Re: Finding users of a specific group and listing memberships of those

modemgeek wrote:

> Hi...I am trying to write a script that will list users of a specific
group,
> such as Domain Admins. After it has listed the users who are members of
the
> Domain Admins group, I want it to list all those users group memberships.
> For example:
> ------------------------------------------------------
> Domain Admins are:
> John Doe
> Jane Joe
>
> John Doe is a member of Domain Admins, Domain Users, Remote Desktop Users
> Jane Doe is a member of Domain Admins, DHCP Users
> -----------------------------------------------------------
>
> If anyone know how to do this, please let me know. Thanks in advance.

Hi,

The VBScript below will not recognize membership in the "primary" group. It
reveals direct group membership, but not nested group membership. It does
recognize that group members can be users, contacts, computers, or other
groups (nested):

Option Explicit
Dim strGroupDN, objGroup, objMember, objMemberGroup

strGroupDN = "cn=Students,cn=Users,dc=Hilltop,dc=rlmueller,dc=net"
Set objGroup = GetObject("LDAP://"; & strGroupDN)
Wscript.Echo "Group: " & objGroup.sAMAccountName

For Each objMember In objGroup.Members
Select Case LCase(objMember.Class)
Case "user"
Wscript.Echo "Member: " & objMember.sAMAccountName & " (User)"
For Each objMemberGroup In objMember.Groups
Wscript.Echo "--" & objMember.sAMAccountName _
& " is a member of " & objMemberGroup.sAMAccountName
Next
Case "contact"
Wscript.Echo "Member: " & objMember.cn & " (Contact)"
For Each objMemberGroup In objMember.Groups
Wscript.Echo "--" & objMember.cn _
& " is a member of " & objMemberGroup.sAMAccountName
Next
Case "group"
Wscript.Echo "Member: " & objMember.sAMAccountName & " (Group)"
Case "computer"
Wscript.Echo "Member: " & objMember.sAMAccountName & "
(Computer)"
For Each objMemberGroup In objMember.Groups
Wscript.Echo "--" & objMember.sAMAccountName _
& " is a member of " & objMemberGroup.sAMAccountName
Next
Case Else
Wscript.Echo "Member: " & objMember.sAMAccountName _
& " (" & objMember.Class & ")"
End Select
Next

By default, the "primary" group for users is "Domain Users". Unless you have
modified this, you can assume that everyone belongs to that group. The above
script may show that group as empty.

--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab web site - http://www.rlmueller.net
--


.

Relevant Pages

  • Re: Add user/group to local group via Group Policy
    ... loggon/loggoff script is the route i choose and it is working perffectly. ... could run the following command: ... Refresh interval would ensure the group membership was correct throughout ... accounts from the local groups and i want to put the domain admins back ...
    (microsoft.public.windows.group_policy)
  • Re: Add user/group to local group via Group Policy
    ... One way may be to add a GPO ... based logon script. ... Refresh interval would ensure the group membership was correct throughout ... accounts from the local groups and i want to put the domain admins back ...
    (microsoft.public.windows.group_policy)
  • Re: AD LDAP query (Member of)
    ... > particular group (Domain Admins to be exact). ... > pull it up in that Find listing, an external VB script won't help me. ... > And I have found similar looking queries with group membership but ...
    (microsoft.public.win2000.active_directory)
  • Re: AD LDAP query (Member of)
    ... > particular group (Domain Admins to be exact). ... > pull it up in that Find listing, an external VB script won't help me. ... > And I have found similar looking queries with group membership but ...
    (microsoft.public.win2000.active_directory)
  • Re: Is there a chance to get info wich admin edited Users profile in AD?
    ... We have few Domain Admins, and one of them edited User's profile and added ... Group membership would normally be tracked by turning on ... "Account Management Auditing" but it's too late now, ...
    (microsoft.public.windows.server.active_directory)
Loading