Solved

Read list of AD security groups and export list of users

Posted on 2011-03-01
11
479 Views
Last Modified: 2012-05-11
Hey,

The script below exports a list of users in a security group which works fine.  However I need it to read a list of groups from a txt/csv file and return the members of each group to a txt/csv file.

Help appreciated!


'Script begins here
Dim objGroup, objUser, objFSO, objFile, strDomain, strGroup, Domain, Group
'Change DomainName to the name of the domain the group is in
strDomain = Inputbox ("Enter the Domain name", "Data needed", "Default domain name")
'Change GroupName to the name of the group whose members you want to export
strGroup = InputBox ("Enter the Group name", "Data needed", "Default group name")
Set objFSO = CreateObject("Scripting.FileSystemObject")
'On the next line change the name and path of the file that export data will be written to.
Set objFile = objFSO.CreateTextFile("C:\" & strGroup & " - Members.txt")
Set objGroup = GetObject("WinNT://" & strDomain & "/" & strGroup & ",group")
For Each objUser In objGroup.Members
    objFile.WriteLine objUser.FullName
Next
objFile.Close
Set objFile = Nothing
Set objFSO = Nothing
Set objUser = Nothing
Set objGroup = Nothing
Wscript.Echo "Done"
Wscript.Echo "Please check the c: for your output file"

Open in new window

0
Comment
Question by:SickBoy23
  • 8
  • 3
11 Comments
 
LVL 12

Expert Comment

by:prashanthd
ID: 35009547
Hi,

Try the following code, give the input and output file types

--------------------------------------------------------------------------

On Error Resume Next

inputfile="c:\grouplist.txt" 'file with group names
outputfile="c:\group_members.txt" 'writes output to following file

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(outputfile, 2, True)

Dim objRootDSE, strDomain, strUsername, objConnection, objCommand, objRecordSet, strDN
Const ADS_SCOPE_SUBTREE = 2

' Get domain components
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(inputfile, 1)

' Set ADO connection
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

' Set ADO command
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

Do While objTextFile.AtEndOfStream <> True
   
    strGroupname = Trim(objTextFile.ReadLine)
    objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='group' AND samAccountName = '" & strGroupname & "'"
   
    ' Set recordset to hold the query result
    Set objRecordSet = objCommand.Execute
   
    ' If a Group was found - Retrieve the distinguishedName
    If Not objRecordSet.EOF Then
        strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
       
        Set objGroup = GetObject(strDN)
        objGroup.GetInfo
        arrMemberOf = objGroup.GetEx("member")
       
        For Each strMember In arrMemberOf          
            Set objuser = GetObject("LDAP://"& strmember)
            uname=objuser.displayName            
            'WScript.Echo strGroupname &","& uname
            objtextfile.WriteLine strGroupname &","& uname
        Next
    Else
        WScript.echo strGroupname & ", No Group found"
    End If
   
Loop
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35009604
Modified a few things, to create new file for each group, only mention input file path

On Error Resume Next

inputfile="c:\grouplist.txt" 'file with group names


Set objFSO = CreateObject("Scripting.FileSystemObject")

Dim objRootDSE, strDomain, strUsername, objConnection, objCommand, objRecordSet, strDN
Const ADS_SCOPE_SUBTREE = 2

' Get domain components
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(inputfile, 1)

' Set ADO connection
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

' Set ADO command
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

Do While objTextFile.AtEndOfStream <> True
   
    strGroupname = Trim(objTextFile.ReadLine)
   
    objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='group' AND samAccountName = '" & strGroupname & "'"
   
    ' Set recordset to hold the query result
    Set objRecordSet = objCommand.Execute
   
    ' If a Group was found - Retrieve the distinguishedName
    If Not objRecordSet.EOF Then
        Set objTextFile = objFSO.CreateTextFile("C:\" & strGroupname & " - Members.txt")
        strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
       
        Set objGroup = GetObject(strDN)
        objGroup.GetInfo
        arrMemberOf = objGroup.GetEx("member")
       
        For Each strMember In arrMemberOf          
            Set objuser = GetObject("LDAP://"& strmember)
            uname=objuser.displayName            
            'WScript.Echo strGroupname &","& uname
            objtextfile.WriteLine uname
        Next
    Else
        WScript.echo strGroupname & ", No Group found"
    End If
   
Loop
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35024592
Hi,

Did you try the above code?
0
 

Author Comment

by:SickBoy23
ID: 35026185
Hi thanks for your help the script writes the group to the text file however the script keeps looping and writing the same users to the txt file and does not move onto the next group.  I have to kill the script to get it to stop.

Note our security groups have spaces in the names - would that affect your script?

Any ideas?
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35026232
Hi,

Missed out to close the file, can you try now
On Error Resume Next

inputfile="c:\grouplist.txt" 'file with group names


Set objFSO = CreateObject("Scripting.FileSystemObject")

Dim objRootDSE, strDomain, strUsername, objConnection, objCommand, objRecordSet, strDN
Const ADS_SCOPE_SUBTREE = 2

' Get domain components
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(inputfile, 1)

' Set ADO connection
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

' Set ADO command
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

Do While objTextFile.AtEndOfStream <> True
   
    strGroupname = Trim(objTextFile.ReadLine)
   
    objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='group' AND samAccountName = '" & strGroupname & "'"
   
    ' Set recordset to hold the query result
    Set objRecordSet = objCommand.Execute
   
    ' If a Group was found - Retrieve the distinguishedName
    If Not objRecordSet.EOF Then
        Set objTextFile = objFSO.CreateTextFile("C:\" & strGroupname & " - Members.txt")
        strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
       
        Set objGroup = GetObject(strDN)
        objGroup.GetInfo
        arrMemberOf = objGroup.GetEx("member")
       
        For Each strMember In arrMemberOf          
            Set objuser = GetObject("LDAP://"& strmember)
            uname=objuser.displayName            
            'WScript.Echo strGroupname &","& uname
            objtextfile.WriteLine uname
        Next
		objtextfile.Close
    Else
        WScript.echo strGroupname & ", No Group found"
    End If
   
Loop

Open in new window

0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 
LVL 12

Expert Comment

by:prashanthd
ID: 35026382
Spaces in group names will not affect the script
0
 

Author Comment

by:SickBoy23
ID: 35036446
Different results now script looks really unstable and keeps re-writing groups. the file size jumps up and down and member list keeps changing almost in a loop.

can you test at your end?
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35036455
sure...will test and get back.

regards
Prashanth
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35036562
Tested and corrected the issue, Please test the following
On Error Resume Next

inputfile="c:\grouplist.txt" 'file with group names


Set objFSO = CreateObject("Scripting.FileSystemObject")

Dim objRootDSE, strDomain, strUsername, objConnection, objCommand, objRecordSet, strDN
Const ADS_SCOPE_SUBTREE = 2

' Get domain components
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(inputfile, 1)

' Set ADO connection
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

' Set ADO command
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

Do While objTextFile.AtEndOfStream <> True
   
    strGroupname = Trim(objTextFile.ReadLine)
   
    objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='group' AND samAccountName = '" & strGroupname & "'"
   
    ' Set recordset to hold the query result
    Set objRecordSet = objCommand.Execute
   
    ' If a Group was found - Retrieve the distinguishedName
    If Not objRecordSet.EOF Then
        Set objTextFile1 = objFSO.CreateTextFile("C:\" & strGroupname & " - Members.txt")
        strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
       
        Set objGroup = GetObject(strDN)
        objGroup.GetInfo
        arrMemberOf = objGroup.GetEx("member")
       
        For Each strMember In arrMemberOf          
            Set objuser = GetObject("LDAP://"& strmember)
            uname=objuser.displayName            
            'WScript.Echo strGroupname &","& uname
            objtextfile1.WriteLine uname
        Next
		objtextfile1.Close
    Else
        WScript.echo strGroupname & ", No Group found"
    End If
   
Loop

Open in new window

0
 
LVL 12

Accepted Solution

by:
prashanthd earned 500 total points
ID: 35039123
have you tested the code?
0
 

Author Closing Comment

by:SickBoy23
ID: 35058588
Thanks for your help on this!
0

Featured Post

Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

Join & Write a Comment

When it comes to writing scripts for a Client/Server computing environment it is essential to consider some way of enabling the authentication functionality within a script. This sort of consideration mainly comes into the picture when we are dealin…
Over the years I have built up my own little library of code snippets that I refer to when programming or writing a script.  Many of these have come from the web or adaptations from snippets I find on the Web.  Periodically I add to them when I come…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now