h1

Export Active Directory Group members list

March 3, 2009

I found this script a while back. It will create a list of all the Groups and there members in your Active directory domain. Just copy the text below into an empty text document and rename to something like GetGroupMembers.vbs .

Dim sResultText,Grps,MemberList
Dim oRootDSE, oConnection, oCommand, oRecordSet
Set oRootDSE = GetObject(”LDAP://rootDSE”)
Set oConnection = CreateObject(”ADODB.Connection”)
oConnection.Open “Provider=ADsDSOObject;”
Set objCommand = CreateObject(”ADODB.Command”)
objCommand.ActiveConnection = oConnection

ldstring = “;”

objCommand.CommandText=ldstring & “(objectClass=group);name,SamAccountName”

Set oRecordSet = objCommand.Execute()
Do While Not oRecordSet.EOF
sResultText = sResultText & oRecordSet.Fields(”samAccountName”) & vbCrLf
‘WScript.Echo oRecordSet.Fields(”samAccountName”) & vbCrLf
MemberList=RetrieveUsers(dom,oRecordSet.Fields(”samAccountName”))
‘WScript.Echo Memberlist
sResultText = sResultText & memberlist & vbCrLf & “************************************” & vbCrLf

oRecordSet.MoveNext
Loop
‘Wscript.Echo sResultText

Set fso = CreateObject(”Scripting.FileSystemObject”)
Set ts = fso.CreateTextFile (dom & “DomainGroupUsers.txt”, ForWriting)
ts.write sResultText
MsgBox “Done”

‘*****************************************************************************************
‘*****************************************************************************************
Function RetrieveUsers(domainName,grpName)

dim dom
dim grp
dim GrpObj
dim mbrlist
dim mbr

‘——————————————————————————-
‘ *** Enumerate Group Members ***
‘——————————————————————————-

grp = grpName
Set objDomain = getObject(”LDAP://rootDse”)
domainName = objDomain.Get(”dnsHostName”)
‘ Build the ADSI query and retrieve the group object
Set GrpObj = GetObject(”WinNT://” & domainName & “/” & grp & “,group”)

‘ Loop through the group membership and build a string containing the names
for each mbr in GrpObj.Members
On error resume next
mbremail = SearchEmail(mbr.name)
If Err Then
mbrlist = mbrlist & vbTab & mbr.name & vbCrLf
Else
‘if you don’t want the email addresses, then copy the line 2 up to below
mbrlist = mbrlist & vbTab & mbr.name & vbTab & vbTab & mbremail+ vbCrLf
End If
Next

‘The next line returns mbrlist back up to the main body
RetrieveUsers=mbrlist

End Function

Public Function SearchEmail(ByVal vSAN)
‘ Function: SearchDistinguishedName
‘ Description: Searches the DistinguishedName for a given SamAccountName
‘ Parameters: ByVal vSAN – The SamAccountName to search
‘ Returns: The DistinguishedName Name
Dim oRootDSE, oConnection, oCommand, oRecordSet

Set oRootDSE = GetObject(”LDAP://rootDSE”)
Set oConnection = CreateObject(”ADODB.Connection”)
oConnection.Open “Provider=ADsDSOObject;”
Set oCommand = CreateObject(”ADODB.Command”)
oCommand.ActiveConnection = oConnection
oCommand.CommandText = ”
“>;(&(objectCategory=User)(samAccountName=” & vSAN & “));mail;subtree”
Set oRecordSet = oCommand.Execute
On Error Resume Next
SearchEmail = oRecordSet.Fields(”mail”)
On Error GoTo 0
oConnection.Close
Set oRecordSet = Nothing
Set oCommand = Nothing
Set oConnection = Nothing
Set oRootDSE = Nothing
End Function

Double click on the new created file and give it a few moments (Depends on the size and number of groups in your domain). There is no display while it is running. After is completed that will be a text file with all the information is. You can the import this file in to excel.

Download the script Here (Rename the file to a .zip )

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: