Re: Can Anyone Tell Me Why?

From: Eric Fleischman [MSFT] (efleis_at_online.microsoft.com)
Date: 10/19/04

Next message: nhlpens66: "Re: Folder Redirection and Roaming Profiles"
Previous message: Rytis: "Q about Vintela Authentication Services (VAS)"
In reply to: Mike Goodwin: "Re: Can Anyone Tell Me Why?"
Next in thread: Al Mulnick: "Re: Can Anyone Tell Me Why?"
Reply: Al Mulnick: "Re: Can Anyone Tell Me Why?"
Messages sorted by: [ date ] [ thread ]

Date: Tue, 19 Oct 2004 07:58:24 -0500

If it works for you, you won't hear me complain. :)
I'll look around to see if someone has a canned script, I just don't have
one handy.

The logic would be:
- read domain users group; read 'member' attribute; this is part of your
membership
- issue a search against the domain NC with a search filter of something
like (&(objectCategory=user)(primaryGroupID=XXX)) where XXX is the group ID
for the domain users group (can read this off of someone that has primary
group set to domain users now). Also you might want to twidde the
objectCategory term depending upon your environment (person and user come to
mind as most often used).

~Eric

-- 
This posting is provided "AS IS" with no warranties, and confers no rights.
Use of included script samples are subject to the terms specified at
http://www.microsoft.com/info/cpyright.htm
"Mike Goodwin" <mike.goodwin@oeconnection.com> wrote in message 
news:u3Z$M4StEHA.2624@TK2MSFTNGP11.phx.gbl...
> When I used  WinNT instead of LDAP to connect to that domain group 
> object...
> it returned the membership results as expected.  This seems like the 
> easier
> and quicker approach... yes/no?
>
>
> "Mike Goodwin" <mike.goodwin@oeconnection.com> wrote in message
> news:uoA6yiStEHA.1216@TK2MSFTNGP10.phx.gbl...
>> Thanks for the reply Eric..
>>
>> On the surface that seemed doable, but now I have found this big ugly
> script
>> on MSDN to perform this simple second query and if fails on trying to
> create
>> an object that appantly I need to make this query... I am running on XP
> Pro.
>>
>> MS Article Number:  297951
>> Error :set ADsSid = CreateObject("ADsSID")  ' this fails... can't create
>> ActiveX Object (line 43)
>>
>> Is there an easier way to make this second query?  Or where do I get this
>> object from?
>>
>> Mike
>>
>>
>> > Domain users group is somewhat special in that most of its members are 
>> > a
>> > member by virtue of the value in the primaryGroupID of the users. It's
> the
>> > other way that a user is a member of a group.
>> > Issue a second query for all users with a primaryGroupID set to point 
>> > to
>> the
>> > domain users group, and you'll probably find the rest.
>> >
>> > ~Eric
>> >
>> > -- 
>> > This posting is provided "AS IS" with no warranties, and confers no
>> rights.
>> > Use of included script samples are subject to the terms specified at
>> > http://www.microsoft.com/info/cpyright.htm
>> >
>> >
>> > "Mike Goodwin" <mike.goodwin@oeconnection.com> wrote in message
>> > news:OOv3WJRtEHA.3984@TK2MSFTNGP09.phx.gbl...
>> > > Can anyone tell me why this scrupt will only return a few of tha
> actual
>> > > members of my Domain Users group.  There should be 150 or so members
> and
>> > > it
>> > > shows 4.  When I tried it at home, there should be 19 members and it
>> shows
>> > > 1.
>> > >
>> > > Both ADs are running on Windows 2000.
>> > >
>> > > Thanks In Advance...
>> > >
>> > > Mike Goodwin
>> > >
>> > > Sub GetDomainUsersMembers
>> > >            msg = ""
>> > >            Set objTarget = GetObject("LDAP://CN=Domain
>> > > Users,CN=Users,DC=<SUBDOMAIN>,DC=<DOMAIN>,DC=COM")
>> > >            objTarget.GetInfo
>> > >            Set objItems = objTarget.Members
>> > >            Msgbox objItems.Count
>> > >
>> > >            Set objItems = nothing
>> > >            For Each obj in objTarget.Members
>> > >                        msg = msg & obj.Name & chr(13)
>> > >            Next
>> > >            msgbox "GROUP MEMBERS" & chr(13) & msg
>> > >            Set objTarget = nothing
>> > > End Sub
>> > >
>> > >
>> >
>> >
>>
>>
>
>

Next message: nhlpens66: "Re: Folder Redirection and Roaming Profiles"
Previous message: Rytis: "Q about Vintela Authentication Services (VAS)"
In reply to: Mike Goodwin: "Re: Can Anyone Tell Me Why?"
Next in thread: Al Mulnick: "Re: Can Anyone Tell Me Why?"
Reply: Al Mulnick: "Re: Can Anyone Tell Me Why?"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Script to add a user to a local computer group
... Is there any way to do this script in domain user group? ... I use the following to add the domain users group, ... Case "SERVERNAME" endscript ... > Tom. ...
(microsoft.public.scripting.wsh)
Re: Can Anyone Tell Me Why?
... > on MSDN to perform this simple second query and if fails on trying to ... >> member by virtue of the value in the primaryGroupID of the users. ... >> Issue a second query for all users with a primaryGroupID set to point to ... >> domain users group, and you'll probably find the rest. ...
(microsoft.public.windows.server.active_directory)
Re: Can Anyone Tell Me Why?
... On the surface that seemed doable, but now I have found this big ugly script ... Is there an easier way to make this second query? ... > domain users group, and you'll probably find the rest. ... >> Sub GetDomainUsersMembers ...
(microsoft.public.windows.server.active_directory)
Verifying version numbers...
... I was given a script that will check the version number of files and then ... compares it to an update directory of those files, if the file in the update ... 100% only if the user has Administrator rights. ... change to the Domain Users group that will allow this script to work as it ...
(microsoft.public.windows.group_policy)
logon script
... I can run the script when logging on the ... What right do I need to grant domain users group so they ...
(microsoft.public.win2000.security)