Listing members of Group with >1500 members

Discussion in 'Scripting' started by Umesh Thakur, Apr 13, 2007.

  1. Umesh Thakur

    Umesh Thakur Guest

    I have couple of groups with more than 1500 (some group have 2000+). I need
    to get the list of members and be able to a Text file. I tried first using
    DSQuery to list the DNs og members, using following command:
    dsquery * -filter "&(objectClass=Group)(name=group_name)" -scope subtree
    -attr member

    I was only able to view first 1500 members only. I tried with other group
    names too, with same results.

    I then wrote a script to get this information, and that too, returned only
    1500 members!! I think there is something I am missing, and your help is
    needed to get that "something". Thanks in advance..

    Here is a copy of my script:

    'On Error Resume Next
    Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D
    dim fs, ts

    set fs = createObject("Scripting.fileSystemObject")
    set objArgs=wscript.Arguments
    strFile = objArgs(0) 'Text file containing list of group names, to get
    members of.

    set ts = fs.openTextFile(strFile)

    while not ts.atEndOfStream
    strGroup = trim(ts.readLine)
    Set objGroup = GetObject (getObjectDN("group","name",strGroup))

    arrMembers = objGroup.GetEx("member")

    If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
    WScript.Echo "Group " & strGroup & " has no members."
    WScript.Echo "Group: " & strGroup & " has following members: "
    For Each m in arrMembers
    set objGrp = getObject("LDAP://" & m)
    strSam = strSam & objGrp.samAccountName & "," & objGrp.displayName
    & vbNewLine
    wscript.echo strSam
    End If

    function getObjectDN(objType,strProp,strval)


    Set objConnection = CreateObject("ADODB.Connection")
    Set objCommand = CreateObject("ADODB.Command")
    objConnection.Provider = "ADsDSOObject"
    objConnection.Open "Active Directory Provider"
    Set objCommand.ActiveConnection = objConnection

    objCommand.Properties("Page Size") = 2000
    objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

    objCommand.CommandText = "SELECT * FROM 'LDAP://dc=test,dc=myDomain,dc=com'
    WHERE objectCategory='" & objType &

    "' and '" & strProp & "'='" & strVal & "'"
    Set objRecordSet = objCommand.Execute

    end function
    Umesh Thakur, Apr 13, 2007
  2. Richard Mueller [MVP], Apr 13, 2007
  3. Also, I just noticed you use:

    objCommand.Properties("Page Size") = 2000

    The maximum value is 1000. Actually, the number is not very important. What
    is important is that you turn paging on by assigning some number, say
    between 100 and 1000. Once paging is turned on, records are retrieved in
    pages, but the number is not the number of records, but something else. It
    is a matter of debate what number would be optimal, but the differences
    would probably be slight. A larger number could actually be less efficient.
    Richard Mueller [MVP], Apr 13, 2007
  4. Umesh Thakur

    Umesh Thakur Guest

    You're correct Richard. Page Size specifies how much rows will be fetched at
    a time, and used for retrieving n number of records at a time, typically used
    in client/server VB apps where navigation is needed.

    In my case, it is irrelevant, as I just want to retrieve all the records.
    but isn't there any option/way to retrieve ALL members of group? I am limited
    to 1500 members only.
    Umesh Thakur, Apr 14, 2007
  5. The only method I know is to use ADO range limits.

    Richard Mueller
    Microsoft MVP Scripting and ADSI
    Hilltop Lab -

    Richard Mueller [MVP], Apr 14, 2007
