Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Tool to list group members
Tool to list group members [message #157029] Mon, 29 June 2009 13:46 Go to next message
CarlN  is currently offline CarlN  United States
Messages: 11
Registered: July 2009
Junior Member
Is there a tool available to output a list of group members. I would like
to have something that could be run by a few users without programming
experience.

thanks

Carl

--
Re: Tool to list group members [message #157030 is a reply to message #157029] Mon, 29 June 2009 14:11 Go to previous messageGo to next message
rlmueller-nospam  is currently offline rlmueller-nospam  United States
Messages: 292
Registered: July 2009
Senior Member
Carl wrote:

> Is there a tool available to output a list of group members. I would
> like to have something that could be run by a few users without
> programming experience.
>

To enumerate the direct members of the group with "pre-Windows 2000" name
"Test Group":

dsquery group domainroot -samid "Test Group" | dsget group -members

Or, using Joe Richards' free adfind utility:

adfind -b "dc=MyDomain,dc=com" -f "(sAMAccountName=Test Group)" member

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
Re: Tool to list group members [message #157031 is a reply to message #157029] Mon, 29 June 2009 14:33 Go to previous messageGo to next message
Marcin  is currently offline Marcin  United States
Messages: 273
Registered: July 2009
Senior Member
For local groups, use
net localgroup groupname

For domain groups, assuming that you are interested in direct membership
only, the following would suffice:
dsget group "DN" -members
where DN represents distinguished name of the group object...

hth
Marcin

"CRhadley" <carl@anywhere.com> wrote in message
news:Od7NXEO%23JHA.2824@TK2MSFTNGP03.phx.gbl...
> Is there a tool available to output a list of group members. I would
> like to have something that could be run by a few users without
> programming experience.
>
> thanks
>
> Carl
>
> --
>
Re: Tool to list group members [message #157039 is a reply to message #157031] Mon, 29 June 2009 21:33 Go to previous messageGo to next message
Garry Starck-MCITP En  is currently offline Garry Starck-MCITP En
Messages: 69
Registered: July 2009
Member
Hi

ADExplorer (All GUI Based) - Freely Downloadable

Regards
--
Garry Starck
MCITP Enterprise Administrator, MCTS AD, MCSE 2003 Messaging, MCDBA


"Marcin" wrote:

> For local groups, use
> net localgroup groupname
>
> For domain groups, assuming that you are interested in direct membership
> only, the following would suffice:
> dsget group "DN" -members
> where DN represents distinguished name of the group object...
>
> hth
> Marcin
>
> "CRhadley" <carl@anywhere.com> wrote in message
> news:Od7NXEO%23JHA.2824@TK2MSFTNGP03.phx.gbl...
> > Is there a tool available to output a list of group members. I would
> > like to have something that could be run by a few users without
> > programming experience.
> >
> > thanks
> >
> > Carl
> >
> > --
> >
>
>
>
Re: Tool to list group members [message #157236 is a reply to message #157029] Thu, 02 July 2009 13:07 Go to previous messageGo to next message
markdmac  is currently offline markdmac  United States
Messages: 139
Registered: July 2009
Senior Member
You can run a report with my script:

'=======================================================================
===
'
' NAME: GetGroupMembers.vbs
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL: http://www.thespidersparlor.com
' DATE  : 3/23/2005
'
' COMMENT: Dumps group members to text file.
'	
' THIS SCRIPT AND MANY MORE CAN BE FOUND IN THE ADMIN SCRIPT PACK
' HTTP://WWW.THESPIDERSPARLOR.COM/PRODUCTS
'
'    THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
'    ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO
'    THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
'    PARTICULAR PURPOSE.
'
'    IN NO EVENT SHALL THE SPIDER'S PARLOR AND/OR ITS RESPECTIVE
SUPPLIERS
'    BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
'    DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
'    WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
'    ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
'    OF THIS CODE OR INFORMATION.
'=======================================================================
===

Dim sResultText,Grps,MemberList
Dim oRootDSE, oConnection, oCommand, oRecordSet
Set oRootDSE = GetObject("LDAP://rootDSE")
Set oConnection = CreateObject("ADODB.Connection")
oConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = oConnection

ldstring = "<LDAP://" & oRootDSE.get("defaultNamingContext") & ">;" 

objCommand.CommandText=ldstring &
"(objectClass=group);name,SamAccountName"

Set oRecordSet = objCommand.Execute()
Do While Not oRecordSet.EOF
	sResultText = sResultText & oRecordSet.Fields("samAccountName") &
vbCrLf
	'WScript.Echo oRecordSet.Fields("samAccountName") & vbCrLf
	MemberList=RetrieveUsers(dom,oRecordSet.Fields("samAccountName"))
	'WScript.Echo Memberlist
	sResultText = sResultText & memberlist & vbCrLf &
"************************************" & vbCrLf
	
	oRecordSet.MoveNext
Loop
'Wscript.Echo sResultText


Set fso = CreateObject("Scripting.FileSystemObject")
Set ts = fso.CreateTextFile (dom & "DomainGroupUsers.txt", ForWriting)
ts.write sResultText
MsgBox "Done"


'***********************************************************************
******************
'***********************************************************************
******************
Function RetrieveUsers(domainName,grpName)

dim dom
dim grp
dim GrpObj
dim mbrlist
dim mbr

'-----------------------------------------------------------------------
--------
' *** Enumerate Group Members ***
'-----------------------------------------------------------------------
--------

grp = grpName
Set objDomain = getObject("LDAP://rootDse")
domainName = objDomain.Get("dnsHostName")
' Build the ADSI query and retrieve the group object
Set GrpObj = GetObject("WinNT://" & domainName & "/" & grp & ",group")

' Loop through the group membership and build a string containing the
names
for each mbr in GrpObj.Members
   On error resume next
   mbremail = SearchEmail(mbr.name)  
   If Err Then
	   mbrlist = mbrlist & vbTab & mbr.name & vbCrLf
   Else
   'if you don't want the email addresses, then copy the line 2 up to
below
	   mbrlist = mbrlist & vbTab & mbr.name & vbTab & vbTab & mbremail+
vbCrLf
   End If
Next

'The next line returns mbrlist back up to the main body
RetrieveUsers=mbrlist

End Function

Public Function SearchEmail(ByVal vSAN)
    ' Function:     SearchDistinguishedName
    ' Description:  Searches the DistinguishedName for a given
SamAccountName
    ' Parameters:   ByVal vSAN - The SamAccountName to search
    ' Returns:      The DistinguishedName Name
    Dim oRootDSE, oConnection, oCommand, oRecordSet

    Set oRootDSE = GetObject("LDAP://rootDSE")
    Set oConnection = CreateObject("ADODB.Connection")
    oConnection.Open "Provider=ADsDSOObject;"
    Set oCommand = CreateObject("ADODB.Command")
    oCommand.ActiveConnection = oConnection
    oCommand.CommandText = "<LDAP://" &
oRootDSE.get("defaultNamingContext") & _
        "<;(&(objectCategory=User)(samAccountName=" & vSAN &
"));mail;subtree"
    Set oRecordSet = oCommand.Execute
    On Error Resume Next
    SearchEmail = oRecordSet.Fields("mail")
    On Error GoTo 0
    oConnection.Close
    Set oRecordSet = Nothing
    Set oCommand = Nothing
    Set oConnection = Nothing
    Set oRootDSE = Nothing
End Function
	
RE: Tool to list group members [message #157297 is a reply to message #157029] Sun, 05 July 2009 21:22 Go to previous message
jvartanian  is currently offline jvartanian
Messages: 2
Registered: June 2009
Junior Member
The book "Windows Administration Resource Kit: Productive Solutions for IT
Professionals" has a nice little simple HTA that does this. It even gives
you members of nested groups. Because it has an exteremly simple interface,
it would be perfect for use by less technical users.

-Joseph

"CRhadley" wrote:

> Is there a tool available to output a list of group members. I would like
> to have something that could be run by a few users without programming
> experience.
>
> thanks
>
> Carl
>
> --
>
>
>
Previous Topic:Is Lsass.exe the "heart" of the Active Directory engine?
Next Topic:Proböem with external time source
Goto Forum:
  


Current Time: Sat Oct 21 18:57:43 EDT 2017

Total time taken to generate the page: 0.03135 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software