Display group Membership

  • Thread starter Thread starter Aaron Custer
  • Start date Start date
A

Aaron Custer

Is there a way to export/display the members of a specific global group? I
need to
be able to copy the usernames into a text file.

Thank you
Aaron
 
Is there a way to export/display the members of a specific global group? I
need to
be able to copy the usernames into a text file.

Thank you
Aaron
Click to expand...

Using Adfind.exe freeware from tip 5898 » Freeware ADFind.
in the 'Tips & Tricks' at http://www.jsifaq.com

Xgrp "CN=Domain Admins,CN=Users,DC=JSIINC,DC=COM" c:\folder\members.txt

where Xgrp.bat contains:
@echo Off
if {%2}=={} @echo Syntax XGrp "GroupDN" File&goto :EOF
setlocal
set grp=%1
set grp="%grp:"=%"
set file=%2
set adf=adfind -nodn -b %grp% member
for /f "Tokens=1*" %%a in ('%adf%^|find ">member:"') do (
@echo %grp% "%%b">>%file%
)
endlocal

If you use c:\folder\members.txt for the next group, Xgrp.bat will append the info.

Jerold Schulman
Windows Server MVP
JSI, Inc.
http://www.jsiinc.com
http://www.jsifaq.com
 
watch for line wrap

export members of a group:

ldifde -f file.txt -d "cn=Group1ou=USERS,dc=mydomain,dc=com" -l member
-s servername
 
watch for line wrap

export members of a group:

ldifde -f file.txt -d "cn=Group1ou=USERS,dc=mydomain,dc=com" -l member
-s servername
 
Aaron,

I might suggest that you take a look at ldifde or csvde to do this. Jerold
has offered another way. There is also scripting ( but that is a bit more
complicated.... ).

An example using ldifde might look like this:

ldifde -f c:\system\groups.ldf -s dc01.yourdomain.com -t 389 -d
"dc=yourdomain,dc=com" -r "(objectClass=group)" -p subtree.

This would give you everything for each and every group in the
'yourdomain.com' domain. You might want to customize this a little bit.
You might store all of your security groups in an OU called 'SecurityGroups'
and all of your distribution groups in an OU called 'DistributionGroups'.
In that case the command might look like this:

ldifde -f c:\system\secgroups.ldf -s dc01.yourdomain.com -t 389 -d
"ou=securitygroups,dc=yourdomain,dc=com" -r "(objectClass=group)" -p
subtree.

ldifde -f c:\system\distgroups.ldf -s dc01.yourdomain.com -t 389 -d
"ou=distributiongroups,dc=yourdomain,dc=com" -r "(objectClass=group)" -p
subtree.

You could also use the -l switch ( that is the lower case letter 'L' ) to
further limit what the results hold. So, you might want to add at the
following at the end of the above command: -l
"DN,sAMAccountName,member,blah!,blah!,blah!"

HTH,

--
Cary W. Shultz
Roanoke, VA 24012

WIN2000 Active Directory MVP
http://www.activedirectory-win2000.com
(soon to be updated!!!)
http://www.grouppolicy-win2000.com
(soon to be updated!!!)
 
Back
Top