has anyone done this? I need to retrive all groups (global, local or
universal security and distribution) and a list of members of each group in
the domain. I have just one domain. I don't mind if the script does it
respectively. For example, one for global distribution groups and its
members, and one for global security groups and its members. Ideally, the
groups and members are returned in a sorted order.

Thanks in advance.

"Chris" <Chris@xxxxxx> wrote in message
news:16A8BE68-A910-47E1-89D3-FE521008049E@xxxxxx

> has anyone done this? I need to retrive all groups (global, local or
> universal security and distribution) and a list of members of each group
> in
> the domain. I have just one domain. I don't mind if the script does it
> respectively. For example, one for global distribution groups and its
> members, and one for global security groups and its members. Ideally, the
> groups and members are returned in a sorted order.
>
> Thanks in advance.

An example VBScript program to document all groups in the domain and their
members:

http://www.rlmueller.net/Document%20Domain%20Groups.htm

There is no provision to sort objects in AD. You would need to read the
names into a disconnected recordset and sort the recordset, which would add
a lot of code to the program.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

Thanks, Richard. I'll try it tomorrow. Actually, I was on your website
looking for the script but missed it. BTW. Is this script subject to the
limit of 1500 group members?

"Richard Mueller [MVP]" wrote:

>
> "Chris" <Chris@xxxxxx> wrote in message
> news:16A8BE68-A910-47E1-89D3-FE521008049E@xxxxxx

> > has anyone done this? I need to retrive all groups (global, local or
> > universal security and distribution) and a list of members of each group
> > in
> > the domain. I have just one domain. I don't mind if the script does it
> > respectively. For example, one for global distribution groups and its
> > members, and one for global security groups and its members. Ideally, the
> > groups and members are returned in a sorted order.
> >
> > Thanks in advance.

>
> An example VBScript program to document all groups in the domain and their
> members:
>
> http://www.rlmueller.net/Document%20Domain%20Groups.htm
>
> There is no provision to sort objects in AD. You would need to read the
> names into a disconnected recordset and sort the recordset, which would add
> a lot of code to the program.
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab - http://www.rlmueller.net
> --
>
>
>

Yes, the Subroutine that documents group members is subject to the 1500
limitation. If you have any large groups you would have to either enumerate
their memberships separately, or modify the Sub GetMembers in
DocumentDomainGroups.vbs to use ADO range limits. I have an example VBScript
to document the membership of large groups with more than 1500 members
linked here:

http://www.rlmueller.net/DocumentLargeGroup.htm

You could possibly use the Sub EnumMembers (which uses ADO range limits) in
this script instead of Sub GetMembers, but that would make for a lot of ADO
queries, one for each group in addition to the ADO query for groups. You
would need to keep the queries separate. An outer query for all groups, then
an inner guery (using separate ADO objects with different names) to query
each group for the members.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

"Chris" <Chris@xxxxxx> wrote in message
news:F6AA18FF-E96A-4627-A41F-A53063AD41D7@xxxxxx

> Thanks, Richard. I'll try it tomorrow. Actually, I was on your website
> looking for the script but missed it. BTW. Is this script subject to the
> limit of 1500 group members?
>
> "Richard Mueller [MVP]" wrote:
>

>>
>> "Chris" <Chris@xxxxxx> wrote in message
>> news:16A8BE68-A910-47E1-89D3-FE521008049E@xxxxxx

>> > has anyone done this? I need to retrive all groups (global, local or
>> > universal security and distribution) and a list of members of each
>> > group
>> > in
>> > the domain. I have just one domain. I don't mind if the script does
>> > it
>> > respectively. For example, one for global distribution groups and its
>> > members, and one for global security groups and its members. Ideally,
>> > the
>> > groups and members are returned in a sorted order.
>> >
>> > Thanks in advance.

>>
>> An example VBScript program to document all groups in the domain and
>> their
>> members:
>>
>> http://www.rlmueller.net/Document%20Domain%20Groups.htm
>>
>> There is no provision to sort objects in AD. You would need to read the
>> names into a disconnected recordset and sort the recordset, which would
>> add
>> a lot of code to the program.
>>
>> --
>> Richard Mueller
>> MVP Directory Services
>> Hilltop Lab - http://www.rlmueller.net
>> --
>>
>>
>>

Richard,
Just read your script and need your help to unerstand following function.

Function GetType(ByVal intType)
' Function to determine group type from the GroupType

attribute.
If ((intType And &h01) <> 0) Then
GetType = "Built-in"
ElseIf ((intType And &h02) <> 0) Then
GetType = "Global"
ElseIf ((intType And &h04) <> 0) Then
GetType = "Local"
ElseIf ((intType And &h08) <> 0) Then
GetType = "Universal"
End If
If ((intType And &h80000000) <> 0) Then
GetType = GetType & "/Security"
Else
GetType = GetType & "/Distribution"
End If
End Function

According to MS here is the groupType value for various groups.
Global Distribution group, groupType=2
Universal Distribution group, groupType=8
Domain Local Distribution group, groupType=4
Global Security Group, groupType=-2147483636
Universal Security Group, groupType=-2147483640
Local Domain Security Group, groupType=-2147483644

So how does the function check the value passed from objGroup.groupType?

Thanks.



"Richard Mueller [MVP]" wrote:

>
> "Chris" <Chris@xxxxxx> wrote in message
> news:16A8BE68-A910-47E1-89D3-FE521008049E@xxxxxx

> > has anyone done this? I need to retrive all groups (global, local or
> > universal security and distribution) and a list of members of each group
> > in
> > the domain. I have just one domain. I don't mind if the script does it
> > respectively. For example, one for global distribution groups and its
> > members, and one for global security groups and its members. Ideally, the
> > groups and members are returned in a sorted order.
> >
> > Thanks in advance.

>
> An example VBScript program to document all groups in the domain and their
> members:
>
> http://www.rlmueller.net/Document%20Domain%20Groups.htm
>
> There is no provision to sort objects in AD. You would need to read the
> names into a disconnected recordset and sort the recordset, which would add
> a lot of code to the program.
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab - http://www.rlmueller.net
> --
>
>
>

The groupType attribute is a flag attribute, similar to the
userAccountControl attribute of user objects. The integer value represents
several settings, in this case whether the group is a security or
distribution group, and what type of group (global, local, etc.). The
correct way to test for each setting is to AND the value with the correct
bit mask. Any non-zero result means the setting corresponding to the bit
mask is set (or True). A zero result means the setting is not True. In this
case the bit masks are:

Group Type bit mask (hex) bit mask in decimal
--------------- -------------- -------------------
Built-in group &h01 1
Global group &h02 2
Local group &h04 4
Univeral group &h08 8
Security group &h80000000 2,147,483,648

Note that -2147483640 is (8 - 2147483648) and -2147483644 is (4 -
2147483648). Your value -2147483636 is in error. It should be 2147483648 -
2. See this link for a partial example:

http://www.microsoft.com/technet/scr.../adgpvb26.mspx

In this case the values are OR'd. You AND values with a bit mask to test, OR
values to set, and XOR to toggle. I assume the "+" operator is an OR
operator.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--

"Chris" <Chris@xxxxxx> wrote in message
news:82D33F7D-D2E9-44C1-A40B-AEC7B3FC161A@xxxxxx

> Richard,
> Just read your script and need your help to unerstand following function.
>
> Function GetType(ByVal intType)
> ' Function to determine group type from the GroupType
>
> attribute.
> If ((intType And &h01) <> 0) Then
> GetType = "Built-in"
> ElseIf ((intType And &h02) <> 0) Then
> GetType = "Global"
> ElseIf ((intType And &h04) <> 0) Then
> GetType = "Local"
> ElseIf ((intType And &h08) <> 0) Then
> GetType = "Universal"
> End If
> If ((intType And &h80000000) <> 0) Then
> GetType = GetType & "/Security"
> Else
> GetType = GetType & "/Distribution"
> End If
> End Function
>
> According to MS here is the groupType value for various groups.
> Global Distribution group, groupType=2
> Universal Distribution group, groupType=8
> Domain Local Distribution group, groupType=4
> Global Security Group, groupType=-2147483636
> Universal Security Group, groupType=-2147483640
> Local Domain Security Group, groupType=-2147483644
>
> So how does the function check the value passed from objGroup.groupType?
>
> Thanks.
>
>
>
> "Richard Mueller [MVP]" wrote:
>

>>
>> "Chris" <Chris@xxxxxx> wrote in message
>> news:16A8BE68-A910-47E1-89D3-FE521008049E@xxxxxx

>> > has anyone done this? I need to retrive all groups (global, local or
>> > universal security and distribution) and a list of members of each
>> > group
>> > in
>> > the domain. I have just one domain. I don't mind if the script does
>> > it
>> > respectively. For example, one for global distribution groups and its
>> > members, and one for global security groups and its members. Ideally,
>> > the
>> > groups and members are returned in a sorted order.
>> >
>> > Thanks in advance.

>>
>> An example VBScript program to document all groups in the domain and
>> their
>> members:
>>
>> http://www.rlmueller.net/Document%20Domain%20Groups.htm
>>
>> There is no provision to sort objects in AD. You would need to read the
>> names into a disconnected recordset and sort the recordset, which would
>> add
>> a lot of code to the program.
>>
>> --
>> Richard Mueller
>> MVP Directory Services
>> Hilltop Lab - http://www.rlmueller.net
>> --
>>
>>
>>

"Richard Mueller [MVP]" <rlmueller-nospam@xxxxxx> wrote in
message news:OTMol%23VkJHA.2516@xxxxxx

> The groupType attribute is a flag attribute, similar to the
> userAccountControl attribute of user objects. The integer value represents
> several settings, in this case whether the group is a security or
> distribution group, and what type of group (global, local, etc.). The
> correct way to test for each setting is to AND the value with the correct
> bit mask. Any non-zero result means the setting corresponding to the bit
> mask is set (or True). A zero result means the setting is not True. In
> this case the bit masks are:
>
> Group Type bit mask (hex) bit mask in decimal
> --------------- -------------- -------------------
> Built-in group &h01 1
> Global group &h02 2
> Local group &h04 4
> Univeral group &h08 8
> Security group &h80000000 2,147,483,648
>
> Note that -2147483640 is (8 - 2147483648) and -2147483644 is (4 -
> 2147483648). Your value -2147483636 is in error. It should be 2147483648 -
> 2. See this link for a partial example:
>
> http://www.microsoft.com/technet/scr.../adgpvb26.mspx
>
> In this case the values are OR'd. You AND values with a bit mask to test,
> OR values to set, and XOR to toggle. I assume the "+" operator is an OR
> operator.

?. "+" is the addition operator. It only gives the same result as an OR
operation when the two operands have none of the same bits set. The actual
OR operator is "OR".

/Al

> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab - http://www.rlmueller.net
> --
>
> "Chris" <Chris@xxxxxx> wrote in message
> news:82D33F7D-D2E9-44C1-A40B-AEC7B3FC161A@xxxxxx

>> Richard,
>> Just read your script and need your help to unerstand following
>> function.
>>
>> Function GetType(ByVal intType)
>> ' Function to determine group type from the GroupType
>>
>> attribute.
>> If ((intType And &h01) <> 0) Then
>> GetType = "Built-in"
>> ElseIf ((intType And &h02) <> 0) Then
>> GetType = "Global"
>> ElseIf ((intType And &h04) <> 0) Then
>> GetType = "Local"
>> ElseIf ((intType And &h08) <> 0) Then
>> GetType = "Universal"
>> End If
>> If ((intType And &h80000000) <> 0) Then
>> GetType = GetType & "/Security"
>> Else
>> GetType = GetType & "/Distribution"
>> End If
>> End Function
>>
>> According to MS here is the groupType value for various groups.
>> Global Distribution group, groupType=2
>> Universal Distribution group, groupType=8
>> Domain Local Distribution group, groupType=4
>> Global Security Group, groupType=-2147483636
>> Universal Security Group, groupType=-2147483640
>> Local Domain Security Group, groupType=-2147483644
>>
>> So how does the function check the value passed from objGroup.groupType?
>>
>> Thanks.
>>
>>
>>
>> "Richard Mueller [MVP]" wrote:
>>

>>>
>>> "Chris" <Chris@xxxxxx> wrote in message
>>> news:16A8BE68-A910-47E1-89D3-FE521008049E@xxxxxx
>>> > has anyone done this? I need to retrive all groups (global, local or
>>> > universal security and distribution) and a list of members of each
>>> > group
>>> > in
>>> > the domain. I have just one domain. I don't mind if the script does
>>> > it
>>> > respectively. For example, one for global distribution groups and its
>>> > members, and one for global security groups and its members. Ideally,
>>> > the
>>> > groups and members are returned in a sorted order.
>>> >
>>> > Thanks in advance.
>>>
>>> An example VBScript program to document all groups in the domain and
>>> their
>>> members:
>>>
>>> http://www.rlmueller.net/Document%20Domain%20Groups.htm
>>>
>>> There is no provision to sort objects in AD. You would need to read the
>>> names into a disconnected recordset and sort the recordset, which would
>>> add
>>> a lot of code to the program.
>>>
>>> --
>>> Richard Mueller
>>> MVP Directory Services
>>> Hilltop Lab - http://www.rlmueller.net
>>> --
>>>
>>>
>>>

>
>

Richard,
Sorry for the typo. Global Security Group groupType = -2147483646, not
-2147483636.

I still have some questions. I guess I need to understand the value first.

For example, for a global security group the returned value from
GetType(objGroup.groupType) will be -2147483646. When passed to the function
how does it know it's a global group?

And in the test for security or distribution how does it work with
intType=-2147483646?

Sorry for these dumb questions. New to VBScript.

Thanks.

"Richard Mueller [MVP]" wrote:

> The groupType attribute is a flag attribute, similar to the
> userAccountControl attribute of user objects. The integer value represents
> several settings, in this case whether the group is a security or
> distribution group, and what type of group (global, local, etc.). The
> correct way to test for each setting is to AND the value with the correct
> bit mask. Any non-zero result means the setting corresponding to the bit
> mask is set (or True). A zero result means the setting is not True. In this
> case the bit masks are:
>
> Group Type bit mask (hex) bit mask in decimal
> --------------- -------------- -------------------
> Built-in group &h01 1
> Global group &h02 2
> Local group &h04 4
> Univeral group &h08 8
> Security group &h80000000 2,147,483,648
>
> Note that -2147483640 is (8 - 2147483648) and -2147483644 is (4 -
> 2147483648). Your value -2147483636 is in error. It should be 2147483648 -
> 2. See this link for a partial example:
>
> http://www.microsoft.com/technet/scr.../adgpvb26.mspx
>
> In this case the values are OR'd. You AND values with a bit mask to test, OR
> values to set, and XOR to toggle. I assume the "+" operator is an OR
> operator.
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab - http://www.rlmueller.net
> --
>
> "Chris" <Chris@xxxxxx> wrote in message
> news:82D33F7D-D2E9-44C1-A40B-AEC7B3FC161A@xxxxxx

> > Richard,
> > Just read your script and need your help to unerstand following function.
> >
> > Function GetType(ByVal intType)
> > ' Function to determine group type from the GroupType
> >
> > attribute.
> > If ((intType And &h01) <> 0) Then
> > GetType = "Built-in"
> > ElseIf ((intType And &h02) <> 0) Then
> > GetType = "Global"
> > ElseIf ((intType And &h04) <> 0) Then
> > GetType = "Local"
> > ElseIf ((intType And &h08) <> 0) Then
> > GetType = "Universal"
> > End If
> > If ((intType And &h80000000) <> 0) Then
> > GetType = GetType & "/Security"
> > Else
> > GetType = GetType & "/Distribution"
> > End If
> > End Function
> >
> > According to MS here is the groupType value for various groups.
> > Global Distribution group, groupType=2
> > Universal Distribution group, groupType=8
> > Domain Local Distribution group, groupType=4
> > Global Security Group, groupType=-2147483636
> > Universal Security Group, groupType=-2147483640
> > Local Domain Security Group, groupType=-2147483644
> >
> > So how does the function check the value passed from objGroup.groupType?
> >
> > Thanks.
> >
> >
> >
> > "Richard Mueller [MVP]" wrote:
> >

> >>
> >> "Chris" <Chris@xxxxxx> wrote in message
> >> news:16A8BE68-A910-47E1-89D3-FE521008049E@xxxxxx
> >> > has anyone done this? I need to retrive all groups (global, local or
> >> > universal security and distribution) and a list of members of each
> >> > group
> >> > in
> >> > the domain. I have just one domain. I don't mind if the script does
> >> > it
> >> > respectively. For example, one for global distribution groups and its
> >> > members, and one for global security groups and its members. Ideally,
> >> > the
> >> > groups and members are returned in a sorted order.
> >> >
> >> > Thanks in advance.
> >>
> >> An example VBScript program to document all groups in the domain and
> >> their
> >> members:
> >>
> >> http://www.rlmueller.net/Document%20Domain%20Groups.htm
> >>
> >> There is no provision to sort objects in AD. You would need to read the
> >> names into a disconnected recordset and sort the recordset, which would
> >> add
> >> a lot of code to the program.
> >>
> >> --
> >> Richard Mueller
> >> MVP Directory Services
> >> Hilltop Lab - http://www.rlmueller.net
> >> --
> >>
> >>
> >>

>
>
>

"Chris" <Chris@xxxxxx> wrote in message
news:5EE04DEC-DC98-4662-A3A1-65C4A07581BB@xxxxxx

> Richard,
> Sorry for the typo. Global Security Group groupType = -2147483646, not
> -2147483636.
>
> I still have some questions. I guess I need to understand the value
> first.
>
> For example, for a global security group the returned value from
> GetType(objGroup.groupType) will be -2147483646. When passed to the
> function
> how does it know it's a global group?

Because the "2" bit is set in -2147483646, the following snippet of your
code:

>> > ElseIf ((intType And &h02) <> 0) Then
>> > GetType = "Global"

will cause the GetType variable to be set to "Global".

Basically, you will have to code your script to supply the
"objGroup.groupType" value to the GetType function. That, in turn, will
perform the "AND" operation. In any case where the result is non-zero, this
means that the indicated bit is set.

/Al

> And in the test for security or distribution how does it work with
> intType=-2147483646?
>
> Sorry for these dumb questions. New to VBScript.
>
> Thanks.
>
> "Richard Mueller [MVP]" wrote:
>

>> The groupType attribute is a flag attribute, similar to the
>> userAccountControl attribute of user objects. The integer value
>> represents
>> several settings, in this case whether the group is a security or
>> distribution group, and what type of group (global, local, etc.). The
>> correct way to test for each setting is to AND the value with the correct
>> bit mask. Any non-zero result means the setting corresponding to the bit
>> mask is set (or True). A zero result means the setting is not True. In
>> this
>> case the bit masks are:
>>
>> Group Type bit mask (hex) bit mask in decimal
>> --------------- -------------- -------------------
>> Built-in group &h01 1
>> Global group &h02 2
>> Local group &h04 4
>> Univeral group &h08 8
>> Security group &h80000000 2,147,483,648
>>
>> Note that -2147483640 is (8 - 2147483648) and -2147483644 is (4 -
>> 2147483648). Your value -2147483636 is in error. It should be
>> 2147483648 -
>> 2. See this link for a partial example:
>>
>> http://www.microsoft.com/technet/scr.../adgpvb26.mspx
>>
>> In this case the values are OR'd. You AND values with a bit mask to test,
>> OR
>> values to set, and XOR to toggle. I assume the "+" operator is an OR
>> operator.
>>
>> --
>> Richard Mueller
>> MVP Directory Services
>> Hilltop Lab - http://www.rlmueller.net
>> --
>>
>> "Chris" <Chris@xxxxxx> wrote in message
>> news:82D33F7D-D2E9-44C1-A40B-AEC7B3FC161A@xxxxxx

>> > Richard,
>> > Just read your script and need your help to unerstand following
>> > function.
>> >
>> > Function GetType(ByVal intType)
>> > ' Function to determine group type from the GroupType
>> >
>> > attribute.
>> > If ((intType And &h01) <> 0) Then
>> > GetType = "Built-in"
>> > ElseIf ((intType And &h02) <> 0) Then
>> > GetType = "Global"
>> > ElseIf ((intType And &h04) <> 0) Then
>> > GetType = "Local"
>> > ElseIf ((intType And &h08) <> 0) Then
>> > GetType = "Universal"
>> > End If
>> > If ((intType And &h80000000) <> 0) Then
>> > GetType = GetType & "/Security"
>> > Else
>> > GetType = GetType & "/Distribution"
>> > End If
>> > End Function
>> >
>> > According to MS here is the groupType value for various groups.
>> > Global Distribution group, groupType=2
>> > Universal Distribution group, groupType=8
>> > Domain Local Distribution group, groupType=4
>> > Global Security Group, groupType=-2147483636
>> > Universal Security Group, groupType=-2147483640
>> > Local Domain Security Group, groupType=-2147483644
>> >
>> > So how does the function check the value passed from
>> > objGroup.groupType?
>> >
>> > Thanks.
>> >
>> >
>> >
>> > "Richard Mueller [MVP]" wrote:
>> >
>> >>
>> >> "Chris" <Chris@xxxxxx> wrote in message
>> >> news:16A8BE68-A910-47E1-89D3-FE521008049E@xxxxxx
>> >> > has anyone done this? I need to retrive all groups (global, local
>> >> > or
>> >> > universal security and distribution) and a list of members of each
>> >> > group
>> >> > in
>> >> > the domain. I have just one domain. I don't mind if the script
>> >> > does
>> >> > it
>> >> > respectively. For example, one for global distribution groups and
>> >> > its
>> >> > members, and one for global security groups and its members.
>> >> > Ideally,
>> >> > the
>> >> > groups and members are returned in a sorted order.
>> >> >
>> >> > Thanks in advance.
>> >>
>> >> An example VBScript program to document all groups in the domain and
>> >> their
>> >> members:
>> >>
>> >> http://www.rlmueller.net/Document%20Domain%20Groups.htm
>> >>
>> >> There is no provision to sort objects in AD. You would need to read
>> >> the
>> >> names into a disconnected recordset and sort the recordset, which
>> >> would
>> >> add
>> >> a lot of code to the program.
>> >>
>> >> --
>> >> Richard Mueller
>> >> MVP Directory Services
>> >> Hilltop Lab - http://www.rlmueller.net
>> >> --
>> >>
>> >>
>> >>

>>
>>
>>

Thanks, Al and Richard. I did more reading for bit masking and finally
understand how it works. The reason I got confused is that some scripts from
MS are using the actually value for test. For example, if groupType =
-2147483646 then show Global Security Group. So, I'm wondering which way is
better, using bit masking for comparison or comparing the value directly?

Thanks.

"Al Dunbar" wrote:

>
> "Chris" <Chris@xxxxxx> wrote in message
> news:5EE04DEC-DC98-4662-A3A1-65C4A07581BB@xxxxxx

> > Richard,
> > Sorry for the typo. Global Security Group groupType = -2147483646, not
> > -2147483636.
> >
> > I still have some questions. I guess I need to understand the value
> > first.
> >
> > For example, for a global security group the returned value from
> > GetType(objGroup.groupType) will be -2147483646. When passed to the
> > function
> > how does it know it's a global group?

>
> Because the "2" bit is set in -2147483646, the following snippet of your
> code:
>

> >> > ElseIf ((intType And &h02) <> 0) Then
> >> > GetType = "Global"

>
> will cause the GetType variable to be set to "Global".
>
> Basically, you will have to code your script to supply the
> "objGroup.groupType" value to the GetType function. That, in turn, will
> perform the "AND" operation. In any case where the result is non-zero, this
> means that the indicated bit is set.
>
> /Al
>

> > And in the test for security or distribution how does it work with
> > intType=-2147483646?
> >
> > Sorry for these dumb questions. New to VBScript.
> >
> > Thanks.
> >
> > "Richard Mueller [MVP]" wrote:
> >

> >> The groupType attribute is a flag attribute, similar to the
> >> userAccountControl attribute of user objects. The integer value
> >> represents
> >> several settings, in this case whether the group is a security or
> >> distribution group, and what type of group (global, local, etc.). The
> >> correct way to test for each setting is to AND the value with the correct
> >> bit mask. Any non-zero result means the setting corresponding to the bit
> >> mask is set (or True). A zero result means the setting is not True. In
> >> this
> >> case the bit masks are:
> >>
> >> Group Type bit mask (hex) bit mask in decimal
> >> --------------- -------------- -------------------
> >> Built-in group &h01 1
> >> Global group &h02 2
> >> Local group &h04 4
> >> Univeral group &h08 8
> >> Security group &h80000000 2,147,483,648
> >>
> >> Note that -2147483640 is (8 - 2147483648) and -2147483644 is (4 -
> >> 2147483648). Your value -2147483636 is in error. It should be
> >> 2147483648 -
> >> 2. See this link for a partial example:
> >>
> >> http://www.microsoft.com/technet/scr.../adgpvb26.mspx
> >>
> >> In this case the values are OR'd. You AND values with a bit mask to test,
> >> OR
> >> values to set, and XOR to toggle. I assume the "+" operator is an OR
> >> operator.
> >>
> >> --
> >> Richard Mueller
> >> MVP Directory Services
> >> Hilltop Lab - http://www.rlmueller.net
> >> --
> >>
> >> "Chris" <Chris@xxxxxx> wrote in message
> >> news:82D33F7D-D2E9-44C1-A40B-AEC7B3FC161A@xxxxxx
> >> > Richard,
> >> > Just read your script and need your help to unerstand following
> >> > function.
> >> >
> >> > Function GetType(ByVal intType)
> >> > ' Function to determine group type from the GroupType
> >> >
> >> > attribute.
> >> > If ((intType And &h01) <> 0) Then
> >> > GetType = "Built-in"
> >> > ElseIf ((intType And &h02) <> 0) Then
> >> > GetType = "Global"
> >> > ElseIf ((intType And &h04) <> 0) Then
> >> > GetType = "Local"
> >> > ElseIf ((intType And &h08) <> 0) Then
> >> > GetType = "Universal"
> >> > End If
> >> > If ((intType And &h80000000) <> 0) Then
> >> > GetType = GetType & "/Security"
> >> > Else
> >> > GetType = GetType & "/Distribution"
> >> > End If
> >> > End Function
> >> >
> >> > According to MS here is the groupType value for various groups.
> >> > Global Distribution group, groupType=2
> >> > Universal Distribution group, groupType=8
> >> > Domain Local Distribution group, groupType=4
> >> > Global Security Group, groupType=-2147483636
> >> > Universal Security Group, groupType=-2147483640
> >> > Local Domain Security Group, groupType=-2147483644
> >> >
> >> > So how does the function check the value passed from
> >> > objGroup.groupType?
> >> >
> >> > Thanks.
> >> >
> >> >
> >> >
> >> > "Richard Mueller [MVP]" wrote:
> >> >
> >> >>
> >> >> "Chris" <Chris@xxxxxx> wrote in message
> >> >> news:16A8BE68-A910-47E1-89D3-FE521008049E@xxxxxx
> >> >> > has anyone done this? I need to retrive all groups (global, local
> >> >> > or
> >> >> > universal security and distribution) and a list of members of each
> >> >> > group
> >> >> > in
> >> >> > the domain. I have just one domain. I don't mind if the script
> >> >> > does
> >> >> > it
> >> >> > respectively. For example, one for global distribution groups and
> >> >> > its
> >> >> > members, and one for global security groups and its members.
> >> >> > Ideally,
> >> >> > the
> >> >> > groups and members are returned in a sorted order.
> >> >> >
> >> >> > Thanks in advance.
> >> >>
> >> >> An example VBScript program to document all groups in the domain and
> >> >> their
> >> >> members:
> >> >>
> >> >> http://www.rlmueller.net/Document%20Domain%20Groups.htm
> >> >>
> >> >> There is no provision to sort objects in AD. You would need to read
> >> >> the
> >> >> names into a disconnected recordset and sort the recordset, which
> >> >> would
> >> >> add
> >> >> a lot of code to the program.
> >> >>
> >> >> --
> >> >> Richard Mueller
> >> >> MVP Directory Services
> >> >> Hilltop Lab - http://www.rlmueller.net
> >> >> --
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>

>
>
>