Re: retrive all AD groups and its members

---

• From: "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx>
• Date: Tue, 17 Feb 2009 18:26:52 -0600

---

The groupType attribute is a flag attribute, similar to the
userAccountControl attribute of user objects. The integer value represents
several settings, in this case whether the group is a security or
distribution group, and what type of group (global, local, etc.). The
correct way to test for each setting is to AND the value with the correct
bit mask. Any non-zero result means the setting corresponding to the bit
mask is set (or True). A zero result means the setting is not True. In this
case the bit masks are:

Group Type bit mask (hex) bit mask in decimal
--------------- -------------- -------------------
Built-in group &h01 1
Global group &h02 2
Local group &h04 4
Univeral group &h08 8
Security group &h80000000 2,147,483,648

Note that -2147483640 is (8 - 2147483648) and -2147483644 is (4 -
2147483648). Your value -2147483636 is in error. It should be 2147483648 -
2. See this link for a partial example:

http://www.microsoft.com/technet/scriptcenter/scripts/ad/groups/adgpvb26.mspx

In this case the values are OR'd. You AND values with a bit mask to test, OR
values to set, and XOR to toggle. I assume the "+" operator is an OR
operator.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

"Chris" <Chris@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:82D33F7D-D2E9-44C1-A40B-AEC7B3FC161A@xxxxxxxxxxxxxxxx

Richard,
Just read your script and need your help to unerstand following function.

Function GetType(ByVal intType)
' Function to determine group type from the GroupType

attribute.
If ((intType And &h01) <> 0) Then
GetType = "Built-in"
ElseIf ((intType And &h02) <> 0) Then
GetType = "Global"
ElseIf ((intType And &h04) <> 0) Then
GetType = "Local"
ElseIf ((intType And &h08) <> 0) Then
GetType = "Universal"
End If
If ((intType And &h80000000) <> 0) Then
GetType = GetType & "/Security"
Else
GetType = GetType & "/Distribution"
End If
End Function

According to MS here is the groupType value for various groups.
Global Distribution group, groupType=2
Universal Distribution group, groupType=8
Domain Local Distribution group, groupType=4
Global Security Group, groupType=-2147483636
Universal Security Group, groupType=-2147483640
Local Domain Security Group, groupType=-2147483644

So how does the function check the value passed from objGroup.groupType?

Thanks.



"Richard Mueller [MVP]" wrote:

"Chris" <Chris@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:16A8BE68-A910-47E1-89D3-FE521008049E@xxxxxxxxxxxxxxxx

has anyone done this? I need to retrive all groups (global, local or
universal security and distribution) and a list of members of each
group
in
the domain. I have just one domain. I don't mind if the script does
it
respectively. For example, one for global distribution groups and its
members, and one for global security groups and its members. Ideally,
the
groups and members are returned in a sorted order.

Thanks in advance.

An example VBScript program to document all groups in the domain and
their
members:

http://www.rlmueller.net/Document%20Domain%20Groups.htm

There is no provision to sort objects in AD. You would need to read the
names into a disconnected recordset and sort the recordset, which would
add
a lot of code to the program.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

.

---

• Follow-Ups:
  • Re: retrive all AD groups and its members
    • From: Chris
  • Re: retrive all AD groups and its members
    • From: Al Dunbar

• References:
  • retrive all AD groups and its members
    • From: Chris
  • Re: retrive all AD groups and its members
    • From: Richard Mueller [MVP]
  • Re: retrive all AD groups and its members
    • From: Chris

• Prev by Date: problem exporting OU users with filter = array("user") command
• Next by Date: Re: problem exporting OU users with filter = array("user") command
• Previous by thread: Re: retrive all AD groups and its members
• Next by thread: Re: retrive all AD groups and its members
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: retrive all AD groups and its members ... Global Distribution group, groupType=2 ... Universal Distribution group, groupType=8 ... Universal Security Group, groupType=-2147483640 ... members, and one for global security groups and its members. ... (microsoft.public.scripting.vbscript) Re: retrive all AD groups and its members ... -2147483646 then show Global Security Group. ... distribution group, and what type of group. ... mask is set. ... (microsoft.public.scripting.vbscript) Re: retrive all AD groups and its members ... for a global security group the returned value from ... distribution group, and what type of group. ... mask is set. ... (microsoft.public.scripting.vbscript) Re: retrive all AD groups and its members ... distribution group, and what type of group. ... mask is set. ... Security group &h80000000 2,147,483,648 ... members, and one for global security groups and its members. ... (microsoft.public.scripting.vbscript) Re: public folder permission ... >How to create public folder permission for groups of users? ... >I have created security group with an Exchange e-mail address + members, ... but what about "query based distribution group"? ... (microsoft.public.exchange.admin)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > Scripting  > microsoft.public.scripting.vbscript  > 2009-02