Identify which users are missing from a group

  • Thread starter Thread starter Frank Huston
  • Start date Start date
F

Frank Huston

Does anyone have a script that can tell me which users are missing
from a group? Windows 2000 server and exchange 2000. The group is
called "Everyones Email" and we have some users missing from the group
but no quick way of telling who they are...

Thanks!!
Frank
 
Frank,

I would think that you would have to find a script that would query first
the entire Active Directory user 'list' and then the membership of that
group and then have it spit out which user account objects that are 'listed'
in Active Directory are not a member of that group. Or possibly query the
'memberOf' attribute.

But I am no scripter!

How did you set this up? Is the 'Everyone's Email' group a Local
Distribution Group or a Global Distribution Group or a Universal
Distribution Group? Is the membership of this 'Everyone's Email' group
based on group membership or did you manually make each user account object
in your environment a member of this group?

HTH,

Cary
 
I'm not a scripter either and that is the problem. :) I agree with you
about the process though. As for the rest of your questions, the group
is a Universal Distribution Group we created to keep everyone in
touch. It should include all staff accounts but somewhere in the
process of adding accounts, we failed to follow procedure and missed a
few folks. Now I want to audit the entire list to make sure we have
everyone.

I found a way to accomplish what I wanted by running two of the
resource tools Showmbrs and Usrstat, then doing a diff comparison of
the resulting output files. It wasn't pretty but it worked. I would
still like to have a "simple script" process for the future if anyone
has something or develops one...

Thanks!!
Frank
 
Frank,

Glad that you figured out a way. You are right, it does not sound so
pretty! But, who cares; it worked!

A note about Universal Groups: you do not want to make the individual user
account objects a direct member of the Universal Group. So, if you have 300
user account objects you do not want to have 300 individual user account
objects as members of that Universal Group. You want to populate the
Universal Groups with other groups. So, say that you have a Distribution
Group called 'Managers' and say that you have a Distribution Group called
'Assistants' ( or take your pick - '2nd Floor Employees' and '3rd Floor
Employees' would work as well ). Each and every one of those 300 user
accounts would be a member of one or the either. You would want to nest both
the Managers and the Assistants Distribution Groups as members of the
Universal Group.

Does this make any sense?

HTH,

Cary

Frank Huston said:
I'm not a scripter either and that is the problem. :) I agree with you
about the process though. As for the rest of your questions, the group
is a Universal Distribution Group we created to keep everyone in
touch. It should include all staff accounts but somewhere in the
process of adding accounts, we failed to follow procedure and missed a
few folks. Now I want to audit the entire list to make sure we have
everyone.

I found a way to accomplish what I wanted by running two of the
resource tools Showmbrs and Usrstat, then doing a diff comparison of
the resulting output files. It wasn't pretty but it worked. I would
still like to have a "simple script" process for the future if anyone
has something or develops one...

Thanks!!
Frank

"Cary Shultz [A.D. MVP]" <[email protected]> wrote in message
Frank,

I would think that you would have to find a script that would query first
the entire Active Directory user 'list' and then the membership of that
group and then have it spit out which user account objects that are 'listed'
in Active Directory are not a member of that group. Or possibly query the
'memberOf' attribute.

But I am no scripter!

How did you set this up? Is the 'Everyone's Email' group a Local
Distribution Group or a Global Distribution Group or a Universal
Distribution Group? Is the membership of this 'Everyone's Email' group
based on group membership or did you manually make each user account object
in your environment a member of this group?

HTH,

Cary
Click to expand...
Click to expand...
 
See tip 7409 in the 'Tips & Tricks' at http://www.jsiinc.com

AllGroups /N "Everyones Email"

will list all domain member who are not members of "Everyones Email"

I'm not a scripter either and that is the problem. :) I agree with you
about the process though. As for the rest of your questions, the group
is a Universal Distribution Group we created to keep everyone in
touch. It should include all staff accounts but somewhere in the
process of adding accounts, we failed to follow procedure and missed a
few folks. Now I want to audit the entire list to make sure we have
everyone.

I found a way to accomplish what I wanted by running two of the
resource tools Showmbrs and Usrstat, then doing a diff comparison of
the resulting output files. It wasn't pretty but it worked. I would
still like to have a "simple script" process for the future if anyone
has something or develops one...

Thanks!!
Frank
Click to expand...


Jerold Schulman
Windows: General MVP
JSI, Inc.
http://www.jsiinc.com
 
Frank,

Glad that you figured out a way. You are right, it does not sound so
pretty! But, who cares; it worked!

A note about Universal Groups: you do not want to make the individual user
account objects a direct member of the Universal Group. So, if you have 300
user account objects you do not want to have 300 individual user account
objects as members of that Universal Group. You want to populate the
Universal Groups with other groups. So, say that you have a Distribution
Group called 'Managers' and say that you have a Distribution Group called
'Assistants' ( or take your pick - '2nd Floor Employees' and '3rd Floor
Employees' would work as well ). Each and every one of those 300 user
accounts would be a member of one or the either. You would want to nest both
the Managers and the Assistants Distribution Groups as members of the
Universal Group.

Does this make any sense?
Click to expand...

this is the way i have created distro lists also. (i can't believe it..before
i arrived, there were NO distro lists. if anyone wanted to send a mail,
they added all 300-odd e-mail addresses to an e-mail...urgh..talk about
ugly!)

the way i did it was as follows:

1. group all users into OUs (finance, it, accounts, finman...etc)
2. then created distro mailing lists (finance, it, accounts, finman..etc) and added
all the members of those OUs into the relative mailing distro groups.
3. i then created an allstaff mail distro list and added all the OU groups into it.


so if i delete one user from say, the finance group, he will be deleted from the
finance distro list, and by default, also from the allstaff distro list.

i think this is the way cary has explained it. all easy enough to do...unfortunately
it was manual also....


hth,
bernard

--
 
Thanks to both of you for the great input. we will rethink the
process. Thanks again!

Frank
 
Back
Top