Prev: Exchange 2007/Windows Mobile 6.5 Phone Issue
Next: Sync Sent Items by default
From: John Crouse on 7 May 2010 08:51
I am looking to query Active DIrectory in an environment with Windows
2000 DC's. Its a single domain environment. Currently I have a vbs
file that pulls the data but only for a single OU. I am looking for a
single vbs script that pull the following information:

All Groups, both security and distribution (from a single domain)
Whether they are Security or Distribution
Whether they are Global or Universal
All members of each group

I would like the output in cvs format (if possible). Like so:

GroupName, MemberName, Type(Security or DL), Scope(Global or
Universal).

If this is not obtainable I would at least like the following:

GroupName, MemberName

Any thoughts on how I might accomplish this?

Thanks,
John
From: Rich Matheisen [MVP] on 7 May 2010 19:58
On Fri, 7 May 2010 05:51:50 -0700 (PDT), John Crouse
<jcrouse.ibm(a)gmail.com> wrote:

>I am looking to query Active DIrectory in an environment with Windows
>2000 DC's. Its a single domain environment. Currently I have a vbs
>file that pulls the data but only for a single OU. I am looking for a
>single vbs script that pull the following information:

If you already have a script that does this, why not just change the
OU to the root of the AD and make sure the scope of the search is
"subtree"?
---
Rich Matheisen
MCSE+I, Exchange MVP
From: John Crouse on 10 May 2010 08:27
I wasn't sure how, what the proper syntax would be. Here is what I
have working for a single OU. How should I modify it? I also notice
there is sometimes issues with nested groups AND when membership is
greater than 1500 members. I need these two situations handled also.

On Error Resume Next

Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject")
Set oFile = FileSystem.CreateTextFile("filename.txt", True)

CRLF=CHR(13)+CHR(10)
strDC = "myDC01.123.local" 'Provide AD domain server name here
strRoot = "123.local" 'Provide domain name here
strDomain = "DC=123,DC=local" 'Provide domain name here
strGroup = "OU=Users" 'Provide OU structure here

Set DomainObj = GetObject("LDAP://" & strDC&"/"&strGroup&"," &
strDomain)
if Err.Number <0 then
wscript.echo "Failed to connect to " & strDC
wscript.quit
end If
DomainObj.Filter = Array("group")

Thanks for your help,
John
From: Rich Matheisen [MVP] on 10 May 2010 13:17
On Mon, 10 May 2010 05:27:15 -0700 (PDT), John Crouse
<jcrouse.ibm(a)gmail.com> wrote:

>I wasn't sure how, what the proper syntax would be. Here is what I
>have working for a single OU. How should I modify it? I also notice
>there is sometimes issues with nested groups AND when membership is
>greater than 1500 members. I need these two situations handled also.
>
>On Error Resume Next
>
>Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject")
>Set oFile = FileSystem.CreateTextFile("filename.txt", True)
>
>CRLF=CHR(13)+CHR(10)
>strDC = "myDC01.123.local" 'Provide AD domain server name here
>strRoot = "123.local" 'Provide domain name here
>strDomain = "DC=123,DC=local" 'Provide domain name here
>strGroup = "OU=Users" 'Provide OU structure here
>
>Set DomainObj = GetObject("LDAP://" & strDC&"/"&strGroup&"," &
>strDomain)
>if Err.Number <0 then
>wscript.echo "Failed to connect to " & strDC
>wscript.quit
>end If
>DomainObj.Filter = Array("group")

Here's one place to start:
http://gallery.technet.microsoft.com/ScriptCenter/en-us/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=activedirectory&f%5B0%5D.Text=Active%20Directory&f%5B1%5D.Type=SubCategory&f%5B1%5D.Value=groups&f%5B1%5D.Text=Groups

And this one sounds like it's what you want:
http://gallery.technet.microsoft.com/ScriptCenter/en-us/a2d6475e-50e6-4367-9aa4-c19a60674157

I didn't check to see if the code expanded groups that may be members
of a group, or if it handled recursion correctly (e.g. where a group
contains a group which contains the original group).
---
Rich Matheisen
MCSE+I, Exchange MVP
From: John Crouse on 10 May 2010 14:52
That was simply awesome and exactly what I was looking for. I wish to
add one piece of info. Do you know the property name for "ManagedBy"
for a group? I wish to add it in so I can retrieve it.


 |  Next  |  Last
Pages: 1 2
Prev: Exchange 2007/Windows Mobile 6.5 Phone Issue
Next: Sync Sent Items by default