Announcement

Collapse
No announcement yet.

list of users in security groups and distribution groups

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • list of users in security groups and distribution groups

    Hi i am tring to make a list of all users in our active directory database and say what security group and distribution groups they are in, i have tried using the query function in active directoy users and computer and there doesn't seem to be anything to help?

  • #2
    Re: list of users in security groups and distribution groups

    you can use csvde to export an OU to csv file and read the attributes.

    http://www.computerperformance.co.uk...ogon_CSVDE.htm
    MCSE 2003; MCTS Vista; Sec+; CCNA
    Attitude Makes The Difference!
    in other words you got to WANT to do it..

    Comment


    • #3
      Re: list of users in security groups and distribution groups

      There are two different OU but what I need is say every one who is a member of the "administrator" group or "sales" group or "IT staff" distribution list.

      Can this be done via CSVDE? If so is there a syntax as i have not done this before.

      Comment


      • #4
        Re: list of users in security groups and distribution groups

        Try this

        create a vb script called documentgroups.vbs

        Code:
        ' DocumentGroups.vbs
        ' VBScript program to document all groups in Active Directory.
        ' Outputs group name, type of group, all members, and types of member.
        ' Lists all groups that are members, but does not list the nested group
        ' membership.
        '
        ' ----------------------------------------------------------------------
        ' Copyright (c) 2002 Richard L. Mueller
        ' Hilltop Lab web site - http://www.rlmueller.net
        ' Version 1.0 - November 10, 2002
        ' Version 1.1 - February 19, 2003 - Standardize Hungarian notation.
        ' Version 1.2 - March 11, 2003 - Remove SearchScope property.
        ' Version 1.3 - July 6, 2007 - Modify use of Fields collection of
        '                              Recordset object.
        ' Version 1.4 - July 27, 2007 - Bug fix if group name has "/" character
        ' Version 1.5 - Sept 2009 - CMS - Edited to used TSV instead of CSV.
        '
        ' This script is designed to be run at a command prompt, using the
        ' Cscript host. The output can be redirected to a text file.
        ' For example:
        ' cscript //nologo DocumentGroups.vbs > groups.txt
        '
        ' You have a royalty-free right to use, modify, reproduce, and
        ' distribute this script file in any way you find useful, provided that
        ' you agree that the copyright owner above has no warranty, obligations,
        ' or liability for such use.
        
        Option Explicit
        
        Dim adoConnection, adoCommand, objRootDSE, strDNSDomain, strQuery
        Dim adoRecordset, strDN, objGroup
        
        ' Use ADO to search Active Directory.
        Set adoConnection = CreateObject("ADODB.Connection")
        Set adoCommand = CreateObject("ADODB.Command")
        adoConnection.Provider = "ADsDSOObject"
        adoConnection.Open "Active Directory Provider"
        Set adoCommand.ActiveConnection = adoConnection
        
        ' Determine the DNS domain from the RootDSE object.
        Set objRootDSE = GetObject("LDAP://RootDSE")
        strDNSDomain = objRootDSE.Get("defaultNamingContext")
        
        ' Search for all groups, return the Distinguished Name of each.
        strQuery = "<LDAP://" & strDNSDomain _
            & ">;(objectClass=group);distinguishedName;subtree"
        adoCommand.CommandText = strQuery
        adoCommand.Properties("Page Size") = 100
        adoCommand.Properties("Timeout") = 30
        adoCommand.Properties("Cache Results") = False
        
        Set adoRecordset = adoCommand.Execute
        If (adoRecordset.EOF = True) Then
            Wscript.Echo "No groups found"
            adoRecordset.Close
            adoConnection.Close
            Set objRootDSE = Nothing
            Set adoConnection = Nothing
            Set adoCommand = Nothing
            Set adoRecordset = Nothing
            Wscript.Quit
        End If
        
        ' Enumerate all groups, bind to each, and document group members.
        Wscript.Echo "Group" & vbTab & vbTab & "Full Name" & vbTab & "Username" & vbTab & "Type" '& vbTab & "Description"
        Do Until adoRecordset.EOF
            strDN = adoRecordset.Fields("distinguishedName").Value
            ' Escape any forward slash characters with backslash.
            strDN = Replace(strDN, "/", "\/")
            Set objGroup = GetObject("LDAP://" & strDN)
            Wscript.Echo objGroup.sAMAccountName _
                & vbTab & "Type: " & GetType(objGroup.groupType) '& vbTab & vbTab & vbTab & vbTab & objGroup.description
            Wscript.Echo objGroup.sAMAccountName & vbTab & "Desc: " & objGroup.description
            Call GetMembers(objGroup)
            'Wscript.Echo vbCrLf
            Wscript.Echo vbTab
            adoRecordset.MoveNext
        Loop
        Wscript.Echo vbCrLf & "-- Export on " & DateValue(now) & " at " & TimeValue(now) & " --"
        adoRecordset.Close
        
        ' Clean up.
        adoConnection.Close
        Set objRootDSE = Nothing
        Set objGroup = Nothing
        Set adoConnection = Nothing
        Set adoCommand = Nothing
        Set adoRecordset = Nothing
        
        Function GetType(ByVal intType)
            ' Function to determine group type from the GroupType attribute.
            If ((intType And &h01) <> 0) Then
                GetType = "Built-in"
            ElseIf ((intType And &h02) <> 0) Then
                GetType = "Global"
            ElseIf ((intType And &h04) <> 0) Then
                GetType = "Local"
            ElseIf ((intType And &h08) <> 0) Then
                GetType = "Universal"
            End If
            If ((intType And &h80000000) <> 0) Then
                GetType = GetType & "/Security"
            Else
                GetType = GetType & "/Distribution"
            End If
        End Function
        
        Sub GetMembers(ByVal objADObject)
            ' Subroutine to document group membership.
            ' Members can be users or groups.
            Dim objMember, strType
            For Each objMember In objADObject.Members
                If (UCase(Left(objMember.objectCategory, 8)) = "CN=GROUP") Then
                    strType = "Group"
                Else
                    strType = "User"
                End If
                Wscript.Echo objGroup.sAMAccountName & vbTab & vbTab & objMember.CN & vbTab &  objMember.sAMAccountName _
                   & vbTab & strType '& vbTab & objMember.Description
            Next
            Set objMember = Nothing
        End Sub
        Then create a bat called documentgroups.bat
        this file should have

        Code:
        @echo off
        cscript.exe //nologo DocumentGroups.vbs > DocumentGroups.tsv
        Run the batch script to create documentgroups.tsv. Then you can manipulate it in excel.
        GoogleFu is strong with this one ^

        Comment


        • #5
          Re: list of users in security groups and distribution groups

          Thanks, this might seem like a stupid question but am I doing it right by copy and pasting the vbs script then saving it via notepad as documentgroups.vbs? the doing the same for the bat, only the tsv file is black after?

          Comment


          • #6
            Re: list of users in security groups and distribution groups

            Hi Thanks,

            I was looking online for this solution and I came across this code, which did the job spot on,

            Option Explicit
            Dim objConnection, objCommand, objRecordSet, objGroup, objRootDSE,objFile, objFileSystem, objMember
            Dim strLine
            Set objFileSystem = CreateObject("Scripting.FileSystemObject")
            Set objFile = objFileSystem.OpenTextFile("Groups.xls", 2, True, 0)
            objFile.WriteLine "Group Name" & VbTab & "Number of Members" & VbTab & "Members"

            Set objConnection = CreateObject("ADODB.Connection")
            objConnection.Provider = "ADsDSOObject"
            objConnection.Open "Active Directory Provider"
            Set objCommand = CreateObject("ADODB.Command")
            objCommand.ActiveConnection = objConnection
            Set objRootDSE = GetObject("ldap://RootDSE")
            objCommand.CommandText = "SELECT name, aDSPath,mail " &_
            "FROM 'LDAP://" & objRootDSE.Get("defaultNamingContext") & "' WHERE objectClass='group'"
            Set objRootDSE = Nothing
            objCommand.Properties("Page Size") = 1000
            objCommand.Properties("Timeout") = 600
            objCommand.Properties("Cache Results") = False
            Set objRecordSet = objCommand.Execute
            While Not objRecordSet.EOF
            Set objGroup = GetObject(objRecordSet.Fields("aDSPath"))

            strLine = objRecordSet.Fields("name") & VbTab

            strLine = strLine & objGroup.Members.Count & VbTab

            For Each objMember in objGroup.Members
            strLine = strLine & objMember.Get("name") & ","
            Next
            If Right(strLine, 1) = "," Then
            strLine = Left(strLine, Len(strLine) - 1)
            End If
            objFile.WriteLine strLine

            Set objGroup = Nothing
            objRecordSet.MoveNext
            Wend
            objConnection.Close
            Set objRecordSet = Nothing
            Set objCommand = Nothing
            Set objConnection = Nothing
            Set objFile = Nothing
            Set objFileSystem = Nothing

            Comment


            • #7
              Re: list of users in security groups and distribution groups

              Originally posted by ikon View Post
              you can use csvde to export an OU to csv file and read the attributes.

              http://www.computerperformance.co.uk...ogon_CSVDE.htm
              Security/Distribution Groups are NOT Organizational Units (OU).

              Comment

              Working...
              X