HPE Community
Windows Server 2003
1821984 Members
3331 Online
109638 Solutions
New Discussion юеВ

help extracting group members in AD?

 
DaveVPL
Advisor

тАО04-25-2006 10:52 PM

тАО04-25-2006 10:52 PM

help extracting group members in AD?

Hello can anyone point me to a nice scrip or tool to use, I want to extract a list of member in a group in ad. example dd-fla-tl-map is the name of the group. If someone could help me out this would be nice, just showing me the bits I need to edit for my own domain, groups in the scrip. I have user showmbrs but it just hangs on some groups, some it is fine and outputs a nice list to a text file.

Many thanks

Dave
0 Kudos
10 REPLIES 10
Igor Karasik
Honored Contributor

тАО04-26-2006 12:29 AM

тАО04-26-2006 12:29 AM

Re: help extracting group members in AD?

You can use scripts from
http://www.microsoft.com/technet/scriptcenter/scripts/ad/groups/default.mspx
for example http://tinyurl.com/od9v5

or dsget command:
dsget group "GroupDN" -members
0 Kudos
DaveVPL
Advisor

тАО04-26-2006 02:25 AM

тАО04-26-2006 02:25 AM

Re: help extracting group members in AD?

ive tried this one

http://www.microsoft.com/technet/scriptcenter/scripts/ad/groups/adgpvb13.mspx

On Error Resume Next

Set objGroup = GetObject _
("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")
objGroup.GetInfo

arrMemberOf = objGroup.GetEx("member")

WScript.Echo "Members:"
For Each strMember in arrMemberOf
WScript.echo strMember
Next


and I renamed all these parts to my domain
("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")

but I get nothing? it finds nothing, Ive ran it from the cmd prmpt, remaned it VBS, but it just pops up with nothing..... what else do I need to modify?

Dave


0 Kudos
Jon Finley
Honored Contributor

тАО04-26-2006 12:20 PM

тАО04-26-2006 12:20 PM

Re: help extracting group members in AD?

Here's another one to play with:

Dim array, objArguments, strGroup
Set objArguments = Wscript.Arguments
If WScript.Arguments.Count = 0 then
Wscript.Echo "Syntax: cscript //nologo LocalGroupMembers.vbs GroupName"
Wscript.Quit
End If
strGroup = objArguments(0)
Set objNetwork = CreateObject("WScript.Network")
strComputer = objNetwork.ComputerName
Set objGroup = GetObject("WinNT://" & strComputer & "/" & strGroup & ",group")
For Each objMember In objGroup.Members
array = Split(objMember.Parent,"/")
If UCASE(array(Ubound(array))) = UCASE(strComputer) Then
WScript.Echo """" & objMember.Name & """"
else
WScript.Echo """" & array(Ubound(array)) & "\" & objMember.Name & """"
End If
Next


Jon
"Do or do not. There is no try!" - Yoda
0 Kudos
Robert S. Carr
Trusted Contributor

тАО04-26-2006 05:06 PM

тАО04-26-2006 05:06 PM

Re: help extracting group members in AD?

Dave:

There is a tool called local found in the resource kit. Basically

local group_name domain_name

will display the members of the group group_name in the domain domain_name.

see
http://www.ss64.com/nt/local.html
http://www.petri.co.il/download_free_reskit_tools.htm

An alternative is the mmc. Occassionally I have a need to export a list of members in an AD container. This may or may not be the same as a group in your AD. You can do this with the mmc (microsoft management console):

1) At the cmd prompt, type mmc

2) Go the File menu then select Add/Remove Snap-in...

3) On the Standalone tab click on Add

4) You'll see a list. Look for the snap-in called Active Directory Users and Computers

5) You should see a list of your AD containers. You may have a container called users but you may also have a container called Accounting and within that container called Staff. If you were to click on Staff, select members and then click on the Export icon at the top of the screen you can export the list of users in that container.

You could also try

net group mygroup

on the domain controller. It should list the names of mygroup.

Rob

0 Kudos
Igor Karasik
Honored Contributor

тАО04-26-2006 06:27 PM

тАО04-26-2006 06:27 PM

Re: help extracting group members in AD?

>>but I get nothing? it finds nothing, Ive ran it from the cmd prmpt, remaned it VBS, but it just pops up with nothing..... what else do I need to modify?

You need to modify ONLY LDAP string, I think you problem is LDAP string.
If you have mistake in LDAP string you will really have "pops up with nothing".
If you group is in Users container (I think it is default in AD) you string must be like:
"CN=Aerolight,CN=Users,DC=test,DC=stam,DC=com", where Aerolight is group name in container users in domain test.stam.com
Note: CN=Users and not OU=Users as in microsoft example.

I usually use ADSI edit tool and get LDAP string from properties (distinguishedName) of the group (just copy/paste).
0 Kudos
Lucky Luciano
Regular Advisor

тАО04-26-2006 06:41 PM

тАО04-26-2006 06:41 PM

Re: help extracting group members in AD?

On Error Resume Next

Dim groupname

groupname=InputBox("Enter group name" & chr(13),"Group members","IntUsr")

tempstr= "LDAP://cn=" & groupname & ",OU=GROUPS,OU=Site_name,dc=domain,dc=com"
Set objOU = GetObject(tempstr)
objGroup.GetInfo

arrMemberOf = objGroup.GetEx("member")

Const ForRead=1
Const ForWrite=2
Const ForAppending = 8


Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = objFSO.OpenTextFile("c:\results\group_members_" & groupname & ".txt", ForWrite, True)

For Each strMember in arrMemberOf
objTextFile.WriteLine(strMember)
Next
objTextFile.Close

We have all groups in one conatiner so I did modification to become "user friendly" and to give imput to file

I admire your fashionable running shoes!
0 Kudos
Melissa Schaefer
Advisor

тАО04-27-2006 12:01 AM

тАО04-27-2006 12:01 AM

Re: help extracting group members in AD?

Check out http:\\www.scriptlogic.com
Try the security reporter. It is best to install it on a server. (sql is optional) If you call them they would help walk you through installing it. They have a 30 day free trial. I highly recommend it.
0 Kudos
studerje
Advisor

тАО04-27-2006 04:24 AM

тАО04-27-2006 04:24 AM

Re: help extracting group members in AD?

I use Hyena for most all my AD needs. The reporting functionalities allow you to extract almost anything about users/groups/computers etc from AD.
Download here:
http://www.systemtools.com/hyena/download.htm

I believe that it has a fully functioning 30-day trial.

I've been using it since its early days while administering NT4.0 stuff.
Hope this helps

-J.S.
0 Kudos
Pieter 't Hart
Honored Contributor

тАО04-27-2006 09:34 PM

тАО04-27-2006 09:34 PM

Re: help extracting group members in AD?

1) example dd-fla-tl-map is the name of the group
2) and I renamed all these parts to my domain
("LDAP://cn=Scientists,ou=R&D,dc=NA,dc=fabrikam,dc=com")

apearantly you missed some change.
i should expect "LDAP://cn=dd-fla-tl-map...."
maybe the "ou=R&D" also needs change?

Pieter
0 Kudos
Carlos Guillermo Musume
New Member

тАО01-26-2009 08:32 AM

тАО01-26-2009 08:32 AM

Re: help extracting group members in AD?

I develop a FREE tool to extract the List of Users from selected AD Groups and export results to a Excel file.

Check for AD Group Members in http://ctxadmtools.musumeci.com.ar
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.