Re: Group Management

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

From: Jerold Schulman <Jerry@xxxxxxxxxx>
Date: Thu, 07 Apr 2005 14:08:29 -0400

On Thu, 7 Apr 2005 08:03:06 -0700, Tim <Tim@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:

>Hi,
>I'm in a situation where I need to review all the user accounts and their
>respective group memberships (security & distribution) with a view of
>reducing the number of groups.
>
>Does anyone know of any tools that will help automate this process?

>From any Windows XP domain member or from a Windows Server 2003 domain member or DC, open a CMD.EXE window.
Type:
GroupMembers CSVFile.csv
Where CSVFile.CSV is the path to the CSV file that will contain:
"Group","YorN","Member","UorG"

where YorN is a Y if the group is a security group or N if it is a distribution group
UorG is a U of "Member" is a User or G if "Member" is a nested group.

@echo off
if {%1}=={} @echo Syntax GroupMembers CSVFile&goto :EOF
setlocal ENABLEDELAYEDEXPANSION
set report=%1
if exist %report% del /q %report%
for /f "Tokens=*" %%g in ('dsquery group domainroot -name * -LIMIT 0') do (
for /f "Tokens=*" %%d in ('dsget group %%g -secgrp -L^|find /i "secgrp: "') do (
for /f "Tokens=*" %%m in ('dsget group %%g -members') do (
set mbr=%%m
set mbr=!mbr:"=!
for /f "Tokens=*" %%t in ('dsquery * domainroot -filter "(&(distinguishedName=!mbr!))" -attr objectClass -L^|Findstr /I /L "user group"') do (
set grp=%%d
set grp=!grp:secgrp: =!
set grp=!grp:yes=Y!
set grp=!grp:no=N!
set ug=%%t
set ug=!ug:user=U!
set ug=!ug:group=G!
@echo %%g,"!grp!",%%m,"!ug!">>%report%
)
)
)
)
endlocal

Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
.

Follow-Ups:
- Re: Group Management
  - From: Tim

References:
- Group Management
  - From: Tim

Prev by Date: Storing Active Directory Passwords in SQL
Next by Date: Re: Storing Active Directory Passwords in SQL
Previous by thread: Group Management
Next by thread: Re: Group Management
Index(es):
- Date
- Thread

Relevant Pages

Re: Role of current windows login user
... as Windows based 'roles' are mapped to "Windows security group" ... generic member of a sales department. ... |> opens the resource, this is the task of the OS and not the ...
(microsoft.public.dotnet.languages.csharp)
Re: Need to search Security Groups for Distribution Lists : is it possible
... Directory's Security Groups for any Distribution Lists included within. ... One way to check if a member of any group is a distribution group is to ... Another method could be to retrieve the Distinguished Names of all ...
(microsoft.public.scripting.wsh)
RE: AD Magic
... The point is that you check if the user are member of the groups which are effected by the automatic reset. ... permissions to access the mailbox and go through the items therein ... If a security descriptor for a user account ...
(microsoft.public.windows.server.active_directory)
Re: GetHashCode for Objects that Compare Based on Value (Not reference equality)
... one cannot characterize 'all data' or even 'real life ... my algorithm you quickly get a broader range. ... the definition of random distribution, and thus should data in member ... It follows that given a class with random member variable values, ...
(microsoft.public.dotnet.framework)
Re: Outside Users RDP into WS2008???
... my boss places independent contractors that have high-level ... tech/government/financial and other companies requiring hi security. ... add 'G-Consultants' to be a member of 'DL-Consultants' ... End disconnected session: ...
(microsoft.public.windows.server.general)