Solved

Read list of AD security groups and export list of users

Posted on 2011-03-01
11
484 Views
Last Modified: 2012-05-11
Hey,

The script below exports a list of users in a security group which works fine.  However I need it to read a list of groups from a txt/csv file and return the members of each group to a txt/csv file.

Help appreciated!


'Script begins here
Dim objGroup, objUser, objFSO, objFile, strDomain, strGroup, Domain, Group
'Change DomainName to the name of the domain the group is in
strDomain = Inputbox ("Enter the Domain name", "Data needed", "Default domain name")
'Change GroupName to the name of the group whose members you want to export
strGroup = InputBox ("Enter the Group name", "Data needed", "Default group name")
Set objFSO = CreateObject("Scripting.FileSystemObject")
'On the next line change the name and path of the file that export data will be written to.
Set objFile = objFSO.CreateTextFile("C:\" & strGroup & " - Members.txt")
Set objGroup = GetObject("WinNT://" & strDomain & "/" & strGroup & ",group")
For Each objUser In objGroup.Members
    objFile.WriteLine objUser.FullName
Next
objFile.Close
Set objFile = Nothing
Set objFSO = Nothing
Set objUser = Nothing
Set objGroup = Nothing
Wscript.Echo "Done"
Wscript.Echo "Please check the c: for your output file"

Open in new window

0
Comment
Question by:SickBoy23
  • 8
  • 3
11 Comments
 
LVL 12

Expert Comment

by:prashanthd
ID: 35009547
Hi,

Try the following code, give the input and output file types

--------------------------------------------------------------------------

On Error Resume Next

inputfile="c:\grouplist.txt" 'file with group names
outputfile="c:\group_members.txt" 'writes output to following file

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(outputfile, 2, True)

Dim objRootDSE, strDomain, strUsername, objConnection, objCommand, objRecordSet, strDN
Const ADS_SCOPE_SUBTREE = 2

' Get domain components
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(inputfile, 1)

' Set ADO connection
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

' Set ADO command
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

Do While objTextFile.AtEndOfStream <> True
   
    strGroupname = Trim(objTextFile.ReadLine)
    objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='group' AND samAccountName = '" & strGroupname & "'"
   
    ' Set recordset to hold the query result
    Set objRecordSet = objCommand.Execute
   
    ' If a Group was found - Retrieve the distinguishedName
    If Not objRecordSet.EOF Then
        strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
       
        Set objGroup = GetObject(strDN)
        objGroup.GetInfo
        arrMemberOf = objGroup.GetEx("member")
       
        For Each strMember In arrMemberOf          
            Set objuser = GetObject("LDAP://"& strmember)
            uname=objuser.displayName            
            'WScript.Echo strGroupname &","& uname
            objtextfile.WriteLine strGroupname &","& uname
        Next
    Else
        WScript.echo strGroupname & ", No Group found"
    End If
   
Loop
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35009604
Modified a few things, to create new file for each group, only mention input file path

On Error Resume Next

inputfile="c:\grouplist.txt" 'file with group names


Set objFSO = CreateObject("Scripting.FileSystemObject")

Dim objRootDSE, strDomain, strUsername, objConnection, objCommand, objRecordSet, strDN
Const ADS_SCOPE_SUBTREE = 2

' Get domain components
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(inputfile, 1)

' Set ADO connection
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

' Set ADO command
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

Do While objTextFile.AtEndOfStream <> True
   
    strGroupname = Trim(objTextFile.ReadLine)
   
    objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='group' AND samAccountName = '" & strGroupname & "'"
   
    ' Set recordset to hold the query result
    Set objRecordSet = objCommand.Execute
   
    ' If a Group was found - Retrieve the distinguishedName
    If Not objRecordSet.EOF Then
        Set objTextFile = objFSO.CreateTextFile("C:\" & strGroupname & " - Members.txt")
        strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
       
        Set objGroup = GetObject(strDN)
        objGroup.GetInfo
        arrMemberOf = objGroup.GetEx("member")
       
        For Each strMember In arrMemberOf          
            Set objuser = GetObject("LDAP://"& strmember)
            uname=objuser.displayName            
            'WScript.Echo strGroupname &","& uname
            objtextfile.WriteLine uname
        Next
    Else
        WScript.echo strGroupname & ", No Group found"
    End If
   
Loop
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35024592
Hi,

Did you try the above code?
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 

Author Comment

by:SickBoy23
ID: 35026185
Hi thanks for your help the script writes the group to the text file however the script keeps looping and writing the same users to the txt file and does not move onto the next group.  I have to kill the script to get it to stop.

Note our security groups have spaces in the names - would that affect your script?

Any ideas?
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35026232
Hi,

Missed out to close the file, can you try now
On Error Resume Next

inputfile="c:\grouplist.txt" 'file with group names


Set objFSO = CreateObject("Scripting.FileSystemObject")

Dim objRootDSE, strDomain, strUsername, objConnection, objCommand, objRecordSet, strDN
Const ADS_SCOPE_SUBTREE = 2

' Get domain components
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(inputfile, 1)

' Set ADO connection
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

' Set ADO command
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

Do While objTextFile.AtEndOfStream <> True
   
    strGroupname = Trim(objTextFile.ReadLine)
   
    objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='group' AND samAccountName = '" & strGroupname & "'"
   
    ' Set recordset to hold the query result
    Set objRecordSet = objCommand.Execute
   
    ' If a Group was found - Retrieve the distinguishedName
    If Not objRecordSet.EOF Then
        Set objTextFile = objFSO.CreateTextFile("C:\" & strGroupname & " - Members.txt")
        strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
       
        Set objGroup = GetObject(strDN)
        objGroup.GetInfo
        arrMemberOf = objGroup.GetEx("member")
       
        For Each strMember In arrMemberOf          
            Set objuser = GetObject("LDAP://"& strmember)
            uname=objuser.displayName            
            'WScript.Echo strGroupname &","& uname
            objtextfile.WriteLine uname
        Next
		objtextfile.Close
    Else
        WScript.echo strGroupname & ", No Group found"
    End If
   
Loop

Open in new window

0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35026382
Spaces in group names will not affect the script
0
 

Author Comment

by:SickBoy23
ID: 35036446
Different results now script looks really unstable and keeps re-writing groups. the file size jumps up and down and member list keeps changing almost in a loop.

can you test at your end?
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35036455
sure...will test and get back.

regards
Prashanth
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 35036562
Tested and corrected the issue, Please test the following
On Error Resume Next

inputfile="c:\grouplist.txt" 'file with group names


Set objFSO = CreateObject("Scripting.FileSystemObject")

Dim objRootDSE, strDomain, strUsername, objConnection, objCommand, objRecordSet, strDN
Const ADS_SCOPE_SUBTREE = 2

' Get domain components
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile(inputfile, 1)

' Set ADO connection
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

' Set ADO command
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

Do While objTextFile.AtEndOfStream <> True
   
    strGroupname = Trim(objTextFile.ReadLine)
   
    objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='group' AND samAccountName = '" & strGroupname & "'"
   
    ' Set recordset to hold the query result
    Set objRecordSet = objCommand.Execute
   
    ' If a Group was found - Retrieve the distinguishedName
    If Not objRecordSet.EOF Then
        Set objTextFile1 = objFSO.CreateTextFile("C:\" & strGroupname & " - Members.txt")
        strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
       
        Set objGroup = GetObject(strDN)
        objGroup.GetInfo
        arrMemberOf = objGroup.GetEx("member")
       
        For Each strMember In arrMemberOf          
            Set objuser = GetObject("LDAP://"& strmember)
            uname=objuser.displayName            
            'WScript.Echo strGroupname &","& uname
            objtextfile1.WriteLine uname
        Next
		objtextfile1.Close
    Else
        WScript.echo strGroupname & ", No Group found"
    End If
   
Loop

Open in new window

0
 
LVL 12

Accepted Solution

by:
prashanthd earned 500 total points
ID: 35039123
have you tested the code?
0
 

Author Closing Comment

by:SickBoy23
ID: 35058588
Thanks for your help on this!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently I finished a vbscript that I thought I'd share.  It uses a text file with a list of server names to loop through and get various status reports, then writes them all into an Excel file.  Originally it was put together for our Altiris server…
Script to copy or move mouse-selected collection of files plus targets referenced by shortcuts (.lnk) The purpose of this article is to help illuminate the real challenges and options available (where they may exist) for utilizing simple scriptin…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question