Re: Need Help. Beginner in Scripting
- From: "Richard Mueller" <rlmueller-NOSPAM@xxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 27 Mar 2006 13:23:29 -0600
Daniel wrote:
I am trying to get members list from all the groups in same OU.
I found this sample code in Script Repository but I would have to enter
each
group names for about 200 groups in 5 different OUs.
Is there an easier way I can automate the process?
thank you so much for your help
------------------------------------------------------------------------------
On Error Resume Next
Set objGroup = GetObject _
("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com";)
objGroup.GetInfo
arrMemberOf = objGroup.GetEx("member")
WScript.Echo "Members:"
For Each strMember in arrMemberOf
WScript.echo strMember
Next
------------------------------------------------------------------------------
Hi,
Unless all the objects you seek (groups in this case) are in the same
OU/Container, the most efficient way to search Active Directory is with ADO.
I have a sample VBScript program to document all groups in the domain linked
here:
http://www.rlmueller.net/Document%20Domain%20Groups.htm
If all of your OU's are in the same hierarchy of AD, you can modify the base
of the ADO search in this script. Or, you could modify the program to search
each of the 5 OU's separately. You would modify the query defined by this
statement:
strQuery = "<LDAP://"; & strDNSDomain _
& ">;(objectClass=group);distinguishedName;subtree"
For example, if one OU is "ou=Sales", you could use:
strQuery = "<LDAP://ou=Sales,"; & strDNSDomain _
& ">;(objectClass=group);distinguishedName;subtree"
Another approach would be to modify the snippet you posted to enumerate
groups in a specified OU. For example:
' Bind to specified OU/Container.
Set objOU = GetObject("LDAP://ou=Sales,dc=MyDomain,dc=com";)
' Filter on group objects.
objOU.Filter = Array("group")
' Enumerate all groups.
For Each objGroup In objOU
' Enumerate direct members of each group.
For Each objMember In objGroup.Members
Wscript.Echo objMember.sAMAccountName
Next
Next
In this example, I used the "Members" method of the group object to
enumerate members, rather than the "member" attribute used in your example.
The "member" attribute is a multivalued collection of member Distinguished
Names. The "Members" method returns a collection of member objects. Because
they are objects, you can refer to any attributes of the objects. I choose
to output the sAMAccountName attribute of each member, which is the NT Name
(also called the "pre-Windows 2000 logon name"). You could instead output
the distinguishedName attribute (in which case the output would be the same
as if you enumerated the member attribute), or you could output any other
attribute. Note that members could be users, computers, or groups.
You could run the above example once for each of the 5 OU's/Containers. Or,
you could modify it to automatically document all 5 OU's, using some kind of
loop. In brief:
arrstrOUs = Array("ou=Sales,dc=MyDomain,dc=com", _
& "ou=East,dc=MyDomain,dc=com", _
& "ou=West,dc=MyDomain,dc=com", _
& "ou=Engineering,dc=MyDomain,dc=com", _
& "ou=Accounting,dc=MyDomain,dc=com")
For Each strOU in arrstrOUs
Set objOU = GetObject("LDAP://"; & strOU)
' Code as above to enumerate groups in the OU.
Next
--
Richard
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
.
- Prev by Date: Looking for VBS (??) script to report local policies
- Next by Date: Re: Script: Remote shutdown of all domain computers
- Previous by thread: Looking for VBS (??) script to report local policies
- Next by thread: CreateShortcut problem
- Index(es):
Relevant Pages
|
