jw said:
Ever since Serbanes Oxley I have been asked for lists of information
regarding AD. I have to get lists of users, lists of group membership,
address lists, who has access to this, etc. When will Microsoft come out
with
easier ways to get these lists? Using LDIFDE and CSVDE are so cumbersome.
I
HATE SOX !!!!!!!!!
Hi,
VBScript programs using ADO can retrieve much of this information. A program
to document all group membership is linked here:
http://www.rlmueller.net/Document Domain Groups.htm
It shows direct membership only (not nested), but is shows what groups are
members, so it can be inferred. It also does not reveal membership in the
"Primary" group, but all users should have "Domain Users" designated as
their "Primary". It also documents distribution lists, if that's what you
mean by address lists.
If it helps, here is a program that documents the membership of a designated
group:
http://www.rlmueller.net/List Members of a Group.htm
It accepts the Distinguished Name of a group as a parameter and displays
membership, including due to nesting. It can also be used to document
membership in "Domain Users".
Next, a VBScript program to document all users in the domain:
http://www.rlmueller.net/Create User List 2.htm
Docmenting who has access or permissions to various objects is a huge task.
A sample VBScript program to document the security for a designated object
is linked here:
http://www.rlmueller.net/DACL.htm
Finally, a VBScript program to document the major components in your forest
is linked here:
http://www.rlmueller.net/DocumentForest.htm
Mostly, this demonstrates what can be done and the general methods. Even if
you use csvde I would suggest using batch scripts to run the commands, so
you can save the scripts and not have to re-invent things later.
