Solved

Querying Active Directory group membership information

Posted on 2013-11-30
6
997 Views
Last Modified: 2014-01-14
Good day experts,

I'm trying to query active directory with vbscript to get the membership information of a specific group.

Using an application called dsa.msc I can query this information manually but I need to follow a more automated approach using vbscript.

SO what I need my script to do now, is get all the members for a given group name.

I currently have the following sample:

Set objGroup = GetObject _
  ("LDAP:// SOMETHING MUST GO HERE")
objGroup.GetInfo
 
arrMemberOf = objGroup.GetEx("member")
 
WScript.Echo "Members:"
For Each strMember in arrMemberOf
    WScript.echo strMember
Next

I just cannot get the correct parameters specified in the "LDAP:// ..... " command to get results.  Surely, if I can access the required info with dsa.msc then I should have all the necessary connectivity, access and info to run this query - I just don't know what to put in.

Please help.

Thanks
Christoff
0
Comment
Question by:PantoffelSlippers
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 53

Accepted Solution

by:
Will Szymkowski earned 250 total points
ID: 39686989
Powershell is much easier. You can use 1 line of code to accomplish what you are doing... Use the following command below...

Security Group (Powershell with import-module activedirectory)
Get-ADGroupMember -Identity <groupname> | select name,samaccountname


Distribution Group (run from Exchange Management Shell)
Get-DistributionGroupMember -Identity <groupname> | Select DisplayName


Will.
0
 
LVL 14

Assisted Solution

by:Ram Balachandran
Ram Balachandran earned 150 total points
ID: 39687199
Following is a sample vbscript to find members of a AD group
For your question : You need to provide DN Name of the group

Set objGroup = GetObject ("LDAP://cn=Test_Group,ou=TestOU,dc=home,dc=com")

Say Test_Group is your group name - In dsa.msc, in view > select advanced features
and then search for the group.
Open group properties and select Object

You can see the AD path of the group like home.com/SomeOU/Groupname
Now home.com (or your domain name will become Dc=home,Dc=com.


Sample Code

' List All the 'Members' and 'Member Of' of a Group
' Test_group points to the group which you need the output

On Error Resume Next

Set objGroup = GetObject ("LDAP://cn=Test_Group,ou=TestOU,dc=home,dc=com")
objGroup.GetInfo

arrMember = objGroup.GetEx("member")

WScript.Echo "Members:"
For Each strMember in arrMember
    WScript.echo strMember
Next
'------------------------------

arrMemberOf = objGroup.GetEx("memberof")
WScript.Echo "MemberOf:"
For Each strMemberOf in arrMemberOf
    WScript.echo strMemberOf
Next
'------------------------------

Open in new window


--------------------


Using Powershell first import Active directory module

http://blogs.msdn.com/b/rkramesh/archive/2012/01/17/how-to-add-active-directory-module-in-powershell-in-windows-7.aspx

Get-ADGroupMember -Identity Test_Groupname | select name,samaccountname

Replace Test_Groupname with your group
0
 

Author Comment

by:PantoffelSlippers
ID: 39687831
Thanks - let me try this out
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 
LVL 9

Expert Comment

by:VirastaR
ID: 39688271
Hi,

Check this too..

[SOLVED] Active Directory Saved Query - Group Member Listing

Hope that helps :)
0
 

Author Comment

by:PantoffelSlippers
ID: 39729626
I'll try that too.

I'm really struggling with the Powershell.

One of my challenges is that results are written back to a database - that's why I also started with VBScript - easy to update SQL Server...
0
 

Author Closing Comment

by:PantoffelSlippers
ID: 39778646
Thanks experts
0

Featured Post

[Webinar] How Hackers Steal Your Credentials

Do You Know How Hackers Steal Your Credentials? Join us and Skyport Systems to learn how hackers steal your credentials and why Active Directory must be secure to stop them. Thursday, July 13, 2017 10:00 A.M. PDT

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This video shows how to use Hyena, from SystemTools Software, to update 100 user accounts from an external text file. View in 1080p for best video quality.
Suggested Courses

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question