Go Back   TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Become a Member!
Forgot your username/password?
Register Tags Active Topics RSS Search Mark Forums Read

Sponsored Links



Listing members of Group with >1500 members

Windows Server Help


Reply
 
Thread Tools Search this Thread
  #1  
Old 13-04-2007
Umesh Thakur
 
Posts: n/a
Listing members of Group with >1500 members

I have couple of groups with more than 1500 (some group have 2000+). I need
to get the list of members and be able to a Text file. I tried first using
DSQuery to list the DNs og members, using following command:
dsquery * -filter "&(objectClass=Group)(name=group_name)" -scope subtree
-attr member

I was only able to view first 1500 members only. I tried with other group
names too, with same results.

I then wrote a script to get this information, and that too, returned only
1500 members!! I think there is something I am missing, and your help is
needed to get that "something". Thanks in advance..

Here is a copy of my script:

'---------------------------------------------
'On Error Resume Next
Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D
dim fs, ts

set fs = createObject("Scripting.fileSystemObject")
set objArgs=wscript.Arguments
strFile = objArgs(0) 'Text file containing list of group names, to get
members of.

set ts = fs.openTextFile(strFile)

while not ts.atEndOfStream
strGroup = trim(ts.readLine)
Set objGroup = GetObject (getObjectDN("group","name",strGroup))

arrMembers = objGroup.GetEx("member")

strSam=""
If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
WScript.Echo "Group " & strGroup & " has no members."
Else
WScript.Echo "Group: " & strGroup & " has following members: "
For Each m in arrMembers
set objGrp = getObject("LDAP://" & m)
strSam = strSam & objGrp.samAccountName & "," & objGrp.displayName
& vbNewLine
Next
wscript.echo strSam
End If
wend

function getObjectDN(objType,strProp,strval)

Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 2000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

objCommand.CommandText = "SELECT * FROM 'LDAP://dc=test,dc=myDomain,dc=com'
WHERE objectCategory='" & objType &

"' and '" & strProp & "'='" & strVal & "'"
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
getObjectDN=objRecordSet.Fields("adsPath").Value
end function
'------------------------------------------------------------

--
Umesh

"Old programmers never die. They just terminate and stay resident."


Reply With Quote
  #2  
Old 13-04-2007
Richard Mueller [MVP]
 
Posts: n/a
Re: Listing members of Group with >1500 members

You need to use ADO range limits to overcome this limitation. I have an
VBScript program demonstrating this linked here:

http://www.rlmueller.net/DocumentLargeGroup.htm

The limit is 1000 in W2k networks, 1500 in w2k3.

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--

>I have couple of groups with more than 1500 (some group have 2000+). I need
> to get the list of members and be able to a Text file. I tried first using
> DSQuery to list the DNs og members, using following command:
> dsquery * -filter "&(objectClass=Group)(name=group_name)" -scope subtree
> -attr member
>
> I was only able to view first 1500 members only. I tried with other group
> names too, with same results.
>
> I then wrote a script to get this information, and that too, returned only
> 1500 members!! I think there is something I am missing, and your help is
> needed to get that "something". Thanks in advance..
>
> Here is a copy of my script:
>
> '---------------------------------------------
> 'On Error Resume Next
> Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D
> dim fs, ts
>
> set fs = createObject("Scripting.fileSystemObject")
> set objArgs=wscript.Arguments
> strFile = objArgs(0) 'Text file containing list of group names, to get
> members of.
>
> set ts = fs.openTextFile(strFile)
>
> while not ts.atEndOfStream
> strGroup = trim(ts.readLine)
> Set objGroup = GetObject (getObjectDN("group","name",strGroup))
>
> arrMembers = objGroup.GetEx("member")
>
> strSam=""
> If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
> WScript.Echo "Group " & strGroup & " has no members."
> Else
> WScript.Echo "Group: " & strGroup & " has following members: "
> For Each m in arrMembers
> set objGrp = getObject("LDAP://" & m)
> strSam = strSam & objGrp.samAccountName & "," &
> objGrp.displayName
> & vbNewLine
> Next
> wscript.echo strSam
> End If
> wend
>
> function getObjectDN(objType,strProp,strval)
>
> Const ADS_SCOPE_SUBTREE = 2
>
> Set objConnection = CreateObject("ADODB.Connection")
> Set objCommand = CreateObject("ADODB.Command")
> objConnection.Provider = "ADsDSOObject"
> objConnection.Open "Active Directory Provider"
> Set objCommand.ActiveConnection = objConnection
>
> objCommand.Properties("Page Size") = 2000
> objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
>
> objCommand.CommandText = "SELECT * FROM
> 'LDAP://dc=test,dc=myDomain,dc=com'
> WHERE objectCategory='" & objType &
>
> "' and '" & strProp & "'='" & strVal & "'"
> Set objRecordSet = objCommand.Execute
>
> objRecordSet.MoveFirst
> getObjectDN=objRecordSet.Fields("adsPath").Value
> end function
> '------------------------------------------------------------
>
> --
> Umesh
>
> "Old programmers never die. They just terminate and stay resident."
>



Reply With Quote
  #3  
Old 13-04-2007
Richard Mueller [MVP]
 
Posts: n/a
Re: Listing members of Group with >1500 members

Also, I just noticed you use:

objCommand.Properties("Page Size") = 2000

The maximum value is 1000. Actually, the number is not very important. What
is important is that you turn paging on by assigning some number, say
between 100 and 1000. Once paging is turned on, records are retrieved in
pages, but the number is not the number of records, but something else. It
is a matter of debate what number would be optimal, but the differences
would probably be slight. A larger number could actually be less efficient.

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--


Reply With Quote
  #4  
Old 14-04-2007
Umesh Thakur
 
Posts: n/a
Re: Listing members of Group with >1500 members

You're correct Richard. Page Size specifies how much rows will be fetched at
a time, and used for retrieving n number of records at a time, typically used
in client/server VB apps where navigation is needed.

In my case, it is irrelevant, as I just want to retrieve all the records.
but isn't there any option/way to retrieve ALL members of group? I am limited
to 1500 members only.

--
Umesh

"Old programmers never die. They just terminate and stay resident."



"Richard Mueller [MVP]" wrote:

> Also, I just noticed you use:
>
> objCommand.Properties("Page Size") = 2000
>
> The maximum value is 1000. Actually, the number is not very important. What
> is important is that you turn paging on by assigning some number, say
> between 100 and 1000. Once paging is turned on, records are retrieved in
> pages, but the number is not the number of records, but something else. It
> is a matter of debate what number would be optimal, but the differences
> would probably be slight. A larger number could actually be less efficient.
>
> --
> Richard Mueller
> Microsoft MVP Scripting and ADSI
> Hilltop Lab - http://www.rlmueller.net
> --
>
>
>

Reply With Quote
  #5  
Old 14-04-2007
Richard Mueller [MVP]
 
Posts: n/a
Re: Listing members of Group with >1500 members

The only method I know is to use ADO range limits.

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--

"Umesh Thakur" <UmeshThakur@discussions.microsoft.com> wrote in message
news:D422B4DD-4404-4C7E-8D71-645DAC6520E0@microsoft.com...
> You're correct Richard. Page Size specifies how much rows will be fetched
> at
> a time, and used for retrieving n number of records at a time, typically
> used
> in client/server VB apps where navigation is needed.
>
> In my case, it is irrelevant, as I just want to retrieve all the records.
> but isn't there any option/way to retrieve ALL members of group? I am
> limited
> to 1500 members only.
>
> --
> Umesh
>
> "Old programmers never die. They just terminate and stay resident."
>
>
>
> "Richard Mueller [MVP]" wrote:
>
>> Also, I just noticed you use:
>>
>> objCommand.Properties("Page Size") = 2000
>>
>> The maximum value is 1000. Actually, the number is not very important.
>> What
>> is important is that you turn paging on by assigning some number, say
>> between 100 and 1000. Once paging is turned on, records are retrieved in
>> pages, but the number is not the number of records, but something else.
>> It
>> is a matter of debate what number would be optimal, but the differences
>> would probably be slight. A larger number could actually be less
>> efficient.
>>
>> --
>> Richard Mueller
>> Microsoft MVP Scripting and ADSI
>> Hilltop Lab - http://www.rlmueller.net
>> --
>>
>>
>>



Reply With Quote
  #6  
Old 27-02-2010
Member
 
Join Date: Feb 2010
Posts: 3
Re: Listing members of Group with >1500 members

Here's a link to sample code that may help
Reply With Quote
  #7  
Old 01-02-2012
Member
 
Join Date: Sep 2006
Posts: 3
Re: Listing members of Group with >1500 members

Hi,

I was looking for direct members of a group. I have group names in a text file in this format:

CN=GroupName,OU=Local Access Groups,OU=Security,DC=Domain,DC=com

I am using this code. But I have the same problem. I am getting no more than 1500 users for a group.
***********************************************************
Const ForReading = 1
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile ("Groups.txt", ForReading)

Do Until objTextFile.AtEndOfStream
strNextLine = objTextFile.Readline
arrServiceList = Split(strNextLine , "|")
'Wscript.Echo "Server name: " & arrServiceList(0)
For i = 1 to Ubound(arrServiceList)
'Wscript.Echo "Service: " & arrServiceList(i)


On error resume Next

Set objGroup = GetObject ("LDAP://" & arrServiceList(0))

objGroup.GetInfo

arrMemberOf = objGroup.GetEx("member")

'WScript.Echo "Members:"
For Each strMember in arrMemberOf
strOU1 = Split(arrServiceList(0), "=")
strOU = strOU1(1)
strGroupName1 = Split(strOU, ",")
strGroupName = strGroupName1(0)

strMbr1 = Split(strMember, "=")
strMbr2 = strMbr1(1)
strMbr3 = Split(strMbr2, ",")
strMbr4 = strMbr3(0)
strMbr5 = Replace(strMbr4,"\#","#")


WScript.echo strGroupName & "|" & strMbr5
Next


Next
Loop
********************************************************

Thanks.
Reply With Quote
  #8  
Old 01-02-2012
Member
 
Join Date: Dec 2007
Posts: 2,260
Re: Listing members of Group with >1500 members

anoopam9,

Can you use the below code to enumerate/list members in a large group (over 1500 members)

Code:
using System;
using System.Collections;
using System.Collections.Generic;
using System.Text;
using System.DirectoryServices;
using ActiveDs;

namespace DirectoryServices
{
    static class ADGroup
    {
        const string GROUP_PATH = "LDAP://PATHTOGROUPGOESHERE";
        const string MEMBER_PATH = "LDAP://PATHTOUSERGOESHERE";
        const string MEMBER_DISTINGUISHED_NAME = "USERDISTINGUISHEDNAMEGOESHERE";

        public static void ListMembers()
        {
            using (DirectoryEntry DE = new DirectoryEntry(GROUP_PATH))
            {
                IADsMembers groupMembers = (IADsMembers) DE.Invoke("members", null);
                int ctr = 0;
                foreach (object groupMember in groupMembers)
                {
                    IADs user = (IADs)groupMember;

                    ctr = ctr + 1;
                    Console.WriteLine(ctr + " - " + user.Name);
                }
            }
        }
    }
}
Reply With Quote
  #9  
Old 02-02-2012
Member
 
Join Date: Sep 2006
Posts: 3
Re: Listing members of Group with >1500 members

Thanks Einstein.. I have one more question here

I only have the DistinguishedName like this:

CN=GroupName,OU=Local Access Groups,OU=Security,DC=Domain,DC=com

How can I get the
  • Group_Path,
  • Member_Path,
  • Member_Distinguished_Name

Thanks.
Reply With Quote
  #10  
Old 02-02-2012
Member
 
Join Date: Dec 2007
Posts: 2,260
Re: Listing members of Group with >1500 members

Quote:
Originally Posted by anoopam9 View Post
Thanks Einstein.. I have one more question here

I only have the DistinguishedName like this:

CN=GroupName,OU=Local Access Groups,OU=Security,DC=Domain,DC=com

How can I get the
  • Group_Path,
  • Member_Path,
  • Member_Distinguished_Name
Did you mean the below:

Command to find the LDAP path for OU
Dsquery OU –name "OU Name"

Command to find the LDAP path for group
DSquery group –samid "Group Name"

Command to find the LDAP path for user object
Dsquery OU –name "User Name"

Command to find the LDAP path for computer object
DSquery Computer –name "Computer Name"

Command to find the LDAP path for subnet object
dsquery subnet -name "Subnet"

Command to find the LDAP path for the Site
dsquery site -name "Site Name"
Reply With Quote
  #11  
Old 02-02-2012
Member
 
Join Date: Sep 2006
Posts: 3
Re: Listing members of Group with >1500 members

What I am trying to do here is
The first program gets the LDAP path of all the Groups of the domain in a text file in this format

CN=GroupName1,OU=Local Access Groups,OU=Security,DC=Domain,DC=com
CN=GroupName2,OU=Local Access Groups,OU=Security,DC=Domain,DC=com

and then the next program reads the text file to get the direct members of all the groups in one single file. There are like 100's of groups.

For some of the groups where number of members are greater than 1500, the program is fetching only 1500 members and ignoring rest of them.

I am trying to understand here how I can implement it using your program.
Reply With Quote
  #12  
Old 03-02-2012
Member
 
Join Date: Feb 2010
Posts: 3
Re: Listing members of Group with >1500 members

Microsoft has implemented a non-standard way of retrieiving members of groups. In Windows 2000 you could get at most 1,000 members. In windows 2003 and later, you can get up to 1,500 in each call. The strategy is to look for a specially formed attribute, member;range=x-y, where x and y are the low and high value to be returned where the difference between is 1,500 or less.

The link below provides a sample of how to implement using Visual Basic .Net. You can try converting to VBScript but with the free Visual Studio .Net Express versions, why bother? If you really must script, then I'd recommend creating a PowerShell version.

The article contains links to Microsoft documentation covering the same topic.
Reply With Quote
Reply

  TechArena Community > Technical Support > Computer Help > Windows Server > Windows Server Help
Tags: , , ,



Thread Tools Search this Thread
Search this Thread:

Advanced Search


Similar Threads for: "Listing members of Group with >1500 members"
Thread Thread Starter Forum Replies Last Post
Add members to a group using LDIF file Coyoth Active Directory 4 08-08-2012 10:38 PM
Display members of a group with more than 1500 members Simon G Windows Server Help 5 25-10-2011 12:35 PM
Using DSQUERY to get the members of a Group in AD sevaanan Active Directory 5 11-11-2009 12:53 PM
Dsget group members SID Jeremy Smith Active Directory 3 22-11-2008 05:32 AM
Export Group Members seankil Windows Server Help 4 09-04-2008 09:05 PM


All times are GMT +5.5. The time now is 11:57 PM.