Just a quick post – I needed to dump all the members of all groups in an OU to a text file in a sort-of pretty way. The result? See below.
This short script asks the user for an LDAP path to an OU which contains groups. The script then searches that OU for all the groups, and dumps a list of all the users’ samAccountName and DisplayName into a text file, along with a count up of all the group members. For this script I just dumped it all to a file with the default file name of GroupMembers. Possibly a base for adaption this one – but might help someone.
'Gets all the members of all the groups in the specified OU.
'Outputs to a text file in the current folder.
'Craig Tolley
'3rd April 2012
'-----------------------------------------------------------
Option Explicit
'Declare all variables.
Dim objGroup, objMember, objOU, objGrp, strLDAPPath, objFSO, objOutput
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objOutput = objFSO.OpenTextFile("GroupsOutput.txt",8,True)
'Get the LDAP Path to find groups in
strLDAPPath = ""
Do While strLDAPPath = ""
strLDAPPath = InputBox("Type the path of the OU which contains the groups you want information on. e.g ""LDAP://OU=Groups,OU=Company,DC=domain,DC=local""")
Loop
objOutput.WriteLine("OU to Search: " & strLDAPPath)
objOutput.WriteLine("-----------------------------------------------------------")
objOutput.WriteLine("")
'Find the Groups in AD
Set objOU = GetObject(strLDAPPath)
objOU.Filter = Array("group")
'Cycle through the groups.
For Each objGroup in objOU
objOutput.WriteLine("Group Name: '" & objGroup.samAccountName & "'")
For Each objMember In objGroup.Members
objOutput.WriteLine(" " & objMember.sAMAccountName & " - " & objMember.DisplayName)
Next
objOutput.WriteLine( "Total Group Members: " & objGroup.Members.Count)
objOutput.WriteLine("-----------------------------------------------------------")
objOutput.WriteLine("")
Next
Msgbox("Completed Output of Groups")
Don’t forget that by default the Members property will only contain the first 1000 members by default. So if you’ve got large groups it won’t get all the members.
Another tricky bit, is that it doesn’t contain anyone whose default group is that group as the membership information is held on the user object. This shouldn’t be a problem as by default that’s Domain Users, and you shouldn’t need to change it, but I have seen environments where it has been changed.
Thanks Richard – I forgot to mention the 1000 members default limit.
Didn’t know about the default group thing though – will have to remember that in the future.
Cheers