Dump a list of all AD groups in a Domain, and their users


Copy the script between the red line.

=============================================================

‘VBScript to output to text file the members of all groups

On Error Resume Next

Set objArgs=wscript.Arguments

If objArgs(0)<>”-dn” Then

wscript.echo “Dumping group membership using full DN…”

Else

wscript.echo “Dumping group membership using only first CN part…”

End If

‘Stuff for creating output text file

Const OutputFile = “.\groupdump.txt”

Set Fso = CreateObject(“Scripting.FileSystemObject”)

Set Wshshell = Wscript.CreateObject(“Wscript.Shell”)

Set Output = Fso.OpentextFile(OutputFile, 2, True)

Set ADSIRootDSE = GetObject(“LDAP://RootDSE”)

ADSINamingNC = ADSIRootDSE.Get(“rootDomainNamingContext”)

Set ADSIConnection = CreateObject(“ADODB.Connection”)

ADSIConnection.Provider = “ADsDSOObject”

ADSIConnection.Open “ADs Provider”

ADSIQueryText = “<LDAP://” & ADSINamingNC & “>;(&(objectCategory=group));name,distinguishedName;subtree”

Set ADSICommand = CreateObject(“ADODB.Command”)

Set ADSICommand.ActiveConnection = ADSIConnection

ADSICommand.CommandText = ADSIQueryText

ADSICommand.Properties(“Page Size”) = 100

ADSICommand.Properties(“Timeout”) = 60

ADSICommand.Properties(“searchscope”) = 2

ADSICommand.Properties(“Cache Results”) = False

Set ADSIResult = ADSICommand.Execute

Do While not ADSIResult.EOF

Output.WriteLine

Output.WriteLine

Output.WriteLine “Group: ” & ADSIResult.Fields(“name”).Value

Output.WriteLine “===============================================================”

Set GetDN = GetObject(“LDAP://” & ADSIResult.Fields(“distinguishedName”).Value)

strAllValues = GetDN.GetEx(“member”)

iGroupCount = 0

For each strValue in strAllValues

If Len(strValue) = 0 Then

Output.WriteLine “There are no members in this group.”

Else

iGroupCount = iGroupCount + 1

If objArgs(0)<>”-dn” Then

Output.WriteLine strValue

Else

Call Stripper(strValue)

Output.WriteLine tmp

End If

End If

Next

Output.WriteLine “Total members in group: ” & iGroupCount

Set strAllValues = Nothing

ADSIResult.MoveNext

Loop

Output.Close

wscript.echo “Operation has finished.”

Wscript.quit

Function Stripper(StripperString)

pos = InStr(1, StripperString, “cn=”, vbTextCompare)

If pos <> 0 Then

tmp = Mid(StripperString, pos + 3)

pos = InStr(tmp, “,”)

If pos <> 0 Then tmp = Mid(tmp, 1, pos – 1)

End If

End Function

=============================================================

Advertisements
Dump a list of all AD groups in a Domain, and their users

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s