"Stuscotland" <> wrote in message
news:38950585-04CF-4551-B39B-...
> Hi
> I need to take the members of a global group and export their
> samaccountnames. I'm sure this isn't a huge task. Can someone advise on
> the
> least painless way to do this - i am in the middle of a 3000 user
> migration
> and need a quick fix!
>
> Cheers
You can use dsget, but only if all members are users (no groups or
computers):
dsget group "cn=My Group,ou=West,dc=MyDomain,dc=com" -members | dsget
user -samid
Otherwise, a VBScript program can show sAMAccountName of all members of a
group:
==========
' Bind to group with Distinguished Name.
Set objGroup = GetObject("LDAP://cn=My Group,ou=West,dc=MyDomain,dc=com")
' Enumerate all direct members.
For Each objMember In objGroup.Members
Wscript.Echo objMember.sAMAccountName
Next
=========
However, if the group is large, this will be slow as it must bind to each
member object. A faster solution (but with more code) uses ADO. For example:
==============
Option Explicit
Dim adoCommand, adoConnection, strBase, strFilter, strAttributes
Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strName
' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
' Filter on direct members of group.
strFilter = "(memberOf=cn=My Group,ou=West,dc=MyDomain,dc=com)"
' Comma delimited list of attribute values to retrieve.
strAttributes = "sAMAccountName"
' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
' Run the query.
Set adoRecordset = adoCommand.Execute
' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
' Retrieve values.
strName = adoRecordset.Fields("sAMAccountName").Value
Wscript.Echo strName
' Move to the next record in the recordset.
adoRecordset.MoveNext
Loop
' Clean up.
adoRecordset.Close
adoConnection.Close
==========
To restrict output to user objects (no groups or computers), change the
filter to:
strFilter = "(&(objectCategory=person)(objectClass=user)" _
& "(memberOf=cn=My Group,ou=West,dc=MyDomain,dc=com))"
Finally, if the group is Domain Users, then I would expect all users to have
this group designated as their "primary" group. None of the methods above
will reveal membership in this group. Instead, you must use ADO to retrieve
all users where the value of the primaryGroupID attribute is 513. For this
you can use the code I posted above, but use the filter:
strFilter = "(primaryGroupID = 513)"
--
Richard Mueller
MVP Directory Services
Hilltop Lab -
http://www.rlmueller.net
--
Similar Threads
Linear Mode
