objCommand.Execute
   
    ' If a Group was found - Retrieve the distinguishedName
    If Not objRecordSet.EOF Then
        Set objTextFile = objFSO.CreateTextFile("C:\" & strGroupname & " - Members.txt")
        strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
       
        Set objGroup = GetObject(strDN)
        objGroup.GetInfo
        arrMemberOf = objGroup.GetEx("member")
       
        For Each strMember In arrMemberOf          
            Set objuser = GetObject("LDAP://"& strmember)
            uname=objuser.displayName            
            'WScript.Echo strGroupname &","& uname
            objtextfile.WriteLine uname
        Next
    Else
        WScript.echo strGroupname & ", No Group found"
    End If
   
Loop
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35024592
Hi,

Did you try the above code?
0
 

Author Comment

by:SickBoy23
ID: 35026185
Hi thanks for your help the script writes the group to the text file however the script keeps looping and writing the same users to the txt file and does not move onto the next group.  I have to kill the script to get it to stop.

Note our security groups have spaces in the names - would that affect your script?

Any ideas?
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35026232
Hi,

Missed out to close the file, can you try now
On Error Resume Next

inputfile="c:\grouplist.txt" 'file with group names


Set objFSO = CreateObject("Scripting.FileSystemObject")

Dim objRootDSE, strDomain, strUsername, objConnection, objCommand, objRecordSet, strDN
Const ADS_SCOPE_SUBTREE = 2

' Get domain components
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(inputfile, 1)

' Set ADO connection
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

' Set ADO command
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

Do While objTextFile.AtEndOfStream <> True
   
    strGroupname = Trim(objTextFile.ReadLine)
   
    objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='group' AND samAccountName = '" & strGroupname & "'"
   
    ' Set recordset to hold the query result
    Set objRecordSet = objCommand.Execute
   
    ' If a Group was found - Retrieve the distinguishedName
    If Not objRecordSet.EOF Then
        Set objTextFile = objFSO.CreateTextFile("C:\" & strGroupname & " - Members.txt")
        strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
       
        Set objGroup = GetObject(strDN)
        objGroup.GetInfo
        arrMemberOf = objGroup.GetEx("member")
       
        For Each strMember In arrMemberOf          
            Set objuser = GetObject("LDAP://"& strmember)
            uname=objuser.displayName            
            'WScript.Echo strGroupname &","& uname
            objtextfile.WriteLine uname
        Next
		objtextfile.Close
    Else
        WScript.echo strGroupname & ", No Group found"
    End If
   
Loop

Open in new window

0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 12

Expert Comment

by:prashanthd
ID: 35026382
Spaces in group names will not affect the script
0
 

Author Comment

by:SickBoy23
ID: 35036446
Different results now script looks really unstable and keeps re-writing groups. the file size jumps up and down and member list keeps changing almost in a loop.

can you test at your end?
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35036455
sure...will test and get back.

regards
Prashanth
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35036562
Tested and corrected the issue, Please test the following
On Error Resume Next

inputfile="c:\grouplist.txt" 'file with group names


Set objFSO = CreateObject("Scripting.FileSystemObject")

Dim objRootDSE, strDomain, strUsername, objConnection, objCommand, objRecordSet, strDN
Const ADS_SCOPE_SUBTREE = 2

' Get domain components
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(inputfile, 1)

' Set ADO connection
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

' Set ADO command
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

Do While objTextFile.AtEndOfStream <> True
   
    strGroupname = Trim(objTextFile.ReadLine)
   
    objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='group' AND samAccountName = '" & strGroupname & "'"
   
    ' Set recordset to hold the query result
    Set objRecordSet = objCommand.Execute
   
    ' If a Group was found - Retrieve the distinguishedName
    If Not objRecordSet.EOF Then
        Set objTextFile1 = objFSO.CreateTextFile("C:\" & strGroupname & " - Members.txt")
        strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
       
        Set objGroup = GetObject(strDN)
        objGroup.GetInfo
        arrMemberOf = objGroup.GetEx("member")
       
        For Each strMember In arrMemberOf          
            Set objuser = GetObject("LDAP://"& strmember)
            uname=objuser.displayName            
            'WScript.Echo strGroupname &","& uname
            objtextfile1.WriteLine uname
        Next
		objtextfile1.Close
    Else
        WScript.echo strGroupname & ", No Group found"
    End If
   
Loop

Open in new window

0
 
LVL 12

Accepted Solution

by:
prashanthd earned 500 total points
ID: 35039123
have you tested the code?
0
 

Author Closing Comment

by:SickBoy23
ID: 35058588
Thanks for your help on this!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When it comes to writing scripts for a Client/Server computing environment it is essential to consider some way of enabling the authentication functionality within a script. This sort of consideration mainly comes into the picture when we are dealin…
This script will sweep a range of IP addresses (class c only, 255.255.255.0) and report to a log the version of office installed. What it does: 1.)      Creates log file in the directory the script is run from (if it doesn't already exist) 2.)      Sweep…
In this video I am going to show you how to back up and restore Office 365 mailboxes using CodeTwo Backup for Office 365. Learn more about the tool used in this video here: http://www.codetwo.com/backup-for-office-365/ (http://www.codetwo.com/ba…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now