PHWinfo - Afficher un message - Re: List members of Global group in NT domain.

07/10/2007, 11h34

Afsal wrote:

> My Boss wants list of members in 4 global groups in NT domain, in
> following format,
> 1. Full Name
> 2. NT logon Name
> 3. The group the user is member of (out of the 4 groups)
> Each group has about 200 users and it is impossible to get user
> information
> using net groups or global(NT Resource kit utility) commands.
> Any scripting ?
>
> Thank you in Advance.

It can be done using ADO in a VBScript program. To trick is to query on
users that have any of the 4 group Distinguished Names in their memberOf
attribute. You must specify the full Distinguished Names of the groups. By
"Full Name" I assume you mean the Common Name (the value of the cn
attribute).

Retrieving the values of the cn and sAMAccountName attributes is easy. The
hard part is also outputing which of the 4 groups the user belongs to. The
only way I can think of is to retrieve all group memberships, loop through
them, and test for each of the 4. In the example below I delimit the values
with semicolons.
===========
Option Explicit
Dim adoCommand, adoConnection, strBase, strFilter, strAttributes
Dim objRootDSE, strDNSDomain, strQuery, adoRecordset
Dim strGroup1, strGroup2, strGroup3, strGroup4
Dim strCN, strNTName, arrGroups, strGroup, strList

' Specify Distinguished Names of groups.
strGroup1 = "cn=Sales,ou=West,dc=MyDomain,dc=com"
strGroup2 = "cn=Engr,ou=East,dc=MyDomain,dc=com"
strGroup3 = "cn=Accounting,ou=North,dc=MyDomain,dc=com"
strGroup4 = "cn=IT,ou=South,dc=MyDomain,dc=com"

' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection

' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"

' Filter on all users that are members of any of 4 groups.
strFilter = "(&(objectCategory=person)(objectClass=user)" _
& "(|" _
& "(memberOf=" & strGroup1 & ")" _
& "(memberOf=" & strGroup2 & ")" _
& "(memberOf=" & strGroup3 & ")" _
& "(memberOf=" & strGroup4 & ")" _
& "))" _

' Comma delimited list of attribute values to retrieve.
strAttributes = "cn,sAMAccountName,memberOf"

' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

' Run the query.
Set adoRecordset = adoCommand.Execute

' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
' Retrieve values.
strCN = adoRecordset.Fields("cn").Value
strNTName = adoRecordset.Fields("sAMAccountName").Value
arrGroups = adoRecordset.Fields("memberOf").Value
strList = ""
' We know there is at least one group membership.
' Only list memberships in any of the 4 specified.
For Each strGroup In arrGroups
If (strGroup = strGroup1) Or (strGroup = strGroup2) _
Or (strGroup = strGroup3) Or (strGroup = strGroup4) Then
strList = strList & ";" & strGroup
End If
Next
' The value of strList starts with ";".
Wscript.Echo strCN & ";" & strNTName & strList
' Move to the next record in the recordset.
adoRecordset.MoveNext
Loop

' Clean up.
adoRecordset.Close
adoConnection.Close
===============
For more on using ADO in VBScript programs, see this link:

http://www.rlmueller.net/ADOSearchTips.htm

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--

07/10/2007, 11h34	#1
Richard Mueller [MVP] Messages: n/a Hébergeur:	Re: List members of Global group in NT domain. Afsal wrote: > My Boss wants list of members in 4 global groups in NT domain, in > following format, > 1. Full Name > 2. NT logon Name > 3. The group the user is member of (out of the 4 groups) > Each group has about 200 users and it is impossible to get user > information > using net groups or global(NT Resource kit utility) commands. > Any scripting ? > > Thank you in Advance. It can be done using ADO in a VBScript program. To trick is to query on users that have any of the 4 group Distinguished Names in their memberOf attribute. You must specify the full Distinguished Names of the groups. By "Full Name" I assume you mean the Common Name (the value of the cn attribute). Retrieving the values of the cn and sAMAccountName attributes is easy. The hard part is also outputing which of the 4 groups the user belongs to. The only way I can think of is to retrieve all group memberships, loop through them, and test for each of the 4. In the example below I delimit the values with semicolons. =========== Option Explicit Dim adoCommand, adoConnection, strBase, strFilter, strAttributes Dim objRootDSE, strDNSDomain, strQuery, adoRecordset Dim strGroup1, strGroup2, strGroup3, strGroup4 Dim strCN, strNTName, arrGroups, strGroup, strList ' Specify Distinguished Names of groups. strGroup1 = "cn=Sales,ou=West,dc=MyDomain,dc=com" strGroup2 = "cn=Engr,ou=East,dc=MyDomain,dc=com" strGroup3 = "cn=Accounting,ou=North,dc=MyDomain,dc=com" strGroup4 = "cn=IT,ou=South,dc=MyDomain,dc=com" ' Setup ADO objects. Set adoCommand = CreateObject("ADODB.Command") Set adoConnection = CreateObject("ADODB.Connection") adoConnection.Provider = "ADsDSOObject" adoConnection.Open "Active Directory Provider" adoCommand.ActiveConnection = adoConnection ' Search entire Active Directory domain. Set objRootDSE = GetObject("LDAP://RootDSE") strDNSDomain = objRootDSE.Get("defaultNamingContext") strBase = "<LDAP://" & strDNSDomain & ">" ' Filter on all users that are members of any of 4 groups. strFilter = "(&(objectCategory=person)(objectClass=user)" _ & "(\|" _ & "(memberOf=" & strGroup1 & ")" _ & "(memberOf=" & strGroup2 & ")" _ & "(memberOf=" & strGroup3 & ")" _ & "(memberOf=" & strGroup4 & ")" _ & "))" _ ' Comma delimited list of attribute values to retrieve. strAttributes = "cn,sAMAccountName,memberOf" ' Construct the LDAP syntax query. strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree" adoCommand.CommandText = strQuery adoCommand.Properties("Page Size") = 100 adoCommand.Properties("Timeout") = 30 adoCommand.Properties("Cache Results") = False ' Run the query. Set adoRecordset = adoCommand.Execute ' Enumerate the resulting recordset. Do Until adoRecordset.EOF ' Retrieve values. strCN = adoRecordset.Fields("cn").Value strNTName = adoRecordset.Fields("sAMAccountName").Value arrGroups = adoRecordset.Fields("memberOf").Value strList = "" ' We know there is at least one group membership. ' Only list memberships in any of the 4 specified. For Each strGroup In arrGroups If (strGroup = strGroup1) Or (strGroup = strGroup2) _ Or (strGroup = strGroup3) Or (strGroup = strGroup4) Then strList = strList & ";" & strGroup End If Next ' The value of strList starts with ";". Wscript.Echo strCN & ";" & strNTName & strList ' Move to the next record in the recordset. adoRecordset.MoveNext Loop ' Clean up. adoRecordset.Close adoConnection.Close =============== For more on using ADO in VBScript programs, see this link: http://www.rlmueller.net/ADOSearchTips.htm -- Richard Mueller Microsoft MVP Scripting and ADSI Hilltop Lab - http://www.rlmueller.net --