Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Export Global Group Members samacountname(s) to Text File
Export Global Group Members samacountname(s) to Text File [message #316953] Fri, 13 November 2009 14:23 Go to next message
Stuscotland  is currently offline Stuscotland
Messages: 8
Registered: October 2009
Junior Member
Hi
I need to take the members of a global group and export their
samaccountnames. I'm sure this isn't a huge task. Can someone advise on the
least painless way to do this - i am in the middle of a 3000 user migration
and need a quick fix!

Cheers
Re: Export Global Group Members samacountname(s) to Text File [message #316966 is a reply to message #316953] Fri, 13 November 2009 14:47 Go to previous message
rlmueller-nospam  is currently offline rlmueller-nospam  United States
Messages: 292
Registered: July 2009
Senior Member
"Stuscotland" <Stuscotland@discussions.microsoft.com> wrote in message
news:38950585-04CF-4551-B39B-5E5BCE6AC15F@microsoft.com...
> Hi
> I need to take the members of a global group and export their
> samaccountnames. I'm sure this isn't a huge task. Can someone advise on
> the
> least painless way to do this - i am in the middle of a 3000 user
> migration
> and need a quick fix!
>
> Cheers

You can use dsget, but only if all members are users (no groups or
computers):

dsget group "cn=My Group,ou=West,dc=MyDomain,dc=com" -members | dsget
user -samid

Otherwise, a VBScript program can show sAMAccountName of all members of a
group:
==========
' Bind to group with Distinguished Name.
Set objGroup = GetObject("LDAP://cn=My Group,ou=West,dc=MyDomain,dc=com")

' Enumerate all direct members.
For Each objMember In objGroup.Members
Wscript.Echo objMember.sAMAccountName
Next
=========
However, if the group is large, this will be slow as it must bind to each
member object. A faster solution (but with more code) uses ADO. For example:
==============
Option Explicit
Dim adoCommand, adoConnection, strBase, strFilter, strAttributes
Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strName

' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection

' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"

' Filter on direct members of group.
strFilter = "(memberOf=cn=My Group,ou=West,dc=MyDomain,dc=com)"

' Comma delimited list of attribute values to retrieve.
strAttributes = "sAMAccountName"

' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

' Run the query.
Set adoRecordset = adoCommand.Execute

' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
' Retrieve values.
strName = adoRecordset.Fields("sAMAccountName").Value
Wscript.Echo strName
' Move to the next record in the recordset.
adoRecordset.MoveNext
Loop

' Clean up.
adoRecordset.Close
adoConnection.Close
==========
To restrict output to user objects (no groups or computers), change the
filter to:

strFilter = "(&(objectCategory=person)(objectClass=user)" _
& "(memberOf=cn=My Group,ou=West,dc=MyDomain,dc=com))"

Finally, if the group is Domain Users, then I would expect all users to have
this group designated as their "primary" group. None of the methods above
will reveal membership in this group. Instead, you must use ADO to retrieve
all users where the value of the primaryGroupID attribute is 513. For this
you can use the code I posted above, but use the filter:

strFilter = "(primaryGroupID = 513)"

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
Previous Topic:Converting OpenLDAP to AD... multi-valued CN attributes...
Next Topic:Outlook installs from share
Goto Forum:
  


Current Time: Fri Jan 19 00:41:59 MST 2018

Total time taken to generate the page: 0.01809 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software