Announcement

Collapse
No announcement yet.

Looping through members of a group

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Looping through members of a group

    Now here is a bit of a challenge.

    When a user logs onto a workstation, I will execute this script to perform a number of duties. No problems here

    I have the name of a group (Called MyGroup) in Domain X. This group can have both users and computers as members from both Domain X and Domain Y (both domains fully trust each other and are in the same forest). No problems here.

    The script that is executed on login is given the name of the user logging onto the workstation, the name of the workstation, and the group name MyGroup. No problem here.

    The problem is as follows:

    How do I loop through the list of members of MyGroup so that I can test a username and/or computername against it? (The user and/or computer can be a member of either domain)

    I have the code for determining which groups a given user is a member of; but I can't figure out how to retrieve the list of members of a given group.

    Can anyone help with this? Sample code would be helpful if available....

    Thanks in advance.

    James

  • #2
    Re: Looping through members of a group

    Code:
    On Error Resume Next
     
    Set objGroup = GetObject _
      ("LDAP://cn=MyGroup,ou=Users,dc=domainx,dc=com")
    objGroup.GetInfo
     
    arrMemberOf = objGroup.GetEx("member")
     
    WScript.Echo "Members:"
    For Each strMember in arrMemberOf
        WScript.echo strMember
    Next
    Taken from MS script centre.
    http://www.microsoft.com/technet/scr...s/default.mspx

    topper
    * Shamelessly mentioning "Don't forget to add reputation!"

    Comment


    • #3
      Re: Looping through members of a group

      Thanks very much for the code and link, its a help.

      Now I am getting an error on the one line. The error is "There is no such object on the server.", error code 80072030, and the source is "(null)".

      The line that gives the error is as follows:
      Set objGroup = GetObject("LDAP://cn=Software-Skype,ou=Users,dc=omfihq,dc=net")

      The modification of the line to check the child domain is as follows:
      Set objGroup = GetObject("LDAP://cn=Software - Skype Computers,ou=Users,dc=ihqoffice.dc=omfihq,dc=net")

      Both lines give the same error.

      Am I doing something wrong here?

      Comment


      • #4
        Re: Looping through members of a group

        What is your domain name ?
        what is the OU called ?
        and what is the Group called ?

        topper
        * Shamelessly mentioning "Don't forget to add reputation!"

        Comment


        • #5
          Re: Looping through members of a group

          I currently have 2 different groups in 2 different domains.

          Group 1 Domain: omfihq.net (The network domain name is ISC)
          Group 1 Name of Group: Software-Skype
          Group 1 OU: Not really sure - I guess it would be "Users" as it is in the same Container/OU as the rest of my users are in.

          Group 2 Domain: ihqoffice.omfihq.net (The network domain name is IHQADMIN)
          Group 2 Name of Group: Software - Skype Computers
          Group 2 OU: Not really sure - I guess it would be "Users" as it is in the same Container/OU as the rest of my users are in.

          Comment


          • #6
            Re: Looping through members of a group

            If the group is in the Users OU then the script lines you posted should be correct, but it's not finding the group for some reason.

            You need to double check which OU the group is located in. This is just done from within Active Directory Users and Computers Admin console.

            topper
            * Shamelessly mentioning "Don't forget to add reputation!"

            Comment


            • #7
              Re: Looping through members of a group

              The groups are definitely in the Users Container/OU - I created and populated their membership myself.

              Now, I am attempting to run this script on a workstation and now the server - does or should that make a difference?

              Another view on it, instead of coding:

              Set objGroup = GetObject("LDAP://cn=Software-Skype,ou=Users,dc=omfihq,dc=net")

              would the following be correct?

              Set objGroup = GetObject("LDAP://cn=Software-Skype,container=Users,dc=omfihq,dc=net")

              (EDIT: I actually get the same error message if I try that.....)
              Last edited by JamesNesbitt; 25th August 2005, 09:39. Reason: Update on code test

              Comment


              • #8
                Re: Looping through members of a group

                I've always just used OU= so I'm not sure.

                The script works fine on my test environment so there is no issue with the script.

                It's not finding the group for some reason.

                a) The LDAP string is wrong somewhere.
                or
                b) The account you are running the script under hasn't got the appropriate permissions.

                topper

                P.S. Have you saved the script as a VBS script ?
                * Shamelessly mentioning "Don't forget to add reputation!"

                Comment


                • #9
                  Re: Looping through members of a group

                  Okay, the script is saved as VBScript (.vbs file).

                  The user account that I am logged on with has Domain Adminstrator priviledges, so I am guessing it *should* have the appropriate permissions; although the option of appropriate permissions makes a certain amount of sense as it works in your environment. I'll have to get some of the sample script off the Microsoft site (from the link you gave) and do some testing. I'll update the progress on this tommorrow or next week Thursday (Got a conference comming up that I have to attend).

                  If the LDAP string is wrong, I just cannot tell which part is incorrect. Can anyone tell if any part of the LDAP string is incorrect? If so, which part?

                  Thanks for the help so far, Topper!

                  James

                  Comment


                  • #10
                    Re: Looping through members of a group

                    try using dc=local at the end so

                    Set objGroup = GetObject("LDAP://cn=Software-Skype,ou=Users,dc=omfihq,dc=local")
                    MCSE 2000\2003, A+
                    00000001-00000011-00000011-00000111

                    Comment


                    • #11
                      Re: Looping through members of a group

                      Originally posted by pcking999
                      try using dc=local at the end so

                      Set objGroup = GetObject("LDAP://cn=Software-Skype,ou=Users,dc=omfihq,dc=local")
                      Have I missed something ? Is his Domain name omfihq.local ? Thought it was omfihq.net ??
                      * Shamelessly mentioning "Don't forget to add reputation!"

                      Comment


                      • #12
                        Re: Looping through members of a group

                        Hello!

                        Now this is interesting!

                        Now I get a different error from the same line as before

                        Error: A referral was returned from the server
                        Code: 8007202B
                        Source: (null)

                        Anyone know what this means?

                        Thanks for the tip, pcking999!

                        Comment


                        • #13
                          Re: Looping through members of a group

                          it means the domain does not exist.

                          http://computerperformance.co.uk/Log...e_8007202B.htm

                          topper
                          * Shamelessly mentioning "Don't forget to add reputation!"

                          Comment


                          • #14
                            Re: Looping through members of a group

                            Originally posted by JamesNesbitt
                            I currently have 2 different groups in 2 different domains.

                            Group 1 Domain: omfihq.net (The network domain name is ISC)
                            Group 1 Name of Group: Software-Skype
                            Group 1 OU: Not really sure - I guess it would be "Users" as it is in the same Container/OU as the rest of my users are in.

                            Group 2 Domain: ihqoffice.omfihq.net (The network domain name is IHQADMIN)
                            Group 2 Name of Group: Software - Skype Computers
                            Group 2 OU: Not really sure - I guess it would be "Users" as it is in the same Container/OU as the rest of my users are in.
                            Folks, the default "Users" and "Computers" containers are NOT OU's. Their objectClass is not organizationalUnit, but rather "container".
                            In AD there are 3 naming attributes: CN, OU and DC.
                            DC is used to represent the domain name (i.e.: dc=domain,dc=com)
                            OU is used to represent objects of organizationalUnit object class (i.e.: "ou=Domain Controllers,dc=domain,dc=com")
                            CN is used for everything else (i.e.: "cn=mydc,ou=Domain Controllers,dc=domain,dc=com")
                            Guy Teverovsky
                            "Smith & Wesson - the original point and click interface"

                            Comment


                            • #15
                              Re: Looping through members of a group

                              Originally posted by topper
                              Have I missed something ? Is his Domain name omfihq.local ? Thought it was omfihq.net ??

                              It is omfihq.net - thats why got the domain does not exist error message.

                              Thanks for defining the error and refering another potentially interesting site

                              Comment

                              Working...
                              X