Modify VB Script to also pull in Security Group Memberships

I was wondering if someone could help me add some code to this script to output the security groups associated to each user as well as what is already being outputted.
'Define Constants
Const ForReading = 1
Const ADS_SCOPE_SUBTREE = 2 ' Search target object and all sub levels
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &H80000000

DQ = Chr(34) 'Double Quote

WScript.Echo "Creating user file"

'Create Objects
Set objShell = CreateObject("WScript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set SecurityGroups = CreateObject("System.Collections.ArrayList")
Set DistributionGroups = CreateObject("System.Collections.ArrayList")

'Construct an ADsPath to the Current Domain with rootDSE
Set objRootDSE = GetObject("LDAP://rootDSE")
strADsPath = "LDAP://" & objRootDSE.Get("defaultNamingContext")

'Connect to Active Directory
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

'Create output text file
strScriptPath = Replace(WScript.ScriptFullName, WScript.ScriptName, "")
strOutputFilePath = strScriptPath & "users.txt"
Set objOutputFile = objFSO.CreateTextFile(strOutputFilePath)

'Search AD for user
objCommand.CommandText = _
"SELECT ADsPath FROM '" & strADsPath & _
"' WHERE objectCategory='user'"
Set objRecordSet = objCommand.Execute

'Verify user was found
If objRecordSet.EOF Then
	WScript.echo "No users were found."
Else
	objRecordSet.MoveFirst
	Do Until objRecordSet.EOF
		strUserADsPath = objRecordSet.Fields("ADsPath").Value

    'Connect to user account
    Set objUser = GetObject(strUserADsPath)
    
    'Format Last Logon Time Stamp
'Set objLastLogon=null
dtmLastLogon=""
on error resume next
Set objLastLogon = objUser.Get("lastLogonTimestamp")
if not isNull(objLastLogon) then
    intLastLogonTime = objLastLogon.HighPart * (2 ^ 32) + objLastLogon.LowPart
    intLastLogonTime = intLastLogonTime / (60 * 10000000)
    intLastLogonTime = intLastLogonTime / 1440
    dtmLastLogon = intLastLogonTime + # 1 / 1 / 1601 #
end if
on error goto 0
    
    'Populate text file
    ws=DQ & objUser.sAMAccountName & DQ
    ws=ws & "," & DQ & objUser.extensionAttribute1 & DQ
    ws=ws & "," & DQ & objUser.description & DQ 
    ws=ws & "," & DQ & objUser.whenCreated & DQ
    ws=ws & "," & DQ & dtmLastLogon & DQ
    ws=ws & "," & DQ & objUser.mail & DQ
    ws=ws & "," & DQ & objUser.info & DQ
    objOutputFile.WriteLine ws

		objRecordSet.MoveNext
	Loop
End If
WScript.Echo "Finished creating file"
objOutputFile.Close

'Open file
strOpenFile = MsgBox("Do you want to open the output file?", VbYesNo + VBQuestion, "Open Output File?")
If strOpenFile = VbYes Then
	objShell.Run("notepad.exe " & DQ & strOutputFilePath & DQ)
End If

Open in new window

LVL 4
seaninmanAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

RobSampsonCommented:
Hi, see if this works.

Regards,

Rob.
'Define Constants
Const ForReading = 1
Const ADS_SCOPE_SUBTREE = 2 ' Search target object and all sub levels
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &H80000000

DQ = Chr(34) 'Double Quote

WScript.Echo "Creating user file"

'Create Objects
Set objShell = CreateObject("WScript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set SecurityGroups = CreateObject("System.Collections.ArrayList")
Set DistributionGroups = CreateObject("System.Collections.ArrayList")

'Construct an ADsPath to the Current Domain with rootDSE
Set objRootDSE = GetObject("LDAP://rootDSE")
strADsPath = "LDAP://" & objRootDSE.Get("defaultNamingContext")

'Connect to Active Directory
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

'Create output text file
strScriptPath = Replace(WScript.ScriptFullName, WScript.ScriptName, "")
strOutputFilePath = strScriptPath & "users.txt"
Set objOutputFile = objFSO.CreateTextFile(strOutputFilePath)

'Search AD for user
objCommand.CommandText = _
"SELECT ADsPath FROM '" & strADsPath & _
"' WHERE objectCategory='user'"
Set objRecordSet = objCommand.Execute

'Verify user was found
If objRecordSet.EOF Then
	WScript.echo "No users were found."
Else
	objRecordSet.MoveFirst
	Do Until objRecordSet.EOF
		strUserADsPath = objRecordSet.Fields("ADsPath").Value

		'Connect to user account
		Set objUser = GetObject(strUserADsPath)
    
		'Format Last Logon Time Stamp
		'Set objLastLogon=Null
		dtmLastLogon=""
		on error resume Next
		Set objLastLogon = objUser.Get("lastLogonTimestamp")
		if not isNull(objLastLogon) then
			intLastLogonTime = objLastLogon.HighPart * (2 ^ 32) + objLastLogon.LowPart
			intLastLogonTime = intLastLogonTime / (60 * 10000000)
			intLastLogonTime = intLastLogonTime / 1440
			dtmLastLogon = intLastLogonTime + # 1 / 1 / 1601 #
		end If
		on error goto 0

		'Populate text file
		ws=DQ & objUser.sAMAccountName & DQ
		ws=ws & "," & DQ & objUser.extensionAttribute1 & DQ
		ws=ws & "," & DQ & objUser.description & DQ 
		ws=ws & "," & DQ & objUser.whenCreated & DQ
		ws=ws & "," & DQ & dtmLastLogon & DQ
		ws=ws & "," & DQ & objUser.mail & DQ
		ws=ws & "," & DQ & objUser.info & DQ
		
		strGroups = ""
		If TypeName(objUser.MemberOf) <> "Empty" Then
			If TypeName(objUser.MemberOf) = "String" Then
				Set objGroup = GetObject("LDAP://" & objUser.MemberOf)
				strGroups = Mid(objGroup.Name, 4)
			Else
				For Each strGroupDN In objUser.MemberOf
					Set objGroup = GetObject("LDAP://" & strGroupDN)
					If strGroups = "" Then
						strGroups = Mid(objGroup.Name, 4)
					Else
						strGroups = strGroups & "," & Mid(objGroup.Name, 4)
					End If
				Next
			End If
		End If

		ws=ws & "," & DQ & strGroups & DQ
		
		objRecordSet.MoveNext
	Loop
End If
WScript.Echo "Finished creating file"
objOutputFile.Close

'Open file
strOpenFile = MsgBox("Do you want to open the output file?", VbYesNo + VBQuestion, "Open Output File?")
If strOpenFile = VbYes Then
	objShell.Run("notepad.exe " & DQ & strOutputFilePath & DQ)
End If

Open in new window

0
seaninmanAuthor Commented:
The script fails on

Line 80
Char 6
Error 0x80005000
Code 80005000
Source (null)
0
RobSampsonCommented:
That's odd....it works for me....I wonder if your group names have characters that need escaping?

Run this from a command prompt with
cscript GetUsers.vbs

and see what group DN is crashes on.

Regards,

Rob.
'Define Constants
Const ForReading = 1
Const ADS_SCOPE_SUBTREE = 2 ' Search target object and all sub levels
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &H80000000

DQ = Chr(34) 'Double Quote

WScript.Echo "Creating user file"

'Create Objects
Set objShell = CreateObject("WScript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")

'Construct an ADsPath to the Current Domain with rootDSE
Set objRootDSE = GetObject("LDAP://rootDSE")
strADsPath = "LDAP://" & objRootDSE.Get("defaultNamingContext")

'Connect to Active Directory
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

'Create output text file
strScriptPath = Replace(WScript.ScriptFullName, WScript.ScriptName, "")
strOutputFilePath = strScriptPath & "users.txt"
Set objOutputFile = objFSO.CreateTextFile(strOutputFilePath)

'Search AD for user
objCommand.CommandText = _
"SELECT ADsPath FROM '" & strADsPath & _
"' WHERE objectCategory='user'"
Set objRecordSet = objCommand.Execute

'Verify user was found
If objRecordSet.EOF Then
	WScript.echo "No users were found."
Else
	objRecordSet.MoveFirst
	Do Until objRecordSet.EOF
		strUserADsPath = objRecordSet.Fields("ADsPath").Value

		'Connect to user account
		Set objUser = GetObject(strUserADsPath)
    
		'Format Last Logon Time Stamp
		'Set objLastLogon=Null
		dtmLastLogon=""
		on error resume Next
		Set objLastLogon = objUser.Get("lastLogonTimestamp")
		if not isNull(objLastLogon) then
			intLastLogonTime = objLastLogon.HighPart * (2 ^ 32) + objLastLogon.LowPart
			intLastLogonTime = intLastLogonTime / (60 * 10000000)
			intLastLogonTime = intLastLogonTime / 1440
			dtmLastLogon = intLastLogonTime + # 1 / 1 / 1601 #
		end If
		on error goto 0

		'Populate text file
		ws=DQ & objUser.sAMAccountName & DQ
		'ws=ws & "," & DQ & objUser.extensionAttribute1 & DQ
		ws=ws & "," & DQ & " " & DQ
		ws=ws & "," & DQ & objUser.description & DQ 
		ws=ws & "," & DQ & objUser.whenCreated & DQ
		ws=ws & "," & DQ & dtmLastLogon & DQ
		ws=ws & "," & DQ & objUser.mail & DQ
		ws=ws & "," & DQ & objUser.info & DQ
		
		strGroups = ""
		If TypeName(objUser.MemberOf) <> "Empty" Then
			If TypeName(objUser.MemberOf) = "String" Then
				Set objGroup = GetObject("LDAP://" & objUser.MemberOf)
				strGroups = Mid(objGroup.Name, 4)
			Else
				For Each strGroupDN In objUser.MemberOf
					WScript.Echo Mid(objUser.Name, 4) & ": Group membership - " & strGroupDN
					Set objGroup = GetObject("LDAP://" & strGroupDN)
					If strGroups = "" Then
						strGroups = Mid(objGroup.Name, 4)
					Else
						strGroups = strGroups & "," & Mid(objGroup.Name, 4)
					End If
				Next
			End If
		End If

		ws=ws & "," & DQ & strGroups & DQ

		objOutputFile.WriteLine ws

		objRecordSet.MoveNext
	Loop
End If
WScript.Echo "Finished creating file"
objOutputFile.Close

'Open file
strOpenFile = MsgBox("Do you want to open the output file?", VbYesNo + VBQuestion, "Open Output File?")
If strOpenFile = VbYes Then
	objShell.Run("notepad.exe " & DQ & strOutputFilePath & DQ)
End If

Open in new window

0
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

seaninmanAuthor Commented:
I ran the script like you said and it has populated some data.  How do I tell what group it's failing on?
0
RobSampsonCommented:
If it has an error, it should be the last message in the command prompt, since we're not using On Error Resume Next, so it just terminate the script at that point, and show the error in the command prompt.

If it doesn't error, then that means you should have all your data.

Rob.
0
seaninmanAuthor Commented:
In the command prompt window, there is output data on a few users, but the output txt file it creates doesn't contain all the users.  So is the issues with the data that is outputted in the command prompt window?

Thanks
0
RobSampsonCommented:
How many users are showing in the text file?  Is it 1000?  There might be a record limit from the AD query....

Does it still produce an error though?  If not, I don't see any reason why it wouldn't output all of your users....
0
seaninmanAuthor Commented:
There are only 158 users in the text file and it doesn't show all the security groups for those users.  

There are only 14 users in the command prompt window, however there are multiple lines for those 14 users that has the [username: Group Membership - (Group Name)

There is still an error and it is: C:\temp\getusers.vbs(82, 6) (null): 0x80005000


You mentioned a query limit.  I do have over 40,000 users.  Should we try altering the script to only do specific OU's instead of all user objects?
0
RobSampsonCommented:
I assume line 82 in your script is this one:
                                    strGroups = Mid(objGroup.Name, 4)

and *not* this one:
                              Set objGroup = GetObject("LDAP://" & strGroupDN)

which is the one I orginally thought it was when you said the error was on line 80.  The one with Mid actually makes more sense to have an error, so I've changed that to output the CN, instead of Name.  I guess it *might* be possible that a group doesn't have a "name", but they MUST have a CN, so we'll try that.

If you're not already using a script editor, grab VBSEdit so you can see line numbers.

And wow....40,000 users....this script will take a while!  Make sure you run it with CScript, so it will give you some output.

Regards,

Rob.
'Define Constants
Const ForReading = 1
Const ADS_SCOPE_SUBTREE = 2 ' Search target object and all sub levels
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &H80000000

DQ = Chr(34) 'Double Quote

WScript.Echo "Creating user file"

'Create Objects
Set objShell = CreateObject("WScript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")

'Construct an ADsPath to the Current Domain with rootDSE
Set objRootDSE = GetObject("LDAP://rootDSE")
strADsPath = "LDAP://" & objRootDSE.Get("defaultNamingContext")

'Connect to Active Directory
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

'Create output text file
strScriptPath = Replace(WScript.ScriptFullName, WScript.ScriptName, "")
strOutputFilePath = strScriptPath & "users.txt"
Set objOutputFile = objFSO.CreateTextFile(strOutputFilePath)

'Search AD for user
objCommand.CommandText = _
"SELECT ADsPath FROM '" & strADsPath & _
"' WHERE objectCategory='user'"
Set objRecordSet = objCommand.Execute

'Verify user was found
If objRecordSet.EOF Then
	WScript.echo "No users were found."
Else
	objRecordSet.MoveFirst
	Do Until objRecordSet.EOF
		strUserADsPath = objRecordSet.Fields("ADsPath").Value

		'Connect to user account
		Set objUser = GetObject(strUserADsPath)
    
		'Format Last Logon Time Stamp
		'Set objLastLogon=Null
		dtmLastLogon=""
		on error resume Next
		Set objLastLogon = objUser.Get("lastLogonTimestamp")
		if not isNull(objLastLogon) then
			intLastLogonTime = objLastLogon.HighPart * (2 ^ 32) + objLastLogon.LowPart
			intLastLogonTime = intLastLogonTime / (60 * 10000000)
			intLastLogonTime = intLastLogonTime / 1440
			dtmLastLogon = intLastLogonTime + # 1 / 1 / 1601 #
		end If
		on error goto 0

		'Populate text file
		ws=DQ & objUser.sAMAccountName & DQ
		'ws=ws & "," & DQ & objUser.extensionAttribute1 & DQ
		ws=ws & "," & DQ & " " & DQ
		ws=ws & "," & DQ & objUser.description & DQ 
		ws=ws & "," & DQ & objUser.whenCreated & DQ
		ws=ws & "," & DQ & dtmLastLogon & DQ
		ws=ws & "," & DQ & objUser.mail & DQ
		ws=ws & "," & DQ & objUser.info & DQ
		
		WScript.Echo "Enumerating group membership of " & objUser.CN
		strGroups = ""
		If TypeName(objUser.MemberOf) <> "Empty" Then
			If TypeName(objUser.MemberOf) = "String" Then
				Set objGroup = GetObject("LDAP://" & objUser.MemberOf)
				strGroups = objGroup.CN
			Else
				For Each strGroupDN In objUser.MemberOf
					Set objGroup = GetObject("LDAP://" & strGroupDN)
					If strGroups = "" Then
						strGroups = objGroup.CN
					Else
						strGroups = strGroups & "," & objGroup.CN
					End If
				Next
			End If
		End If

		ws=ws & "," & DQ & strGroups & DQ

		objOutputFile.WriteLine ws

		objRecordSet.MoveNext
	Loop
End If
WScript.Echo "Finished creating file"
objOutputFile.Close

'Open file
strOpenFile = MsgBox("Do you want to open the output file?", VbYesNo + VBQuestion, "Open Output File?")
If strOpenFile = VbYes Then
	objShell.Run("notepad.exe " & DQ & strOutputFilePath & DQ)
End If

Open in new window

0
seaninmanAuthor Commented:
I am still getting that error message and in the text file it only outputs about 159 users and their information.
0
RobSampsonCommented:
Hmm.  Try changing the If block to this:
		If TypeName(objUser.MemberOf) <> "Empty" Then
			If TypeName(objUser.MemberOf) = "String" Then
				WScript.Echo "Binding to " & objUser.MemberOf
				Set objGroup = GetObject("LDAP://" & Replace(Replace(Replace(objUser.MemberOf, "\", "\\"), "/", "\/"))
				strGroups = objGroup.CN
			Else
				For Each strGroupDN In objUser.MemberOf
					WScript.Echo "Binding to " & strGroupDN
					Set objGroup = GetObject("LDAP://" & Replace(Replace(Replace(strGroupDN, "\", "\\"), "/", "\/"))
					If strGroups = "" Then
						strGroups = objGroup.CN
					Else
						strGroups = strGroups & "," & objGroup.CN
					End If
				Next
			End If
		End If

Open in new window


Then run it using CScript again.  When it errors this time (if it does), look in the command prompt for the last "Binding to" output, and post that DN here....I suspect there's some characters we need to escape.

Regards,

Rob.
0
seaninmanAuthor Commented:
Error message
0
RobSampsonCommented:
Sorry, I didn't have my script editor with me....I had one too many Replace statements.  Try this.

Rob.
'Define Constants
Const ForReading = 1
Const ADS_SCOPE_SUBTREE = 2 ' Search target object and all sub levels
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &H80000000

DQ = Chr(34) 'Double Quote

WScript.Echo "Creating user file"

'Create Objects
Set objShell = CreateObject("WScript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")

'Construct an ADsPath to the Current Domain with rootDSE
Set objRootDSE = GetObject("LDAP://rootDSE")
strADsPath = "LDAP://" & objRootDSE.Get("defaultNamingContext")

'Connect to Active Directory
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

'Create output text file
strScriptPath = Replace(WScript.ScriptFullName, WScript.ScriptName, "")
strOutputFilePath = strScriptPath & "users.txt"
Set objOutputFile = objFSO.CreateTextFile(strOutputFilePath)

'Search AD for user
objCommand.CommandText = _
"SELECT ADsPath FROM '" & strADsPath & _
"' WHERE objectCategory='user'"
Set objRecordSet = objCommand.Execute

'Verify user was found
If objRecordSet.EOF Then
	WScript.echo "No users were found."
Else
	objRecordSet.MoveFirst
	Do Until objRecordSet.EOF
		strUserADsPath = objRecordSet.Fields("ADsPath").Value

		'Connect to user account
		Set objUser = GetObject(strUserADsPath)
    
		'Format Last Logon Time Stamp
		'Set objLastLogon=Null
		dtmLastLogon=""
		on error resume Next
		Set objLastLogon = objUser.Get("lastLogonTimestamp")
		if not isNull(objLastLogon) then
			intLastLogonTime = objLastLogon.HighPart * (2 ^ 32) + objLastLogon.LowPart
			intLastLogonTime = intLastLogonTime / (60 * 10000000)
			intLastLogonTime = intLastLogonTime / 1440
			dtmLastLogon = intLastLogonTime + # 1 / 1 / 1601 #
		end If
		on error goto 0

		'Populate text file
		ws=DQ & objUser.sAMAccountName & DQ
		'ws=ws & "," & DQ & objUser.extensionAttribute1 & DQ
		ws=ws & "," & DQ & " " & DQ
		ws=ws & "," & DQ & objUser.description & DQ 
		ws=ws & "," & DQ & objUser.whenCreated & DQ
		ws=ws & "," & DQ & dtmLastLogon & DQ
		ws=ws & "," & DQ & objUser.mail & DQ
		ws=ws & "," & DQ & objUser.info & DQ
		
		WScript.Echo "Enumerating group membership of " & objUser.CN
		strGroups = ""
		If TypeName(objUser.MemberOf) <> "Empty" Then
			If TypeName(objUser.MemberOf) = "String" Then
				WScript.Echo "Binding to " & objUser.MemberOf
				Set objGroup = GetObject("LDAP://" & Replace(Replace(objUser.MemberOf, "\", "\\"), "/", "\/"))
				strGroups = objGroup.CN
			Else
				For Each strGroupDN In objUser.MemberOf
					WScript.Echo "Binding to " & strGroupDN
					Set objGroup = GetObject("LDAP://" & Replace(Replace(strGroupDN, "\", "\\"), "/", "\/"))
					If strGroups = "" Then
						strGroups = objGroup.CN
					Else
						strGroups = strGroups & "," & objGroup.CN
					End If
				Next
			End If
		End If

		ws=ws & "," & DQ & strGroups & DQ

		objOutputFile.WriteLine ws

		objRecordSet.MoveNext
	Loop
End If
WScript.Echo "Finished creating file"
objOutputFile.Close

'Open file
strOpenFile = MsgBox("Do you want to open the output file?", VbYesNo + VBQuestion, "Open Output File?")
If strOpenFile = VbYes Then
	objShell.Run("notepad.exe " & DQ & strOutputFilePath & DQ)
End If

Open in new window

0
seaninmanAuthor Commented:
This was the last line in the vbsedit output window...

Binding to CN=Zone - East \#9400,OU=Groups - Security,OU=Admin,DC=test,DC=com
(null) (82, 6) : (null)

 error
0
RobSampsonCommented:
Hmmm, I think it was some weird way the string of the DN was being evaluated.  I have created a group with the same CN, made a small change, and now it works.  See how this goes for you now.

Regards,

Rob.
0
RobSampsonCommented:

'Define Constants
Const ForReading = 1
Const ADS_SCOPE_SUBTREE = 2 ' Search target object and all sub levels
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &H80000000

DQ = Chr(34) 'Double Quote

WScript.Echo "Creating user file"

'Create Objects
Set objShell = CreateObject("WScript.Shell")
Set objFSO = CreateObject("Scripting.FileSystemObject")

'Construct an ADsPath to the Current Domain with rootDSE
Set objRootDSE = GetObject("LDAP://rootDSE")
strADsPath = "LDAP://" & objRootDSE.Get("defaultNamingContext")

'Connect to Active Directory
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

'Create output text file
strScriptPath = Replace(WScript.ScriptFullName, WScript.ScriptName, "")
strOutputFilePath = strScriptPath & "users.txt"
Set objOutputFile = objFSO.CreateTextFile(strOutputFilePath)

'Search AD for user
objCommand.CommandText = _
"SELECT ADsPath FROM '" & strADsPath & _
"' WHERE objectCategory='user'"
Set objRecordSet = objCommand.Execute

'Verify user was found
If objRecordSet.EOF Then
	WScript.echo "No users were found."
Else
	objRecordSet.MoveFirst
	Do Until objRecordSet.EOF
		strUserADsPath = objRecordSet.Fields("ADsPath").Value

		'Connect to user account
		Set objUser = GetObject(strUserADsPath)
    
		'Format Last Logon Time Stamp
		'Set objLastLogon=Null
		dtmLastLogon=""
		on error resume Next
		Set objLastLogon = objUser.Get("lastLogonTimestamp")
		if not isNull(objLastLogon) then
			intLastLogonTime = objLastLogon.HighPart * (2 ^ 32) + objLastLogon.LowPart
			intLastLogonTime = intLastLogonTime / (60 * 10000000)
			intLastLogonTime = intLastLogonTime / 1440
			dtmLastLogon = intLastLogonTime + # 1 / 1 / 1601 #
		end If
		on error goto 0

		'Populate text file
		ws=DQ & objUser.sAMAccountName & DQ
		'ws=ws & "," & DQ & objUser.extensionAttribute1 & DQ
		ws=ws & "," & DQ & " " & DQ
		ws=ws & "," & DQ & objUser.description & DQ 
		ws=ws & "," & DQ & objUser.whenCreated & DQ
		ws=ws & "," & DQ & dtmLastLogon & DQ
		ws=ws & "," & DQ & objUser.mail & DQ
		ws=ws & "," & DQ & objUser.info & DQ
		
		WScript.Echo "Enumerating group membership of " & objUser.CN
		strGroups = ""
		If TypeName(objUser.MemberOf) <> "Empty" Then
			If TypeName(objUser.MemberOf) = "String" Then
				strADsPath = "LDAP://" & objUser.MemberOf
				WScript.Echo "Binding to " & strADsPath
				Set objGroup = GetObject(strADsPath)
				strGroups = objGroup.CN
			Else
				For Each strGroupDN In objUser.MemberOf
					strADsPath = "LDAP://" & strGroupDN
					WScript.Echo "Binding to " & strADsPath
					Set objGroup = GetObject(strADsPath)
					If strGroups = "" Then
						strGroups = objGroup.CN
					Else
						strGroups = strGroups & "," & objGroup.CN
					End If
				Next
			End If
		End If

		ws=ws & "," & DQ & strGroups & DQ

		objOutputFile.WriteLine ws

		objRecordSet.MoveNext
	Loop
End If
WScript.Echo "Finished creating file"
objOutputFile.Close

'Open file
strOpenFile = MsgBox("Do you want to open the output file?", VbYesNo + VBQuestion, "Open Output File?")
If strOpenFile = VbYes Then
	objShell.Run("notepad.exe " & DQ & strOutputFilePath & DQ)
End If

Open in new window

0
seaninmanAuthor Commented:
Now the error is on line 84 column 6.  

If you know and easy way to specify a specific an OU, I can do this by OU as my users are separated by OU, and then I can run it on different OU's until I find the user account(s) or Group(s) causing the issue.
0
RobSampsonCommented:
Again, what is the "Binding to" message right before that error?  The same group name?  I'm basically trying to bind to each group, just to get it's proper name into the data.

If you want to start enumerating users by OU, you can change this:
strADsPath = "LDAP://" & objRootDSE.Get("defaultNamingContext")

to something like:
strADsPath = "LDAP://OU=Second OU,OU=First OU," & objRootDSE.Get("defaultNamingContext")

and if you don't want to enumerate sub OUs at the same time, from the one you specify, change this:
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

to ths:
objCommand.Properties("Searchscope") = 1

It's really odd that it is displaying the adsPath of the group to bind to, it's just not actually binding to it....

Rob.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VB Script

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.