|
 |  |  |  |  |  |  |
| Welcome to Windows Vista Forums. Our forum is dedicated to helping you find solutions with any problems, errors or issues you are experiencing with Windows Vista. The Vista forum also covers news and updates and has an extensive Windows Vista tutorial section that covers a wide range of tips and tricks. |
| |||||||
 |
| |
02-17-2009
| #1 (permalink) |
| | retrive all AD groups and its members has anyone done this? I need to retrive all groups (global, local or universal security and distribution) and a list of members of each group in the domain. I have just one domain. I don't mind if the script does it respectively. For example, one for global distribution groups and its members, and one for global security groups and its members. Ideally, the groups and members are returned in a sorted order. Thanks in advance. |
My System Specs |
|
02-17-2009
| #2 (permalink) |
| | Re: retrive all AD groups and its members "Chris" <Chris@xxxxxx> wrote in message news:16A8BE68-A910-47E1-89D3-FE521008049E@xxxxxx Quote: > has anyone done this? I need to retrive all groups (global, local or > universal security and distribution) and a list of members of each group > in > the domain. I have just one domain. I don't mind if the script does it > respectively. For example, one for global distribution groups and its > members, and one for global security groups and its members. Ideally, the > groups and members are returned in a sorted order. > > Thanks in advance. members: http://www.rlmueller.net/Document%20Domain%20Groups.htm There is no provision to sort objects in AD. You would need to read the names into a disconnected recordset and sort the recordset, which would add a lot of code to the program. -- Richard Mueller MVP Directory Services Hilltop Lab - http://www.rlmueller.net -- |
| My System Specs |
|
02-17-2009
| #3 (permalink) |
| | Re: retrive all AD groups and its members Thanks, Richard. I'll try it tomorrow. Actually, I was on your website looking for the script but missed it. BTW. Is this script subject to the limit of 1500 group members? "Richard Mueller [MVP]" wrote: Quote: > > "Chris" <Chris@xxxxxx> wrote in message > news:16A8BE68-A910-47E1-89D3-FE521008049E@xxxxxx Quote: > > has anyone done this? I need to retrive all groups (global, local or > > universal security and distribution) and a list of members of each group > > in > > the domain. I have just one domain. I don't mind if the script does it > > respectively. For example, one for global distribution groups and its > > members, and one for global security groups and its members. Ideally, the > > groups and members are returned in a sorted order. > > > > Thanks in advance. > An example VBScript program to document all groups in the domain and their > members: > > http://www.rlmueller.net/Document%20Domain%20Groups.htm > > There is no provision to sort objects in AD. You would need to read the > names into a disconnected recordset and sort the recordset, which would add > a lot of code to the program. > > -- > Richard Mueller > MVP Directory Services > Hilltop Lab - http://www.rlmueller.net > -- > > > |
| My System Specs |
|
02-17-2009
| #4 (permalink) |
| | Re: retrive all AD groups and its members Yes, the Subroutine that documents group members is subject to the 1500 limitation. If you have any large groups you would have to either enumerate their memberships separately, or modify the Sub GetMembers in DocumentDomainGroups.vbs to use ADO range limits. I have an example VBScript to document the membership of large groups with more than 1500 members linked here: http://www.rlmueller.net/DocumentLargeGroup.htm You could possibly use the Sub EnumMembers (which uses ADO range limits) in this script instead of Sub GetMembers, but that would make for a lot of ADO queries, one for each group in addition to the ADO query for groups. You would need to keep the queries separate. An outer query for all groups, then an inner guery (using separate ADO objects with different names) to query each group for the members. -- Richard Mueller MVP Directory Services Hilltop Lab - http://www.rlmueller.net -- "Chris" <Chris@xxxxxx> wrote in message news:F6AA18FF-E96A-4627-A41F-A53063AD41D7@xxxxxx Quote: > Thanks, Richard. I'll try it tomorrow. Actually, I was on your website > looking for the script but missed it. BTW. Is this script subject to the > limit of 1500 group members? > > "Richard Mueller [MVP]" wrote: > Quote: >> >> "Chris" <Chris@xxxxxx> wrote in message >> news:16A8BE68-A910-47E1-89D3-FE521008049E@xxxxxx Quote: >> > has anyone done this? I need to retrive all groups (global, local or >> > universal security and distribution) and a list of members of each >> > group >> > in >> > the domain. I have just one domain. I don't mind if the script does >> > it >> > respectively. For example, one for global distribution groups and its >> > members, and one for global security groups and its members. Ideally, >> > the >> > groups and members are returned in a sorted order. >> > >> > Thanks in advance. >> An example VBScript program to document all groups in the domain and >> their >> members: >> >> http://www.rlmueller.net/Document%20Domain%20Groups.htm >> >> There is no provision to sort objects in AD. You would need to read the >> names into a disconnected recordset and sort the recordset, which would >> add >> a lot of code to the program. >> >> -- >> Richard Mueller >> MVP Directory Services >> Hilltop Lab - http://www.rlmueller.net >> -- >> >> >> |
| My System Specs |
|
02-17-2009
| #5 (permalink) |
| | Re: retrive all AD groups and its members Richard, Just read your script and need your help to unerstand following function. Function GetType(ByVal intType) ' Function to determine group type from the GroupType attribute. If ((intType And &h01) <> 0) Then GetType = "Built-in" ElseIf ((intType And &h02) <> 0) Then GetType = "Global" ElseIf ((intType And &h04) <> 0) Then GetType = "Local" ElseIf ((intType And &h08) <> 0) Then GetType = "Universal" End If If ((intType And &h80000000) <> 0) Then GetType = GetType & "/Security" Else GetType = GetType & "/Distribution" End If End Function According to MS here is the groupType value for various groups. Global Distribution group, groupType=2 Universal Distribution group, groupType=8 Domain Local Distribution group, groupType=4 Global Security Group, groupType=-2147483636 Universal Security Group, groupType=-2147483640 Local Domain Security Group, groupType=-2147483644 So how does the function check the value passed from objGroup.groupType? Thanks. "Richard Mueller [MVP]" wrote: Quote: > > "Chris" <Chris@xxxxxx> wrote in message > news:16A8BE68-A910-47E1-89D3-FE521008049E@xxxxxx Quote: > > has anyone done this? I need to retrive all groups (global, local or > > universal security and distribution) and a list of members of each group > > in > > the domain. I have just one domain. I don't mind if the script does it > > respectively. For example, one for global distribution groups and its > > members, and one for global security groups and its members. Ideally, the > > groups and members are returned in a sorted order. > > > > Thanks in advance. > An example VBScript program to document all groups in the domain and their > members: > > http://www.rlmueller.net/Document%20Domain%20Groups.htm > > There is no provision to sort objects in AD. You would need to read the > names into a disconnected recordset and sort the recordset, which would add > a lot of code to the program. > > -- > Richard Mueller > MVP Directory Services > Hilltop Lab - http://www.rlmueller.net > -- > > > |
| My System Specs |
|
02-17-2009
| #6 (permalink) |
| | Re: retrive all AD groups and its members The groupType attribute is a flag attribute, similar to the userAccountControl attribute of user objects. The integer value represents several settings, in this case whether the group is a security or distribution group, and what type of group (global, local, etc.). The correct way to test for each setting is to AND the value with the correct bit mask. Any non-zero result means the setting corresponding to the bit mask is set (or True). A zero result means the setting is not True. In this case the bit masks are: Group Type bit mask (hex) bit mask in decimal --------------- -------------- ------------------- Built-in group &h01 1 Global group &h02 2 Local group &h04 4 Univeral group &h08 8 Security group &h80000000 2,147,483,648 Note that -2147483640 is (8 - 2147483648) and -2147483644 is (4 - 2147483648). Your value -2147483636 is in error. It should be 2147483648 - 2. See this link for a partial example: http://www.microsoft.com/technet/scr.../adgpvb26.mspx In this case the values are OR'd. You AND values with a bit mask to test, OR values to set, and XOR to toggle. I assume the "+" operator is an OR operator. -- Richard Mueller MVP Directory Services Hilltop Lab - http://www.rlmueller.net -- "Chris" <Chris@xxxxxx> wrote in message news:82D33F7D-D2E9-44C1-A40B-AEC7B3FC161A@xxxxxx Quote: > Richard, > Just read your script and need your help to unerstand following function. > > Function GetType(ByVal intType) > ' Function to determine group type from the GroupType > > attribute. > If ((intType And &h01) <> 0) Then > GetType = "Built-in" > ElseIf ((intType And &h02) <> 0) Then > GetType = "Global" > ElseIf ((intType And &h04) <> 0) Then > GetType = "Local" > ElseIf ((intType And &h08) <> 0) Then > GetType = "Universal" > End If > If ((intType And &h80000000) <> 0) Then > GetType = GetType & "/Security" > Else > GetType = GetType & "/Distribution" > End If > End Function > > According to MS here is the groupType value for various groups. > Global Distribution group, groupType=2 > Universal Distribution group, groupType=8 > Domain Local Distribution group, groupType=4 > Global Security Group, groupType=-2147483636 > Universal Security Group, groupType=-2147483640 > Local Domain Security Group, groupType=-2147483644 > > So how does the function check the value passed from objGroup.groupType? > > Thanks. > > > > "Richard Mueller [MVP]" wrote: > Quote: >> >> "Chris" <Chris@xxxxxx> wrote in message >> news:16A8BE68-A910-47E1-89D3-FE521008049E@xxxxxx Quote: >> > has anyone done this? I need to retrive all groups (global, local or >> > universal security and distribution) and a list of members of each >> > group >> > in >> > the domain. I have just one domain. I don't mind if the script does >> > it >> > respectively. For example, one for global distribution groups and its >> > members, and one for global security groups and its members. Ideally, >> > the >> > groups and members are returned in a sorted order. >> > >> > Thanks in advance. >> An example VBScript program to document all groups in the domain and >> their >> members: >> >> http://www.rlmueller.net/Document%20Domain%20Groups.htm >> >> There is no provision to sort objects in AD. You would need to read the >> names into a disconnected recordset and sort the recordset, which would >> add >> a lot of code to the program. >> >> -- >> Richard Mueller >> MVP Directory Services >> Hilltop Lab - http://www.rlmueller.net >> -- >> >> >> |
| My System Specs |
|
02-18-2009
| #7 (permalink) |
| | Re: retrive all AD groups and its members "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote in message news:OTMol%23VkJHA.2516@xxxxxx Quote: > The groupType attribute is a flag attribute, similar to the > userAccountControl attribute of user objects. The integer value represents > several settings, in this case whether the group is a security or > distribution group, and what type of group (global, local, etc.). The > correct way to test for each setting is to AND the value with the correct > bit mask. Any non-zero result means the setting corresponding to the bit > mask is set (or True). A zero result means the setting is not True. In > this case the bit masks are: > > Group Type bit mask (hex) bit mask in decimal > --------------- -------------- ------------------- > Built-in group &h01 1 > Global group &h02 2 > Local group &h04 4 > Univeral group &h08 8 > Security group &h80000000 2,147,483,648 > > Note that -2147483640 is (8 - 2147483648) and -2147483644 is (4 - > 2147483648). Your value -2147483636 is in error. It should be 2147483648 - > 2. See this link for a partial example: > > http://www.microsoft.com/technet/scr.../adgpvb26.mspx > > In this case the values are OR'd. You AND values with a bit mask to test, > OR values to set, and XOR to toggle. I assume the "+" operator is an OR > operator. operation when the two operands have none of the same bits set. The actual OR operator is "OR". /Al Quote: > -- > Richard Mueller > MVP Directory Services > Hilltop Lab - http://www.rlmueller.net > -- > > "Chris" <Chris@xxxxxx> wrote in message > news:82D33F7D-D2E9-44C1-A40B-AEC7B3FC161A@xxxxxx Quote: >> Richard, >> Just read your script and need your help to unerstand following >> function. >> >> Function GetType(ByVal intType) >> ' Function to determine group type from the GroupType >> >> attribute. >> If ((intType And &h01) <> 0) Then >> GetType = "Built-in" >> ElseIf ((intType And &h02) <> 0) Then >> GetType = "Global" >> ElseIf ((intType And &h04) <> 0) Then >> GetType = "Local" >> ElseIf ((intType And &h08) <> 0) Then >> GetType = "Universal" >> End If >> If ((intType And &h80000000) <> 0) Then >> GetType = GetType & "/Security" >> Else >> GetType = GetType & "/Distribution" >> End If >> End Function >> >> According to MS here is the groupType value for various groups. >> Global Distribution group, groupType=2 >> Universal Distribution group, groupType=8 >> Domain Local Distribution group, groupType=4 >> Global Security Group, groupType=-2147483636 >> Universal Security Group, groupType=-2147483640 >> Local Domain Security Group, groupType=-2147483644 >> >> So how does the function check the value passed from objGroup.groupType? >> >> Thanks. >> >> >> >> "Richard Mueller [MVP]" wrote: >> Quote: >>> >>> "Chris" <Chris@xxxxxx> wrote in message >>> news:16A8BE68-A910-47E1-89D3-FE521008049E@xxxxxx >>> > has anyone done this? I need to retrive all groups (global, local or >>> > universal security and distribution) and a list of members of each >>> > group >>> > in >>> > the domain. I have just one domain. I don't mind if the script does >>> > it >>> > respectively. For example, one for global distribution groups and its >>> > members, and one for global security groups and its members. Ideally, >>> > the >>> > groups and members are returned in a sorted order. >>> > >>> > Thanks in advance. >>> >>> An example VBScript program to document all groups in the domain and >>> their >>> members: >>> >>> http://www.rlmueller.net/Document%20Domain%20Groups.htm >>> >>> There is no provision to sort objects in AD. You would need to read the >>> names into a disconnected recordset and sort the recordset, which would >>> add >>> a lot of code to the program. >>> >>> -- >>> Richard Mueller >>> MVP Directory Services >>> Hilltop Lab - http://www.rlmueller.net >>> -- >>> >>> >>> > |
| My System Specs |
|
02-18-2009
| #8 (permalink) |
| | Re: retrive all AD groups and its members Richard, Sorry for the typo. Global Security Group groupType = -2147483646, not -2147483636. I still have some questions. I guess I need to understand the value first. For example, for a global security group the returned value from GetType(objGroup.groupType) will be -2147483646. When passed to the function how does it know it's a global group? And in the test for security or distribution how does it work with intType=-2147483646? Sorry for these dumb questions. New to VBScript. Thanks. "Richard Mueller [MVP]" wrote: Quote: > The groupType attribute is a flag attribute, similar to the > userAccountControl attribute of user objects. The integer value represents > several settings, in this case whether the group is a security or > distribution group, and what type of group (global, local, etc.). The > correct way to test for each setting is to AND the value with the correct > bit mask. Any non-zero result means the setting corresponding to the bit > mask is set (or True). A zero result means the setting is not True. In this > case the bit masks are: > > Group Type bit mask (hex) bit mask in decimal > --------------- -------------- ------------------- > Built-in group &h01 1 > Global group &h02 2 > Local group &h04 4 > Univeral group &h08 8 > Security group &h80000000 2,147,483,648 > > Note that -2147483640 is (8 - 2147483648) and -2147483644 is (4 - > 2147483648). Your value -2147483636 is in error. It should be 2147483648 - > 2. See this link for a partial example: > > http://www.microsoft.com/technet/scr.../adgpvb26.mspx > > In this case the values are OR'd. You AND values with a bit mask to test, OR > values to set, and XOR to toggle. I assume the "+" operator is an OR > operator. > > -- > Richard Mueller > MVP Directory Services > Hilltop Lab - http://www.rlmueller.net > -- > > "Chris" <Chris@xxxxxx> wrote in message > news:82D33F7D-D2E9-44C1-A40B-AEC7B3FC161A@xxxxxx Quote: > > Richard, > > Just read your script and need your help to unerstand following function. > > > > Function GetType(ByVal intType) > > ' Function to determine group type from the GroupType > > > > attribute. > > If ((intType And &h01) <> 0) Then > > GetType = "Built-in" > > ElseIf ((intType And &h02) <> 0) Then > > GetType = "Global" > > ElseIf ((intType And &h04) <> 0) Then > > GetType = "Local" > > ElseIf ((intType And &h08) <> 0) Then > > GetType = "Universal" > > End If > > If ((intType And &h80000000) <> 0) Then > > GetType = GetType & "/Security" > > Else > > GetType = GetType & "/Distribution" > > End If > > End Function > > > > According to MS here is the groupType value for various groups. > > Global Distribution group, groupType=2 > > Universal Distribution group, groupType=8 > > Domain Local Distribution group, groupType=4 > > Global Security Group, groupType=-2147483636 > > Universal Security Group, groupType=-2147483640 > > Local Domain Security Group, groupType=-2147483644 > > > > So how does the function check the value passed from objGroup.groupType? > > > > Thanks. > > > > > > > > "Richard Mueller [MVP]" wrote: > > Quote: > >> > >> "Chris" <Chris@xxxxxx> wrote in message > >> news:16A8BE68-A910-47E1-89D3-FE521008049E@xxxxxx > >> > has anyone done this? I need to retrive all groups (global, local or > >> > universal security and distribution) and a list of members of each > >> > group > >> > in > >> > the domain. I have just one domain. I don't mind if the script does > >> > it > >> > respectively. For example, one for global distribution groups and its > >> > members, and one for global security groups and its members. Ideally, > >> > the > >> > groups and members are returned in a sorted order. > >> > > >> > Thanks in advance. > >> > >> An example VBScript program to document all groups in the domain and > >> their > >> members: > >> > >> http://www.rlmueller.net/Document%20Domain%20Groups.htm > >> > >> There is no provision to sort objects in AD. You would need to read the > >> names into a disconnected recordset and sort the recordset, which would > >> add > >> a lot of code to the program. > >> > >> -- > >> Richard Mueller > >> MVP Directory Services > >> Hilltop Lab - http://www.rlmueller.net > >> -- > >> > >> > >> > > |
| My System Specs |
|
02-18-2009
| #9 (permalink) |
| | Re: retrive all AD groups and its members "Chris" <Chris@xxxxxx> wrote in message news:5EE04DEC-DC98-4662-A3A1-65C4A07581BB@xxxxxx Quote: > Richard, > Sorry for the typo. Global Security Group groupType = -2147483646, not > -2147483636. > > I still have some questions. I guess I need to understand the value > first. > > For example, for a global security group the returned value from > GetType(objGroup.groupType) will be -2147483646. When passed to the > function > how does it know it's a global group? code: Quote: Quote: Quote: >> > ElseIf ((intType And &h02) <> 0) Then >> > GetType = "Global" Basically, you will have to code your script to supply the "objGroup.groupType" value to the GetType function. That, in turn, will perform the "AND" operation. In any case where the result is non-zero, this means that the indicated bit is set. /Al Quote: > And in the test for security or distribution how does it work with > intType=-2147483646? > > Sorry for these dumb questions. New to VBScript. > > Thanks. > > "Richard Mueller [MVP]" wrote: > Quote: >> The groupType attribute is a flag attribute, similar to the >> userAccountControl attribute of user objects. The integer value >> represents >> several settings, in this case whether the group is a security or >> distribution group, and what type of group (global, local, etc.). The >> correct way to test for each setting is to AND the value with the correct >> bit mask. Any non-zero result means the setting corresponding to the bit >> mask is set (or True). A zero result means the setting is not True. In >> this >> case the bit masks are: >> >> Group Type bit mask (hex) bit mask in decimal >> --------------- -------------- ------------------- >> Built-in group &h01 1 >> Global group &h02 2 >> Local group &h04 4 >> Univeral group &h08 8 >> Security group &h80000000 2,147,483,648 >> >> Note that -2147483640 is (8 - 2147483648) and -2147483644 is (4 - >> 2147483648). Your value -2147483636 is in error. It should be >> 2147483648 - >> 2. See this link for a partial example: >> >> http://www.microsoft.com/technet/scr.../adgpvb26.mspx >> >> In this case the values are OR'd. You AND values with a bit mask to test, >> OR >> values to set, and XOR to toggle. I assume the "+" operator is an OR >> operator. >> >> -- >> Richard Mueller >> MVP Directory Services >> Hilltop Lab - http://www.rlmueller.net >> -- >> >> "Chris" <Chris@xxxxxx> wrote in message >> news:82D33F7D-D2E9-44C1-A40B-AEC7B3FC161A@xxxxxx Quote: >> > Richard, >> > Just read your script and need your help to unerstand following >> > function. >> > >> > Function GetType(ByVal intType) >> > ' Function to determine group type from the GroupType >> > >> > attribute. >> > If ((intType And &h01) <> 0) Then >> > GetType = "Built-in" >> > ElseIf ((intType And &h02) <> 0) Then >> > GetType = "Global" >> > ElseIf ((intType And &h04) <> 0) Then >> > GetType = "Local" >> > ElseIf ((intType And &h08) <> 0) Then >> > GetType = "Universal" >> > End If >> > If ((intType And &h80000000) <> 0) Then >> > GetType = GetType & "/Security" >> > Else >> > GetType = GetType & "/Distribution" >> > End If >> > End Function >> > >> > According to MS here is the groupType value for various groups. >> > Global Distribution group, groupType=2 >> > Universal Distribution group, groupType=8 >> > Domain Local Distribution group, groupType=4 >> > Global Security Group, groupType=-2147483636 >> > Universal Security Group, groupType=-2147483640 >> > Local Domain Security Group, groupType=-2147483644 >> > >> > So how does the function check the value passed from >> > objGroup.groupType? >> > >> > Thanks. >> > >> > >> > >> > "Richard Mueller [MVP]" wrote: >> > >> >> >> >> "Chris" <Chris@xxxxxx> wrote in message >> >> news:16A8BE68-A910-47E1-89D3-FE521008049E@xxxxxx >> >> > has anyone done this? I need to retrive all groups (global, local >> >> > or >> >> > universal security and distribution) and a list of members of each >> >> > group >> >> > in >> >> > the domain. I have just one domain. I don't mind if the script >> >> > does >> >> > it >> >> > respectively. For example, one for global distribution groups and >> >> > its >> >> > members, and one for global security groups and its members. >> >> > Ideally, >> >> > the >> >> > groups and members are returned in a sorted order. >> >> > >> >> > Thanks in advance. >> >> >> >> An example VBScript program to document all groups in the domain and >> >> their >> >> members: >> >> >> >> http://www.rlmueller.net/Document%20Domain%20Groups.htm >> >> >> >> There is no provision to sort objects in AD. You would need to read >> >> the >> >> names into a disconnected recordset and sort the recordset, which >> >> would >> >> add >> >> a lot of code to the program. >> >> >> >> -- >> >> Richard Mueller >> >> MVP Directory Services >> >> Hilltop Lab - http://www.rlmueller.net >> >> -- >> >> >> >> >> >> >> >> |
| My System Specs |
|
02-20-2009
| #10 (permalink) |
| | Re: retrive all AD groups and its members Thanks, Al and Richard. I did more reading for bit masking and finally understand how it works. The reason I got confused is that some scripts from MS are using the actually value for test. For example, if groupType = -2147483646 then show Global Security Group. So, I'm wondering which way is better, using bit masking for comparison or comparing the value directly? Thanks. "Al Dunbar" wrote: Quote: > > "Chris" <Chris@xxxxxx> wrote in message > news:5EE04DEC-DC98-4662-A3A1-65C4A07581BB@xxxxxx Quote: > > Richard, > > Sorry for the typo. Global Security Group groupType = -2147483646, not > > -2147483636. > > > > I still have some questions. I guess I need to understand the value > > first. > > > > For example, for a global security group the returned value from > > GetType(objGroup.groupType) will be -2147483646. When passed to the > > function > > how does it know it's a global group? > Because the "2" bit is set in -2147483646, the following snippet of your > code: > Quote: Quote: > >> > ElseIf ((intType And &h02) <> 0) Then > >> > GetType = "Global" > will cause the GetType variable to be set to "Global". > > Basically, you will have to code your script to supply the > "objGroup.groupType" value to the GetType function. That, in turn, will > perform the "AND" operation. In any case where the result is non-zero, this > means that the indicated bit is set. > > /Al > Quote: > > And in the test for security or distribution how does it work with > > intType=-2147483646? > > > > Sorry for these dumb questions. New to VBScript. > > > > Thanks. > > > > "Richard Mueller [MVP]" wrote: > > Quote: > >> The groupType attribute is a flag attribute, similar to the > >> userAccountControl attribute of user objects. The integer value > >> represents > >> several settings, in this case whether the group is a security or > >> distribution group, and what type of group (global, local, etc.). The > >> correct way to test for each setting is to AND the value with the correct > >> bit mask. Any non-zero result means the setting corresponding to the bit > >> mask is set (or True). A zero result means the setting is not True. In > >> this > >> case the bit masks are: > >> > >> Group Type bit mask (hex) bit mask in decimal > >> --------------- -------------- ------------------- > >> Built-in group &h01 1 > >> Global group &h02 2 > >> Local group &h04 4 > >> Univeral group &h08 8 > >> Security group &h80000000 2,147,483,648 > >> > >> Note that -2147483640 is (8 - 2147483648) and -2147483644 is (4 - > >> 2147483648). Your value -2147483636 is in error. It should be > >> 2147483648 - > >> 2. See this link for a partial example: > >> > >> http://www.microsoft.com/technet/scr.../adgpvb26.mspx > >> > >> In this case the values are OR'd. You AND values with a bit mask to test, > >> OR > >> values to set, and XOR to toggle. I assume the "+" operator is an OR > >> operator. > >> > >> -- > >> Richard Mueller > >> MVP Directory Services > >> Hilltop Lab - http://www.rlmueller.net > >> -- > >> > >> "Chris" <Chris@xxxxxx> wrote in message > >> news:82D33F7D-D2E9-44C1-A40B-AEC7B3FC161A@xxxxxx > >> > Richard, > >> > Just read your script and need your help to unerstand following > >> > function. > >> > > >> > Function GetType(ByVal intType) > >> > ' Function to determine group type from the GroupType > >> > > >> > attribute. > >> > If ((intType And &h01) <> 0) Then > >> > GetType = "Built-in" > >> > ElseIf ((intType And &h02) <> 0) Then > >> > GetType = "Global" > >> > ElseIf ((intType And &h04) <> 0) Then > >> > GetType = "Local" > >> > ElseIf ((intType And &h08) <> 0) Then > >> > GetType = "Universal" > >> > End If > >> > If ((intType And &h80000000) <> 0) Then > >> > GetType = GetType & "/Security" > >> > Else > >> > GetType = GetType & "/Distribution" > >> > End If > >> > End Function > >> > > >> > According to MS here is the groupType value for various groups. > >> > Global Distribution group, groupType=2 > >> > Universal Distribution group, groupType=8 > >> > Domain Local Distribution group, groupType=4 > >> > Global Security Group, groupType=-2147483636 > >> > Universal Security Group, groupType=-2147483640 > >> > Local Domain Security Group, groupType=-2147483644 > >> > > >> > So how does the function check the value passed from > >> > objGroup.groupType? > >> > > >> > Thanks. > >> > > >> > > >> > > >> > "Richard Mueller [MVP]" wrote: > >> > > >> >> > >> >> "Chris" <Chris@xxxxxx> wrote in message > >> >> news:16A8BE68-A910-47E1-89D3-FE521008049E@xxxxxx > >> >> > has anyone done this? I need to retrive all groups (global, local > >> >> > or > >> >> > universal security and distribution) and a list of members of each > >> >> > group > >> >> > in > >> >> > the domain. I have just one domain. I don't mind if the script > >> >> > does > >> >> > it > >> >> > respectively. For example, one for global distribution groups and > >> >> > its > >> >> > members, and one for global security groups and its members. > >> >> > Ideally, > >> >> > the > >> >> > groups and members are returned in a sorted order. > >> >> > > >> >> > Thanks in advance. > >> >> > >> >> An example VBScript program to document all groups in the domain and > >> >> their > >> >> members: > >> >> > >> >> http://www.rlmueller.net/Document%20Domain%20Groups.htm > >> >> > >> >> There is no provision to sort objects in AD. You would need to read > >> >> the > >> >> names into a disconnected recordset and sort the recordset, which > >> >> would > >> >> add > >> >> a lot of code to the program. > >> >> > >> >> -- > >> >> Richard Mueller > >> >> MVP Directory Services > >> >> Hilltop Lab - http://www.rlmueller.net > >> >> -- > >> >> > >> >> > >> >> > >> > >> > >> > > |
| My System Specs |
|
| Thread Tools | |
| |
Similar Threads | ||||
| Thread | Forum | |||
| Finding members of RDP groups of a list of computers | VB Script | |||
| How to create a list with all distrubtion groups and it's members | PowerShell | |||
| VBS reading all groups from OU and there members | VB Script | |||
| Sending bulk bcc e-mails to members groups | Vista mail | |||
| Contact Groups: Cannot Select Members | Vista mail | |||
