AD and vbscript

Posted on 2011-05-05
Last Modified: 2012-05-11
I would like to be able to modify the following script to also include all group descriptions.
Currently this script has been modified to get information from AD about all groups and the number of members. I would like for the script to also include the description from AD.

I am trying to output a list of all groups in AD, the number of members, and the description of each group.
'VBScript to output to text file the members of all groups
'V1.0 Neil Hobson (
'Last updated on 24/09/02
'v1.0 24/09/02 - Original code

On Error Resume Next
Set objArgs=wscript.Arguments

If objArgs(0)<>"-dn" Then
	wscript.echo "Dumping group membership using full DN..."
	wscript.echo "Dumping group membership using only first CN part..."
End If

'Stuff for creating output text file
Const OutputFile = ".\groupdump.txt"
Set Fso = CreateObject("Scripting.FileSystemObject")
Set Wshshell = Wscript.CreateObject("Wscript.Shell")
Set Output = Fso.OpentextFile(OutputFile, 2, True)

Set ADSIRootDSE = GetObject("LDAP://RootDSE")
ADSINamingNC = ADSIRootDSE.Get("rootDomainNamingContext")
Set ADSIConnection = CreateObject("ADODB.Connection")
ADSIConnection.Provider = "ADsDSOObject"
ADSIConnection.Open "ADs Provider"

ADSIQueryText = "<LDAP://" & ADSINamingNC & ">;(&(objectCategory=group));name,distinguishedName;subtree"

Set ADSICommand = CreateObject("ADODB.Command")
Set ADSICommand.ActiveConnection = ADSIConnection
ADSICommand.CommandText = ADSIQueryText
ADSICommand.Properties("Page Size") = 100
ADSICommand.Properties("Timeout") = 60
ADSICommand.Properties("searchscope") = 2
ADSICommand.Properties("Cache Results") = False

Set ADSIResult = ADSICommand.Execute

Do While not ADSIResult.EOF

	Output.WriteLine "Group: " & ADSIResult.Fields("name").Value
	Output.WriteLine "==============================================================="

	Set GetDN = GetObject("LDAP://" & ADSIResult.Fields("distinguishedName").Value)
	strAllValues = GetDN.GetEx("member")
	iGroupCount = 0
	For each strValue in strAllValues
		If Len(strValue) = 0 Then
			Output.WriteLine "There are no members in this group."
			iGroupCount = iGroupCount + 1
			If objArgs(0)<>"-dn" Then
				Call Stripper(strValue)
				Output.WriteLine tmp
			End If
		End If
	Output.WriteLine "Total members in group: " & iGroupCount
	Set strAllValues = Nothing


wscript.echo "Operation has finished."

Function Stripper(StripperString)

pos = InStr(1, StripperString, "cn=", vbTextCompare)
If pos <> 0 Then
	tmp = Mid(StripperString, pos + 3)
	pos = InStr(tmp, ",")
	If pos <> 0 Then tmp = Mid(tmp, 1, pos - 1)
End If

End Function

Open in new window

Question by:kineticexpert
    LVL 65

    Accepted Solution

    Hi, under this line:
          Set GetDN = GetObject("LDAP://" & ADSIResult.Fields("distinguishedName").Value)

    add this:
          Output.WriteLine "Group Description: " & Join(GetDN.Description)



    Author Comment

    Output.WriteLine "Group Description: " & Join(GetDN.Description) did not work
    however Output.WriteLine "Group Description: " & GetDN.Description    did
    LVL 65

    Expert Comment

    Oh right....I forget whether that's an array or a string.   Sometimes it needs to be treated as an array.  Glad you got it working.  Is there anything else you need?


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Over the years I have built up my own little library of code snippets that I refer to when programming or writing a script.  Many of these have come from the web or adaptations from snippets I find on the Web.  Periodically I add to them when I come…
    Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
    Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    12 Experts available now in Live!

    Get 1:1 Help Now