Announcement

Collapse
No announcement yet.

Get a list of users in a Distribution list or Security Group

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Get a list of users in a Distribution list or Security Group

    Can I use DSQuery to do this and if so, what's the syntax?

    Windows2003
    |
    +-- JDMils
    |
    +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
    |

  • #2
    Re: Get a list of users in a Distribution list or Security Group

    Originally posted by JDMils
    Can I use DSQuery to do this and if so, what's the syntax?

    Windows2003
    Personally i would use CSVDE.

    This is the syntax i use to extract user info from AD

    csvde -d "ou=users,ou=whatever,ou=whatever,dc=whatever,dc=c om" -l "cn,department,title,mail,telephonenumber,mobi le" -f filepath

    This then extract the info

    CN
    Department
    Title
    Mail
    Telephone Number
    Mobile Number

    Comment


    • #3
      Re: Get a list of users in a Distribution list or Security Group

      If you also require an expansion of nested groups, you might want to look at the following script I once wrote:
      http://guy.netguru.co.il/uploads/EnumDLGroup.vbs.txt

      Code:
      ' EnumDLGroup.vbs
      ' The script will enumerate all members (users and contacts) of a 
      ' given Distribution List.
      ' Nested groups are expanded.
      ' No duplicates will be output as the script uses Scripting.Dictionary object
      ' for intermidiate membership storage.
      
      ' Created by Guy Teverovsky August 03, 2005
      
      Option Explicit
      
      
      Dim rs,conn
      Set conn = CreateObject("ADODB.Connection")
      conn.Provider = "ADSDSOObject"
      conn.Open "ADs Provider"
      
      
      Dim oMembersList
      Set oMembersList = CreateObject("Scripting.Dictionary")
      oMembersList.CompareMode = vbTextCompare
      
      Dim arrKeys,i,sDLsamAccountName,sGroupDN
      
      '----------Start Change me------------------
      sDLsamAccountName = "TEST"
      '-----------End Change me-------------------
      
      
      sGroupDN = findDLGroup(sDLsamAccountName)
      enumGroupMembers sGroupDN
      
      
      arrKeys = oMembersList.Keys   ' Get the keys.
      For i = 0 To oMembersList.Count -1 
      	WScript.Echo arrKeys(i) & ": " & oMembersList(arrKeys(i))
      Next
      
      
      'Clean up
      Set conn 		= Nothing
      Set oMembersList	= Nothing
      
      
      '==============================================================
      '			Subroutines
      '==============================================================
      
      
      '==============================================================
      ' Locate a distribution list by sAMAccountName
      ' 
      ' Parameters:
      '	- sAMAccountName: the NT-style name of the DL
      '==============================================================
      
      Function findDLGroup(sAMAccountName)
      	Dim objRootDSE, domainContainer, oGroup,ldapStrExchDL
      	Set objRootDSE	= GetObject("LDAP://RootDSE")
      	domainContainer = objRootDSE.Get("defaultNamingContext")
      	ldapStrExchDL = "<LDAP://" & domainContainer & _
      		">;(&(objectCategory=group)(!groupType:1.2.840.113556.1.4.803:=2147483648)(sAMAccountName=" & sAMAccountName & "));adspath;subtree"
      	Set rs = conn.Execute(ldapStrExchDL)
      	If Not rs.EOF Then
      		Set oGroup = GetObject (rs.Fields(0).Value)
      		findDLGroup = oGroup.distinguishedName
      	Else
      		WScript.Echo "Group not found"
      		WScript.Quit 0
      	End If
      	Set objRootDSE = Nothing
      End Function
      
      
      '==============================================================
      ' Recursive subroutine to enumerate members of a given group
      ' 
      ' Parameters:
      '	- sObjDN: group object's DN to enumerate it's members
      '==============================================================
      Sub enumGroupMembers(sObjDN)
      	Dim oContainer, obj, sDN	
      
        	Set oContainer=GetObject ("LDAP://" & sObjDN)  	
      	
      	For each obj in oContainer.members
        		Select Case LCase(obj.Class)  	
      		Case "user" , "contact"
      			If Not oMembersList.Exists(obj.sAMAccountName) Then
      				oMembersList.Add obj.sAMAccountName, obj.Get("mail")
      			End If
      		Case "contact"
      			If Not oMembersList.Exists(obj.Get("mail")) Then
      				oMembersList.Add obj.Get("mail"), obj.Get("mail")
      			End If								
      		Case "group"
      			EnumGroupMembers obj.distinguishedName
      		End Select 		
      	Next
      End Sub
      Guy Teverovsky
      "Smith & Wesson - the original point and click interface"

      Comment


      • #4
        Re: Get a list of users in a Distribution list or Security Group

        Hi Mr. Guy T,

        First of all thanks to your reference over here.

        I'm trying to use it, however from some unknown reasons it gave me nothing...
        In function 'findDLGroup' you check if 'Not rs.EOF' and from unknown reason it's goes to the else part... i tried to play with it and change it, with no success

        I truly hope you could help me to determine what could be the problem over there?

        Thanks a lot!
        Eldad

        Comment


        • #5
          Re: Get a list of users in a Distribution list or Security Group

          Have you changed the saMAccountName of the DL group you are trying to enumerate ? Or do you need to enumerate a bunch of DL grouos ?
          Guy Teverovsky
          "Smith & Wesson - the original point and click interface"

          Comment


          • #6
            Re: Get a list of users in a Distribution list or Security Group

            Hi,

            Thanks a lot to your quick responce.

            yes, i've chenge it, the code looks like that after changes were made in the functions you made:

            ldapStrExchDL : <LDAP://DC=corp,DC=amdocs,DC=com>;(&(objectCategory=group) (!groupType:1.2.840.113556.1.4.803:=214748364(sAMAccountName=*IMIS Clarify CRM Projects));adspath;subtree

            the only thing that i changed is the 'sAMAccountName=' part, all other data is retrieved by your functions.

            After running this query i get a nul record set.

            Thanks a lot!
            Eldad

            Comment


            • #7
              Re: Get a list of users in a Distribution list or Security Group

              Looks like the group is a security group. The filter in my script looks only for distribution groups.

              Just change the following line:
              Code:
              	ldapStrExchDL = "<LDAP://" & domainContainer & _
              		">;(&(objectCategory=group)(!groupType:1.2.840.113556.1.4.803:=2147483648)(sAMAccountName=" & sAMAccountName & "));adspath;subtree"
              to:
              Code:
              	ldapStrExchDL = "<LDAP://" & domainContainer & _
              		">;(&(objectCategory=group)(objectclass=group)(sAMAccountName=" & sAMAccountName & "));adspath;subtree"
              This will search for both distribution AND security groups
              Guy Teverovsky
              "Smith & Wesson - the original point and click interface"

              Comment


              • #8
                Re: Get a list of users in a Distribution list or Security Group

                Hi,

                Thanks a lot!

                It's solve the problem.

                Have a nice day!

                Eldad

                Comment


                • #9
                  Re: Get a list of users in a Distribution list or Security Group

                  Just out of curiosity, how does one debug a VBS script? Can you trace the code line-by-line and have watches on variables like .Net?
                  |
                  +-- JDMils
                  |
                  +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
                  |

                  Comment


                  • #10
                    Re: Get a list of users in a Distribution list or Security Group

                    Originally posted by JDMils View Post
                    Just out of curiosity, how does one debug a VBS script? Can you trace the code line-by-line and have watches on variables like .Net?
                    how to debug a vb script
                    1 1 was a racehorse.
                    2 2 was 1 2.
                    1 1 1 1 race 1 day,
                    2 2 1 1 2

                    Comment


                    • #11
                      Re: Get a list of users in a Distribution list or Security Group

                      Damn that Google thing!
                      |
                      +-- JDMils
                      |
                      +-- Regional Systems Engineer, DotNet programmer & Jack of all trades
                      |

                      Comment

                      Working...
                      X