How can I export a list of group members from my AD environment
--
SK
How can I export a list of group members from my AD environment
--
SK
seankil wrote:
> How can I export a list of group members from my AD environment
The script linked in the Microsoft Script Center will reveal the direct
members of a group, except any members that have the group designated as
their "primary" group. It will not reveal membership due to group nesting.
If you want to include all members, including those that are members by
virtue of group nesting, and "primary" group members, you can use this
VBScript program:
http://www.rlmueller.net/List%20Memb...0a%20Group.htm
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
Thanks Richard for the info. I am sorry but my scripting knowledge is zero.
My domain name is nehb.health.gov.ie. The problem i have is trying to
identify the amount of people in a security group called Blue Coat Inet User.
Thanks for any help.
--
SK
"Richard Mueller [MVP]" wrote:
> seankil wrote:
>
> > How can I export a list of group members from my AD environment
>
> The script linked in the Microsoft Script Center will reveal the direct
> members of a group, except any members that have the group designated as
> their "primary" group. It will not reveal membership due to group nesting.
>
> If you want to include all members, including those that are members by
> virtue of group nesting, and "primary" group members, you can use this
> VBScript program:
>
> http://www.rlmueller.net/List%20Memb...0a%20Group.htm
>
> --
> Richard Mueller
> Microsoft MVP Scripting and ADSI
> Hilltop Lab - http://www.rlmueller.net
> --
>
>
>
I assume that "Blue Coat Inet User" is the NetBIOS name of the group, also
called the "pre-Windows 2000" name. You don't supply enough information to
determine the Distinguished Name of the group, but you can use the
NameTranslate object to convert the NetBIOS name to the Distinguished Name.
If all you want is a count of the direct members of the group, you can use
the Count property of the Members method of the group object. The code could
be similar to below:
==========
' Constants for the NameTranslate object.
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1
' Prompt for (or hard code) the NetBIOS name of the group.
strGroup = InputBox("Enter name of group")
' Determine DNS name of domain from RootDSE.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
' Use the NameTranslate object to find the NetBIOS domain name from the
' DNS domain name.
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain
strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)
' Remove trailing backslash.
strNetBIOSDomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1)
' Use the Set method to specify the NT format of the group name.
objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strGroup
' Use the Get method to retrieve the RPC 1779 Distinguished Name.
strGroupDN = objTrans.Get(ADS_NAME_TYPE_1779)
' Bind to the group object.
Set objGroup = GetObject("LDAP://" & strGroupDN)
' Output number of direct members of the group.
Wscript.Echo "Number of members: " & objGroup.Members.Count
========
The Count property includes all members, whether users, computers, or
groups. It does not include membership due to nesting. It also does not
include any members that have the group designated as their "primary" group.
By default, the "primary" group of users should be "Domain Users", so if
that has not been changed it is not a problem (unless you want the number of
members of the group "Domain Users").
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
"seankil" <seankil@discussions.microsoft.com> wrote in message
news:A7B6937A-9B76-4084-B7B8-4FFDAEE3ADBD@microsoft.com...
> Thanks Richard for the info. I am sorry but my scripting knowledge is
> zero.
> My domain name is nehb.health.gov.ie. The problem i have is trying to
> identify the amount of people in a security group called Blue Coat Inet
> User.
> Thanks for any help.
> --
> SK
>
>
> "Richard Mueller [MVP]" wrote:
>
>> seankil wrote:
>>
>> > How can I export a list of group members from my AD environment
>>
>> The script linked in the Microsoft Script Center will reveal the direct
>> members of a group, except any members that have the group designated as
>> their "primary" group. It will not reveal membership due to group
>> nesting.
>>
>> If you want to include all members, including those that are members by
>> virtue of group nesting, and "primary" group members, you can use this
>> VBScript program:
>>
>> http://www.rlmueller.net/List%20Memb...0a%20Group.htm
>>
>> --
>> Richard Mueller
>> Microsoft MVP Scripting and ADSI
>> Hilltop Lab - http://www.rlmueller.net
>> --
>>
>>
>>
Bookmarks