New Scripter - Listing members of Groups in AD

Discussion in 'Scripting' started by gbrown135, Feb 15, 2007.

  1. gbrown135

    gbrown135 Guest

    Hi,

    I'm trying to use the script from microsoft, which does work. But is there
    anything I can place in there that will just display a list of the Display
    Name in AD instead of the Long
    cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com name format.

    The Script am using is:

    On Error Resume Next

    Set objGroup = GetObject _
    ("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")
    objGroup.GetInfo

    arrMemberOf = objGroup.GetEx("member")

    WScript.Echo "Members:"
    For Each strMember in arrMemberOf
    WScript.echo strMember
    Next

    Also I am going to be exporting data from hundreds of groups within the same
    OU. Is there any way in which when i run the script an InputBox appears that
    will allow me to type the groups name instead of manually editing the script
    directly?

    Any help appreaciated
     
    gbrown135, Feb 15, 2007
    #1
    1. Advertisements

  2. You need to bind to the member object (user, group, or computer) to retrieve
    other attribute values. You can use the Members method of the group object
    to retrieve a collection of member objects. You can then reference any
    attribute of the objects, such as sAMAccountName (the NT Name, or
    "pre-Windows 2000 logon name") or displayName. For example:
    ==========
    Option Explicit

    Dim objGroup, objMember

    Set objGroup = GetObject _
    ("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")

    For Each objMember In objGroup.Members
    Wscript.Echo objMember.sAMAccountName
    Next
    ===========
    In general, don't use "On Error Resume Next", as it makes troubleshooting
    nearly impossible. It's used in the snippet you posted because the code is
    flawed. An error is raised if the group has no members (the member attribute
    is Empty). Instead of checking for this situation and handling it, they took
    a shortcut and ignore the error. Their example promotes bad habits.

    To handle many groups in an OU, you can prompt for a group name using the
    InputBox function. Then concatenate the response to create the AdsPath.
    Perhaps:

    ========
    strGroupDN = InputBox("Enter Group Distinguished Name")
    Set objGroup = GetObject("LDAP://" & strGroupDN)
    =========

    If it helps, you can enumerate all the groups in the OU. Bind to the OU,
    filter on group objects, and enumerate:

    ========
    Option Explicit
    Dim objOU, objGroup, objMember

    ' Bind to OU.
    Set objOU = GetObject("LDAP://ou=R&D,dc=NA,dc=fabrikam,dc=com")
    ' Filter on group objects.
    objOU.Filter = Array("group")
    ' Enumerate groups.
    For Each objGroup In objOU
    Wscript.Echo "Group: " & objGroup.distinguishedName
    For Each objMember In objGroup.Members
    Wscript.Echo " " & objMember.sAMAccountName
    Next
    Next
    ========
    I have an example VBScript program that documents membership of all groups
    in the domain linked here:

    http://www.rlmueller.net/Document Domain Groups.htm

    This could be modified to enumerate the groups in an OU by changing the base
    of the ADO query that retrieves group Distinguished Names. Instead of:

    ' Search for all groups, return the Distinguished Name of each.
    strQuery = "<LDAP://" & strDNSDomain _
    & ">;(objectClass=group);distinguishedName;subtree"

    where strDNSDomain is the Distinguished Name of the domain, make the OU the
    base of the search with:
    ============
    Dim strOU

    strOU = "ou=R&D,dc=NA,dc=fabrikam,dc=com"
    ' Search for all groups, return the Distinguished Name of each.
    strQuery = "<LDAP://" & strOU _
    & ">;(objectClass=group);distinguishedName;subtree"
    ==========

    Finally, if you want your script to prompt for the NT name of the group (the
    value of the sAMAccountName attribute), you can use the NameTranslate object
    to convert this to the Distinguished Name. For details, see:

    http://www.rlmueller.net/NameTranslateFAQ.htm
     
    Richard Mueller [MVP], Feb 15, 2007
    #2
    1. Advertisements

  3. gbrown135

    gbrown135 Guest

    Richard

    Thanks for the reply. The only thing is I am a really really inexperienced
    user of Visual Basic. I have come up with the following:

    On Error Resume Next

    strGroupDN = InputBox("Enter Group Distinguished Name")
    Set objGroup = GetObject("LDAP://" & strGroupDN)

    Dim objou, objGroup, objmember

    ' Bind to OU.
    Set objOU = GetObject("LDAP://ou=Groups,ou=AWS,ou=Core,dc=globalinfra,dc=net")
    ' Filter on group objects.
    objOU.Filter = Array("group")
    ' Enumerate groups.
    For Each objGroup In objOU
    Wscript.Echo "Group: " & objGroup.distinguishedName
    For Each objMember In objGroup.Members
    Wscript.Echo " " & objMember.sAMAccountName
    Next
    Next

    But still this is not working?? Where am I going wrong?

    Thanks

    Gary
     
    gbrown135, Feb 15, 2007
    #3
  4. gbrown135

    gbrown135 Guest

    I have now made it possible to run this with just the names appearing rather
    than the long name format. I now have:

    On Error Resume Next

    Set objGroup = GetObject _
    ("LDAP://cn=AW_LI_OMC,ou=Groups,ou=AWS,ou=Core,dc=globalinfra,dc=net")

    For Each objMember In objGroup.Members
    Wscript.Echo objMember.sAMAccountName
    next

    It does not matter what I try I cant seem to insert a part of a script that
    will allow an InputBox to appear. Well thats a lie I can get a box to appear
    but then it seems as though I cant bind it to the rest of the OU. Or get the
    rest of the script to work. Any Help


     
    gbrown135, Feb 15, 2007
    #4
  5. Don't use "On Error Resume Next". That makes it impossible to troubleshoot.
    I would try:
    ========
    strGroupDN = InputBox("Enter Group Distinguished Name")
    Set objGroup = GetObject("LDAP://" & strGroupDN)

    For Each objMember In objGroup.Members
    Wscript.Echo " " & objMember.sAMAccountName
    Next
    ========
    The user must enter the full Distinguished Name of the group. If the
    Distinguished Name is incorrect, an error will be raised on the "Set
    objGroup" statement (line 2 in my snippet).

    The other program I posted was tested and works. In this case, you do not
    prompt for a group name. The script enumerates all group in the OU and
    displays the members of all of them. I hard coded the Distinguished Name of
    the OU:

    ===========
    ' Bind to OU.
    Set objOU =
    GetObject("LDAP://ou=Groups,ou=AWS,ou=Core,dc=globalinfra,dc=net")
    ' Filter on group objects.
    objOU.Filter = Array("group")
    ' Enumerate groups.
    For Each objGroup In objOU
    Wscript.Echo "Group: " & objGroup.distinguishedName
    For Each objMember In objGroup.Members
    Wscript.Echo " " & objMember.sAMAccountName
    Next
    Next
    ========
    If you have lots of groups, there could be a lot of output. Run the script
    at a command prompt and redirect the output to a text file. For example, if
    the VBScript is in a file called ListGroups.vbs, run it at a command prompt
    with the command:

    cscript //nologo ListGroups.vbs > report.txt

    This will redirect the output to the file report.txt

    --
    Richard
    Microsoft MVP Scripting and ADSI
    Hilltop Lab web site - http://www.rlmueller.net
    --

     
    Richard Mueller [MVP], Feb 15, 2007
    #5
  6. gbrown135

    gbrown135 Guest

    Richard

    Thanks for replying. Is there any way that

    strGroupDN = InputBox("Enter Group Distinguished Name")
    Set objGroup = GetObject("LDAP://" & strGroupDN)

    For Each objMember In objGroup.Members
    Wscript.Echo " " & objMember.sAMAccountName
    Next

    can be amended to only insert a group name instead of the full distinguished
    name?

    Cheers

     
    gbrown135, Feb 16, 2007
    #6
  7. Yes, you can use the NameTranslate object to convert the NetBIOS name of the
    group (the NT form of the name) to the Distinguished Name. For example:
    ============
    ' Constants for the NameTranslate object.
    Const ADS_NAME_INITTYPE_GC = 3
    Const ADS_NAME_TYPE_NT4 = 3
    Const ADS_NAME_TYPE_1779 = 1

    ' Prompt for NetBIOS name of group.
    strGroup = InputBox("Enter Group Name")

    ' Specify the NetBIOS name of the domain.
    strDomain = "MyDomain"

    ' Use the NameTranslate object to convert the NT name to the
    ' Distinguished Name required for the LDAP provider.
    Set objTrans = CreateObject("NameTranslate")

    ' Initialize NameTranslate by locating the Global Catalog.
    objTrans.Init ADS_NAME_INITTYPE_GC, ""

    ' Use the Set method to specify the NT format of the object name.
    objTrans.Set ADS_NAME_TYPE_NT4, strDomain & "\" & strGroup

    ' Use the Get method to retrieve the RPC 1779 Distinguished Name.
    strGroupDN = objTrans.Get(ADS_NAME_TYPE_1779)

    ' Bind to the object in Active Directory with the LDAP provider.
    Set objGroup = GetObject("LDAP://" & strGroupDN)

    For Each objMember In objGroup.Members
    Wscript.Echo " " & objMember.sAMAccountName
    Next
    =========
     
    Richard Mueller [MVP], Feb 16, 2007
    #7
  8. gbrown135

    gbrown135 Guest

    Cheers Richard

     
    gbrown135, Feb 16, 2007
    #8
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.