Re: Determine actual number of groups a user belongs to

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance


"Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx> wrote in
message news:uKJNMd64JHA.5048@xxxxxxxxxxxxxxxxxxxxxxx

"Johnsp" <Johnsp@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:83A88580-CF97-4DA8-872A-D01CD5402296@xxxxxxxxxxxxxxxx
Hello

How do i determine for a specific user:

# of domain local groups

# of universal Groups

# of securty groups



In case you need the totals for each group type, here is a version of the
program I linked that outputs the "pre-Windows 2000" names of the groups a
user belongs to, and the totals for each group type. Note that the total
number of groups is the number of security plus the number of distribution
group. This should be the same as the number of builtin, global, local, and
universal groups.
================
' EnumUserGroups.vbs
' VBScript program to enumerate the groups a user belongs to.

Option Explicit

Dim objGroupList, objUser, strDN
Dim intBuiltin, intGlobal, intLocal, intUniversal
Dim intSecurity, intDistribution

' Check for required argument.
If (Wscript.Arguments.Count < 1) Then
Wscript.Echo "Required argument <Distinguished Name> missing. " _
& "For example:" & vbCrLf _
& "cscript EnumUserGroups.vbs cn=User2,ou=Sales,dc=MyDomain,dc=com"
Wscript.Quit(0)
End If

' Bind to the user object with the LDAP provider.
strDN = Wscript.Arguments(0)
On Error Resume Next
Set objUser = GetObject("LDAP://"; & strDN)
If (Err.Number <> 0) Then
On Error GoTo 0
Wscript.Echo "User not found" & vbCrLf & strDN
Wscript.Quit(1)
End If
On Error GoTo 0

' Bind to dictionary object.
Set objGroupList = CreateObject("Scripting.Dictionary")

' Enumerate group memberships.
intBuiltin = 0
intGlobal = 0
intLocal = 0
intUniversal= 0
intSecurity = 0
intDistribution = 0

Call EnumGroups(objUser)

' Output number of each group type.
Wscript.Echo "Number of Built-in groups: " & CStr(intBuiltin)
Wscript.Echo "Number of Global groups: " & CStr(intGlobal)
Wscript.Echo "Number of Local groups: " & CStr(intLocal)
Wscript.Echo "Number of Universal groups: " & CStr(intUniversal)
Wscript.Echo "Number of Security groups: " & CStr(intSecurity)
Wscript.Echo "Number of Distribution groups: " & CStr(intDistribution)

Sub EnumGroups(ByVal objADObject)
' Recursive subroutine to enumerate user group memberships.
' Includes nested group memberships.
Dim colstrGroups, objGroup, j
objGroupList.CompareMode = vbTextCompare
colstrGroups = objADObject.memberOf
If (IsEmpty(colstrGroups) = True) Then
Exit Sub
End If
If (TypeName(colstrGroups) = "String") Then
' Escape any forward slash characters, "/", with the backslash
' escape character. All other characters that should be escaped are.
colstrGroups = Replace(colstrGroups, "/", "\/")
Set objGroup = GetObject("LDAP://"; & colstrGroups)
If (objGroupList.Exists(objGroup.sAMAccountName) = False) Then
objGroupList.Add objGroup.sAMAccountName, True
Wscript.Echo objGroup.sAMAccountName _
& " (" & GetType(objGroup.groupType) & ")"
Call EnumGroups(objGroup)
End If
Set objGroup = Nothing
Exit Sub
End If
For j = 0 To UBound(colstrGroups)
' Escape any forward slash characters, "/", with the backslash
' escape character. All other characters that should be escaped are.
colstrGroups(j) = Replace(colstrGroups(j), "/", "\/")
Set objGroup = GetObject("LDAP://"; & colstrGroups(j))
If (objGroupList.Exists(objGroup.sAMAccountName) = False) Then
objGroupList.Add objGroup.sAMAccountName, True
Wscript.Echo objGroup.sAMAccountName _
& " (" & GetType(objGroup.groupType) & ")"
Call EnumGroups(objGroup)
End If
Next
Set objGroup = Nothing
End Sub

Function GetType(ByVal intType)
' Function to determine group type from the GroupType attribute.
' Variables intBuiltin, intGlobal, intLocal, intUniversal,
' intSecurity, and intDistribution must be declared in the
' main program, so they have global scope.
If ((intType And &h01) <> 0) Then
GetType = "Built-in"
intBuiltin = intBuiltin + 1
ElseIf ((intType And &h02) <> 0) Then
GetType = "Global"
intGlobal = intGlobal + 1
ElseIf ((intType And &h04) <> 0) Then
GetType = "Local"
intLocal = intLocal + 1
ElseIf ((intType And &h08) <> 0) Then
GetType = "Universal"
intUniversal = intUniversal + 1
End If
If ((intType And &h80000000) <> 0) Then
GetType = GetType & "/Security"
intSecurity = intSecurity + 1
Else
GetType = GetType & "/Distribution"
intDistribution = intDistribution + 1
End If
End Function

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--


.

Relevant Pages

  • Re: PHP, mysql, and escaping characters
    ... MySQL requires only that backslash and the quote ... In addition to the qutoes, backslashes, and nulls, real escape string ... "Inserting a large value into a BLOB column is no different than ... a few characters that have special meaning in SQL or to the MySQL ...
    (comp.lang.php)
  • Re: huffman encoder
    ... > the function of fputc function is as follows ... char with the high bit set to indicate an "escape" code, ... the literal string that follows is of length 10 (you never ... characters that are XYZ ...
    (comp.lang.c)
  • Select Case problem
    ... ' Escape any forward slash characters, "/", with the backslash ... All other characters that should be escaped are. ... Call LoadGroups(objPriObject, objGroup) ... ' Function to map network share to a drive letter. ...
    (microsoft.public.scripting.vbscript)
  • Re: [opensuse] Basic Bash Question
    ... It was the result of the 'echo *' statement. ... Why it would interpret the *** is also just as strange. ... The -E option disables the interpretation of these escape ... characters, even on systems where they are interpreted by default. ...
    (SuSE)