Re: Identify which users are missing from a group

From: Cary Shultz [A.D. MVP] (cwshultz_at_mvps.org)
Date: 09/14/04

• Next message: Cary Shultz [A.D. MVP]: "Re: Child Domains..."
• Previous message: Yevgen Lazaryev: "Re: Migrating user to new domain loses local profile"
• In reply to: Frank Huston: "Re: Identify which users are missing from a group"
• Next in thread: bluNOboxSPAMthief: "Re: Identify which users are missing from a group"
• Reply: bluNOboxSPAMthief: "Re: Identify which users are missing from a group"
• Messages sorted by: [ date ] [ thread ]

Date: Mon, 13 Sep 2004 23:57:06 -0400

Frank,

Glad that you figured out a way. You are right, it does not sound so
pretty! But, who cares; it worked!

A note about Universal Groups: you do not want to make the individual user
account objects a direct member of the Universal Group. So, if you have 300
user account objects you do not want to have 300 individual user account
objects as members of that Universal Group. You want to populate the
Universal Groups with other groups. So, say that you have a Distribution
Group called 'Managers' and say that you have a Distribution Group called
'Assistants' ( or take your pick - '2nd Floor Employees' and '3rd Floor
Employees' would work as well ). Each and every one of those 300 user
accounts would be a member of one or the either. You would want to nest both
the Managers and the Assistants Distribution Groups as members of the
Universal Group.

Does this make any sense?

HTH,

Cary

"Frank Huston" <fhuston@job-link.net> wrote in message
news:5ef19266.0409130445.b8a4a4c@posting.google.com...
> I'm not a scripter either and that is the problem. :) I agree with you
> about the process though. As for the rest of your questions, the group
> is a Universal Distribution Group we created to keep everyone in
> touch. It should include all staff accounts but somewhere in the
> process of adding accounts, we failed to follow procedure and missed a
> few folks. Now I want to audit the entire list to make sure we have
> everyone.
>
> I found a way to accomplish what I wanted by running two of the
> resource tools Showmbrs and Usrstat, then doing a diff comparison of
> the resulting output files. It wasn't pretty but it worked. I would
> still like to have a "simple script" process for the future if anyone
> has something or develops one...
>
> Thanks!!
> Frank
>
> "Cary Shultz [A.D. MVP]" <cwshultz@mvps.org> wrote in message
news:<OlvsCQ1lEHA.2492@TK2MSFTNGP15.phx.gbl>...
> > Frank,
> >
> > I would think that you would have to find a script that would query
first
> > the entire Active Directory user 'list' and then the membership of that
> > group and then have it spit out which user account objects that are
'listed'
> > in Active Directory are not a member of that group. Or possibly query
the
> > 'memberOf' attribute.
> >
> > But I am no scripter!
> >
> > How did you set this up? Is the 'Everyone's Email' group a Local
> > Distribution Group or a Global Distribution Group or a Universal
> > Distribution Group? Is the membership of this 'Everyone's Email' group
> > based on group membership or did you manually make each user account
object
> > in your environment a member of this group?
> >
> > HTH,
> >
> > Cary
> >
> >
> >
> > "Frank Huston" <fhuston@job-link.net> wrote in message
> > news:5ef19266.0409100431.54175be3@posting.google.com...
> > > Does anyone have a script that can tell me which users are missing
> > > from a group? Windows 2000 server and exchange 2000. The group is
> > > called "Everyones Email" and we have some users missing from the group
> > > but no quick way of telling who they are...
> > >
> > > Thanks!!
> > > Frank

• Next message: Cary Shultz [A.D. MVP]: "Re: Child Domains..."
• Previous message: Yevgen Lazaryev: "Re: Migrating user to new domain loses local profile"
• In reply to: Frank Huston: "Re: Identify which users are missing from a group"
• Next in thread: bluNOboxSPAMthief: "Re: Identify which users are missing from a group"
• Reply: bluNOboxSPAMthief: "Re: Identify which users are missing from a group"
• Messages sorted by: [ date ] [ thread ]

Relevant Pages Re: Message bouncing between two servers ... Basically she is a member of a group that is nested in one that sends to the ... (ie. departmental universal group, nested within company ... send to the company universal group. ... all refer to the SMTP connector/smart host problems, ... (microsoft.public.exchange.admin) Child/Parent Domain sanity Check ... member of a universal group in A which is a member of a universal group by ... the same name in B that is a member of the administrators group of the ... Target machine is 2000 running terminal services in administration mode. ... (microsoft.public.win2000.security) Re: AD - users and computers in child domain ... > DC1 GC IM ... Neighter user was shown as member of universal group from ... If you are looking at a Universal Group ... What the IM does is pull references for objects in other domains, ... (microsoft.public.windows.server.active_directory) Re: changing group scope ... Changing group scope ... · Domain local to universal. ... want to change does not have another domain local group as a member. ... change does not have another universal group as a member. ... (microsoft.public.cert.exam.mcse) Re: Distribution List Not Distribution ... Is it a distribution group or a mail-enabled security group? ... make sure it is a universal group. ... > account with the ISP and the POP3 connector in exchange. ... > service is setup to send to this info list. ... (microsoft.public.exchange.admin)

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint