Listing all the users in a group

  • Thread starter Thread starter M
  • Start date Start date
M

M

Hi,

Just wondering if it is possible to list all the users in an AD group,
without having to fill in everything of the OU location. This, as we
are having lots of such requests, and are losing lots of time with it.

Right now we just do it with the command

dsget group
"cn=GROUPNAME,ou=users,ou=london,ou=gb,dc=eu,dc=corporate,dc=company,dc=com"
-members -expand

Is there any way (and I'm not asking for an exact script of course) to
be able to do it without filling in everything
(ou=users,ou=london,ou=gb) ?

Thanks for assistance.

M
 
M said:
Just wondering if it is possible to list all the users in an AD group,
without having to fill in everything of the OU location. This, as we
are having lots of such requests, and are losing lots of time with it.

Right now we just do it with the command

dsget group
"cn=GROUPNAME,ou=users,ou=london,ou=gb,dc=eu,dc=corporate,dc=company,dc=com"
-members -expand

Is there any way (and I'm not asking for an exact script of course) to
be able to do it without filling in everything
(ou=users,ou=london,ou=gb) ?
Click to expand...

If you just have the NetBIOS name of the group, you can use the
NameTranslate object to convert to the Distinguished Name. See this link for
more info:

http://www.rlmueller.net/NameTranslateFAQ.htm

For example:
=========
' Constants for the NameTranslate object.

Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1

' Specify the NetBIOS name of the domain and group.

strDomain = "MyDomain"
strGroup= "MyGroup"

' Use the NameTranslate object to convert the NetBIOS name to the
' Distinguished Name required for the LDAP provider.
Set objTrans = CreateObject("NameTranslate")

' Initialize NameTranslate by locating the Global Catalog.
objTrans.Init ADS_NAME_INITTYPE_GC, ""
' Use the Set method to specify the NT format of the object name.
objTrans.Set ADS_NAME_TYPE_NT4, strDomain & "\" & strGroup

' Use the Get method to retrieve the RPC 1779 Distinguished Name.
strGroupDN = objTrans.Get(ADS_NAME_TYPE_1779)

' Bind to the group object in Active Directory with the LDAP provider.
Set objGroup = GetObject("LDAP://" & strGroupDN)



' Enumerate direct members of the group.

For Each objMember In objGroup.Member

Wscript.Echo objMember.sAMAccountName

Next
 
Hi

dsget as well as most other commands to get this type of information
require the distinguished name of an object. To simplify the process of
getting the DN you can use the dsquery command:
dsquery group -name test*

This will list off the DNs of all groups starting with test. You can then
use the DN in the dsget command. You can also look into some third party
tools as some may have the functionality you are looking for.

Hope this helps,

Brian Delaney
Microsoft Canada
 
M wrote:

Just wondering if it is possible to list all the users in an AD group,
without having to fill in everything of the OU location. This, as we
are having lots of such requests, and are losing lots of time with it.

Right now we just do it with the command

dsget group
"cn=GROUPNAME,ou=users,ou=london,ou=gb,dc=eu,dc=corporate,dc=company,dc=com"
-members -expand

Is there any way (and I'm not asking for an exact script of course) to
be able to do it without filling in everything
(ou=users,ou=london,ou=gb) ?
Click to expand...

The example I gave earlier is a VBScript program. Another option is to use
Joe Richards' ADFind utililty, which is free:

http://www.joeware.net/win/free/tools/adfind.htm

The following command will return the Distinguished Name (DN) of a group
given the NetBIOS name, plus the DN's of the members.

adfind -b dc=MyDomain,dc=com -f "sAMAccountName=MyGroup" member
 
M said:
Hi,

Just wondering if it is possible to list all the users in an AD group,
without having to fill in everything of the OU location. This, as we
are having lots of such requests, and are losing lots of time with it.

Right now we just do it with the command

dsget group
"cn=GROUPNAME,ou=users,ou=london,ou=gb,dc=eu,dc=corporate,dc=company,dc=com"
-members -expand

Is there any way (and I'm not asking for an exact script of course) to
be able to do it without filling in everything
(ou=users,ou=london,ou=gb) ?

Thanks for assistance.

M
Click to expand...

Guys,

Thanks for all the help. Apparantly it was possible just by doing:

dsquery group -name "group name" | dsget group -members -expand | dsget
user -fn -ln

Regards,

Mike
 
Back
Top