Re: Finding users of a specific group and listing memberships of t

From: modemgeek <modemgeek@xxxxxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 8 Jun 2005 17:29:01 -0700

Thanks. That worked. However, is there any way to recognize the "primary"
group. This is important for our SOX audit because we need to run a monthly
report generated by the system that lists members of the Domain Admin group.
This is what I have so far. I made a few minor changes:

Option Explicit
Dim strGroupDN, objGroup, objMember, objMemberGroup, objFileSystem,
objOutputFile, strOutputFile

' generate a filename base on the script name
strOutputFile = "./" & Split(WScript.ScriptName, ".")(0) & ".txt"

Set objFileSystem = CreateObject("Scripting.fileSystemObject")
Set objOutputFile = objFileSystem.CreateTextFile(strOutputFile, TRUE)

strGroupDN = "CN=Domain Admins,OU=System Accounts,OU=ABM,DC=abm,DC=ads"
Set objGroup = GetObject("LDAP://"; & strGroupDN)
objOutputFile.WriteLine "Group: " & objGroup.sAMAccountName

For Each objMember In objGroup.Members
Select Case LCase(objMember.Class)
Case "user"
objOutputFile.WriteLine " "
objOutputFile.WriteLine "Member: " & objMember.displayName & " -
" & objMember.sAMAccountName & " (User)"
For Each objMemberGroup In objMember.Groups
objOutputFile.WriteLine " " & objMember.sAMAccountName _
& " is a member of " & objMemberGroup.sAMAccountName
Next
Case Else
objOutputFile.WriteLine "Member: " & objMember.sAMAccountName _
& " (" & objMember.Class & ")"
End Select
Next

objOutputFile.Close

"Richard Mueller [MVP]" wrote:

> modemgeek wrote:
>
> > Hi...I am trying to write a script that will list users of a specific
> group,
> > such as Domain Admins. After it has listed the users who are members of
> the
> > Domain Admins group, I want it to list all those users group memberships.
> > For example:
> > ------------------------------------------------------
> > Domain Admins are:
> > John Doe
> > Jane Joe
> >
> > John Doe is a member of Domain Admins, Domain Users, Remote Desktop Users
> > Jane Doe is a member of Domain Admins, DHCP Users
> > -----------------------------------------------------------
> >
> > If anyone know how to do this, please let me know. Thanks in advance.
>
> Hi,
>
> The VBScript below will not recognize membership in the "primary" group. It
> reveals direct group membership, but not nested group membership. It does
> recognize that group members can be users, contacts, computers, or other
> groups (nested):
>
> Option Explicit
> Dim strGroupDN, objGroup, objMember, objMemberGroup
>
> strGroupDN = "cn=Students,cn=Users,dc=Hilltop,dc=rlmueller,dc=net"
> Set objGroup = GetObject("LDAP://"; & strGroupDN)
> Wscript.Echo "Group: " & objGroup.sAMAccountName
>
> For Each objMember In objGroup.Members
> Select Case LCase(objMember.Class)
> Case "user"
> Wscript.Echo "Member: " & objMember.sAMAccountName & " (User)"
> For Each objMemberGroup In objMember.Groups
> Wscript.Echo "--" & objMember.sAMAccountName _
> & " is a member of " & objMemberGroup.sAMAccountName
> Next
> Case "contact"
> Wscript.Echo "Member: " & objMember.cn & " (Contact)"
> For Each objMemberGroup In objMember.Groups
> Wscript.Echo "--" & objMember.cn _
> & " is a member of " & objMemberGroup.sAMAccountName
> Next
> Case "group"
> Wscript.Echo "Member: " & objMember.sAMAccountName & " (Group)"
> Case "computer"
> Wscript.Echo "Member: " & objMember.sAMAccountName & "
> (Computer)"
> For Each objMemberGroup In objMember.Groups
> Wscript.Echo "--" & objMember.sAMAccountName _
> & " is a member of " & objMemberGroup.sAMAccountName
> Next
> Case Else
> Wscript.Echo "Member: " & objMember.sAMAccountName _
> & " (" & objMember.Class & ")"
> End Select
> Next
>
> By default, the "primary" group for users is "Domain Users". Unless you have
> modified this, you can assume that everyone belongs to that group. The above
> script may show that group as empty.
>
> --
> Richard
> Microsoft MVP Scripting and ADSI
> Hilltop Lab web site - http://www.rlmueller.net
> --
>
>
>
.

Follow-Ups:
- Re: Finding users of a specific group and listing memberships of t
  - From: Richard Mueller [MVP]

References:
- Finding users of a specific group and listing memberships of those
  - From: modemgeek
- Re: Finding users of a specific group and listing memberships of those
  - From: Richard Mueller [MVP]

Prev by Date: Re: Script that detects group membership
Next by Date: Re: Moving computers to new OU
Previous by thread: Re: Finding users of a specific group and listing memberships of those
Next by thread: Re: Finding users of a specific group and listing memberships of t
Index(es):
- Date
- Thread

Relevant Pages

Re: Finding users of a specific group and listing memberships of t
... An example program that displays all members of a group, ... whose primaryGroupToken matches the primaryGroupID of the user. ... For Each objMember In objGroup.Members ... >>> Domain Admins group, I want it to list all those users group ...
(microsoft.public.windows.server.scripting)
Re: script error
... This script is supposed to enumerate members of groupA and add them to ... I use objMember in place of objUser simply because members can be users, ...
(microsoft.public.scripting.vbscript)
Re: Delete all users on
... The following script assumes it is being run on the local computer, ... Dim objNetwork, strComputer, objGroup, objMember ... ' Retrieve NetBIOS name of local computer. ... ' Enumerate all members. ...
(microsoft.public.scripting.vbscript)
Re: Another Scripting Newbie - admin check
... members, members due to group nesting of local groups, members of domain ... Dim objRootDSE, strDNSDomain, adoConnection, adoCommand ... ' Bind to the local Administrators group on each computer ... For Each objMember In objLocalGroup.Members ...
(microsoft.public.windows.server.scripting)
Re: List Members of a Group (with user input)
... Wscript.Echo "No members" ... Dim objRootDSE, objTrans, strNetBIOSDomain, strGroup ... I would like one that does not require editing of the script each time. ... Dim UserCount, gga, CNgga ...
(microsoft.public.scripting.vbscript)