Re: Empty group

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

Mercilon wrote:

> I have a script that I want to run only on AD groups that have members.
How
> do I go about detecting if a group has any members or not?

Hi,

There is no attribute indicating the number of members of a group. For any
group, you could use the Members method of the group object to count the
number of members. Or, the LDAP query below returns groups that have at
least one member:

(&(objectCategory=group)(member=*))

However, this ignores "primary" group membership. The member attribute of
the group object ignores objects that are members because the group is the
"primary" group of the object. The following VBScript outputs the
Distinguished Names of all groups in the domain that have at least one
member:

=================
Option Explicit

Dim objRootDSE, strDNSDomain, objCommand, objConnection
Dim strBase, strFilter, strAttributes, strQuery, objRecordSet
Dim strGroupDN

' Determine DNS domain name.
Set objRootDSE = GetObject("LDAP://RootDSE";)
strDNSDomain = objRootDSE.Get("defaultNamingContext")

' Use ADO to search Active Directory.
Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection
strBase = "<LDAP://"; & strDNSDomain & ">"

strFilter = "(&(objectCategory=group)(member=*))"
strAttributes = "distinguishedName"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute

Do Until objRecordSet.EOF
strGroupDN = objRecordSet.Fields("distinguishedName")
Wscript.Echo "Group with members: " & strGroupDN
objRecordSet.MoveNext
Loop
objRecordSet.Close
=================
In the final loop, you could bind to each group with the Distinguished Name.

By default, the "primary" group of user objects is the "Domain Users" group.
In most cases, the above script will not return the group "Domain Users",
because the member attribute is empty - all members have this group
designated as their "primary". Similarily, the group "Domain Computers"
appears to be empty in many cases, because by default computer objects have
this group designated as "primary".

--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab web site - http://www.rlmueller.net
--


.

Relevant Pages

  • Re: List Members of a Group (with user input)
    ... Wscript.Echo "No members" ... Dim objRootDSE, objTrans, strNetBIOSDomain, strGroup ... I would like one that does not require editing of the script each time. ... Dim UserCount, gga, CNgga ...
    (microsoft.public.scripting.vbscript)
  • Re: I need help with a login script
    ... You rewrite the script but I think it will be time consuming trying ... "Costas" wrote: ... Users are members of security group Accounting sales etc. Lsnsrv01 is ... wshNetWork.SetDefaultPrinter "\\lsnsrv01\2840Color" ElseIf ...
    (microsoft.public.windows.server.sbs)
  • Re: I need help with a login script
    ... You rewrite the script but I think it will be time consuming trying ... On Error GoTo 0 ... Users are members of security group Accounting sales etc. Lsnsrv01 is the ... wshNetWork.SetDefaultPrinter "\\lsnsrv01\2840Color" ElseIf InStrThen ...
    (microsoft.public.windows.server.sbs)
  • Re: Missing Users in "Group Listing"...
    ... > script is listed below... ... > - Run the above script, and the user account in question will not be ... for all users that have a matching value for the "primaryGroupID" attribute ... Members method of the group object does include any members that have the ...
    (microsoft.public.scripting.vbscript)
  • Re: Sending email to groups
    ... make them members of a Category, and full contacts if they're currently only ... this feature exists in Word X/Data Merge Manager. ... Run "Make Group Contacts" script on the group, in Entourage. ...
    (microsoft.public.mac.office.entourage)