|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
12-08-2008
| #1 (permalink) |
| | Listing Group Members I'm attempting to create a simple script that will output a text file of members of several AD groups, however, in instances where there aren't members of one or more of the groups, the whole job fails. ========================================= Dim objGroup, objFS, objTS, strFilePath Const TF_PATH = "c:\" 'Set FileSystem Properties Set objFS = WScript.CreateObject("Scripting.FileSystemObject") strFilePath = TF_PATH & "members.csv" Set objTS = objFS.CreateTextFile(strFilePath,True) 'Set AD object properties Set objGroup = GetObject("LDAP:// cn=WS_LD_EXEMPT,ou=ComputersOnlyGroups,ou=Groups,dc=AD-TEST,dc=com") WorkWithObject(objGroup) Set objGroup = GetObject("LDAP:// cn=WS_LD_Srvs,ou=ComputersOnlyGroups,ou=Groups,dc=AD-TEST,dc=com") WorkWithObject(objGroup) Set objGroup = GetObject("LDAP:// cn=WS_LD_Win2k_DT,ou=ComputersOnlyGroups,ou=Groups,dc=AD-TEST,dc=com") WorkWithObject(objGroup) Set objGroup = GetObject("LDAP:// cn=WS_LD_Win2k_LT,ou=ComputersOnlyGroups,ou=Groups,dc=AD-TEST,dc=com") WorkWithObject(objGroup) Set objGroup = GetObject("LDAP:// cn=WS_LD_WinVA_DT,ou=ComputersOnlyGroups,ou=Groups,dc=AD-TEST,dc=com") WorkWithObject(objGroup) Set objGroup = GetObject("LDAP:// cn=WS_LD_WinVA_LT,ou=ComputersOnlyGroups,ou=Groups,dc=AD-TEST,dc=com") WorkWithObject(objGroup) Set objGroup = GetObject("LDAP:// cn=WS_LD_WinXP_DT,ou=ComputersOnlyGroups,ou=Groups,dc=AD-TEST,dc=com") WorkWithObject(objGroup) Set objGroup = GetObject("LDAP:// cn=WS_LD_WinXP_LT,ou=ComputersOnlyGroups,ou=Groups,dc=AD-TEST,dc=com") WorkWithObject(objGroup) Sub WorkWithObject(oContainer) Dim strMember, arrMemberOf arrMemberOf = oContainer.GetEx("member") WScript.Echo "Writing membership for Group... " For Each strMember in arrMemberOf objTS.Write strMember & chr(13) & chr(10) Next End Sub ==================== I believe that I'll need a method to allow for exceptions, such as an empty group, I just don't know how to do it. Can anyone offer a suggestion? Thanks, Rob |
My System Specs |
|
12-08-2008
| #2 (permalink) |
| | Re: Listing Group Members <rteagardeniii@xxxxxx> wrote in message news:4f17be70-34d8-4ba8-8377-9cb749df6659@xxxxxx Quote: > I'm attempting to create a simple script that will output a text file > of members of several AD groups, however, in instances where there > aren't members of one or more of the groups, the whole job fails. > > ========================================= > Dim objGroup, objFS, objTS, strFilePath > Const TF_PATH = "c:\" > > 'Set FileSystem Properties > Set objFS = WScript.CreateObject("Scripting.FileSystemObject") > strFilePath = TF_PATH & "members.csv" > Set objTS = objFS.CreateTextFile(strFilePath,True) > > 'Set AD object properties > > Set objGroup = GetObject("LDAP:// > cn=WS_LD_EXEMPT,ou=ComputersOnlyGroups,ou=Groups,dc=AD-TEST,dc=com") > WorkWithObject(objGroup) > > Set objGroup = GetObject("LDAP:// > cn=WS_LD_Srvs,ou=ComputersOnlyGroups,ou=Groups,dc=AD-TEST,dc=com") > WorkWithObject(objGroup) > > Set objGroup = GetObject("LDAP:// > cn=WS_LD_Win2k_DT,ou=ComputersOnlyGroups,ou=Groups,dc=AD-TEST,dc=com") > WorkWithObject(objGroup) > > Set objGroup = GetObject("LDAP:// > cn=WS_LD_Win2k_LT,ou=ComputersOnlyGroups,ou=Groups,dc=AD-TEST,dc=com") > WorkWithObject(objGroup) > > Set objGroup = GetObject("LDAP:// > cn=WS_LD_WinVA_DT,ou=ComputersOnlyGroups,ou=Groups,dc=AD-TEST,dc=com") > WorkWithObject(objGroup) > > Set objGroup = GetObject("LDAP:// > cn=WS_LD_WinVA_LT,ou=ComputersOnlyGroups,ou=Groups,dc=AD-TEST,dc=com") > WorkWithObject(objGroup) > > Set objGroup = GetObject("LDAP:// > cn=WS_LD_WinXP_DT,ou=ComputersOnlyGroups,ou=Groups,dc=AD-TEST,dc=com") > WorkWithObject(objGroup) > > Set objGroup = GetObject("LDAP:// > cn=WS_LD_WinXP_LT,ou=ComputersOnlyGroups,ou=Groups,dc=AD-TEST,dc=com") > WorkWithObject(objGroup) > > Sub WorkWithObject(oContainer) > Dim strMember, arrMemberOf > arrMemberOf = oContainer.GetEx("member") > > WScript.Echo "Writing membership for Group... " > > For Each strMember in arrMemberOf > objTS.Write strMember & chr(13) & chr(10) > Next > End Sub > ==================== > > I believe that I'll need a method to allow for exceptions, such as an > empty group, I just don't know how to do it. Can anyone offer a > suggestion? > > Thanks, > > Rob must handle all three possibilities. As you have found, the GetEx method raises an error if member is Empty. You can use error trapping to handle this. I would suggest code similar to: ============== Sub WorkWithObject(oContainer) Dim strMember, arrMemberOf WScript.Echo "Writing membership for Group... " On Error Resume Next arrMemberOf = oContainer.GetEx("member") If (Err.Number <> 0) Then On Error GoTo 0 ' No members. Else On Error GoTo 0 For Each strMember in arrMemberOf objTS.Write strMember & chr(13) & chr(10) Next End If End Sub -- Richard Mueller MVP Directory Services Hilltop Lab - http://www.rlmueller.net -- |
| My System Specs |
|
12-08-2008
| #3 (permalink) |
| | Re: Listing Group Members I discuss these issues with the member and memberOf attributes in this link: http://www.rlmueller.net/MemberOf.htm As noted in the link, I recommend only using "On Error Resume Next" for the statement expected to raise an error. Then the possible error is handled and normal error handling restored with "On Error GoTo 0". Your program will document all direct members of the groups, unless any members have the group designated as their "primary". If you want to reveal all members, including members due to group nesting, and members that have the group (or any nested groups) designated as their "primary", the code gets more complex. I have an example linked here: http://www.rlmueller.net/List%20Memb...0a%20Group.htm As noted in the first link above, a dictionary object is used in this program to prevent an infinite loop if the group nesting is circular. You could revise this example to write to a file instead of echoing to the command line. Or, you can run the example at a command prompt and redirect the output to a text file. -- Richard Mueller MVP Directory Services Hilltop Lab - http://www.rlmueller.net -- |
| My System Specs |
|
12-08-2008
| #4 (permalink) |
| | Re: Listing Group Members On Dec 8, 6:35*pm, "Richard Mueller [MVP]" <rlmueller- nos...@xxxxxx> wrote: Quote: > I discuss these issues with the member and memberOf attributes in this link: > > http://www.rlmueller.net/MemberOf.htm > > As noted in the link, I recommend only using "On Error Resume Next" for the > statement expected to raise an error. Then the possible error is handled and > normal error handling restored with "On Error GoTo 0". > > Your program will document all direct members of the groups, unless any > members have the group designated as their "primary". If you want to reveal > all members, including members due to group nesting, and members that have > the group (or any nested groups) designated as their "primary", the code > gets more complex. I have an example linked here: > > http://www.rlmueller.net/List%20Memb...0a%20Group.htm > > As noted in the first link above, a dictionary object is used in this > program to prevent an infinite loop if the group nesting is circular. You > could revise this example to write to a file instead of echoing to the > command line. Or, you can run the example at a command prompt and redirect > the output to a text file. > > -- > Richard Mueller > MVP Directory Services > Hilltop Lab -http://www.rlmueller.net > -- Thank you so much for your assistance. Rob |
| My System Specs |
|
12-10-2008
| #5 (permalink) |
| | Re: Listing Group Members This is a script I use to enumerate the groups in my OU. You may be able to modify it to suit your own purposes. Most of it was put together using snippets found on the web so I don't claim it to be my own (credit probably goes in part to some of the regulars here). It doesn't account for nested groups as my domain is still in mixed mode but it should be easy enough to modify if you need to enumerate nested groups as well. To output to a text file just redirect the output from the command console. I use tabs as seperators so that it can be easily imported into excel if required. Other than changing the constant for the OU you shouldn't need to modify it much to get it to work. Option Explicit Dim objMemberList Const MyOUDN = "OU=MyOU,DC=MyOrg,DC=MyCorp,DC=com" main '####################################################################################### Sub main Dim objOU Dim objGroup, strGroup, iGroupCount ' Dictionary object to track groups. Set objMemberList = CreateObject("Scripting.Dictionary") objMemberList.CompareMode = vbTextCompare ' Bind to base OU. Set objOU = GetObject("LDAP://" & MyOUDN) ' Filter on groups directly in OU. objOU.Filter = Array("group") ' Enumerate groups. iGroupCount = 0 For Each objGroup In objOU iGroupCount = iGroupCount + 1 strGroup = objGroup.sAMAccountName WScript.Echo UCASE(objGroup.sAMAccountName) Call EnumGroup(objGroup) Next WScript.Echo "Total Number of Groups = " & iGroupCount set objOU = nothing End sub '####################################################################################### Sub EnumGroup(ByVal objADGroup) Dim objMember, iCount ' Check if group already enumerated. If (objMemberList.Exists(objADGroup.sAMAccountName) = False) Then ' Add this group to dictionary object. objMemberList.Add objADGroup.sAMAccountName, True iCount = 0 For Each objMember In objADGroup.Members iCount = iCount + 1 ' Check if member is a group. If (UCase(Left(objMember.objectCategory, 8)) = "CN=GROUP") Then ' Call EnumGroup(objMember) Else If objMember.AccountDisabled then wscript.Echo vbtab & objMember.sAMAccountName & vbtab & objMember.DisplayName & vbtab & "(Account Disabled)." Else wscript.Echo vbtab & objMember.sAMAccountName & vbtab & objMember.DisplayName End if End If Next If iCount = 0 Then WScript.Echo vbtab & "Group is empty." End if End If End Sub |
| My System Specs |
|
12-10-2008
| #6 (permalink) |
| | Re: Listing Group Members On 10 Dec, 10:52, WianS <w.ian.stu...@xxxxxx> wrote: Quote: > It doesn't account for nested groups as my domain is still in mixed > mode but it should be easy enough to modify if you need to enumerate > nested groups as well. Quote: > * * * * * * * * If (UCase(Left(objMember.objectCategory, 8)) = "CN=GROUP") Then > * * * * * * * * ' * * * Call EnumGroup(objMember) > * * * * * * * * Else |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| Get members of a group | PowerShell | |||
| List everyone group members ? | VB Script | |||
| Remove members of the group. Members are from different domains | PowerShell | |||
| Members of Group | PowerShell | |||
| How to find group members of a OU | PowerShell | |||
