Recently I was helping out in a scripting forum. The topic was getting a report of all groups and their members. I have several VBScripts to do this, but an even easier and faster way is to use the DSQuery and DSGet commands from the command line. Want to see all the groups in your domain or forest simply run:
dsquery group
And you’ll get a complete list of each group and its distinguished name. How easy is that? To get the members of a group all you need is
dsget group GroupDN -members
GroupDN is the distinguished name of the group. However, you save yourself the trouble of typing because you can pipe the results of the dsquery command to dsget:
dsquery group | dsget group -members
What do you think of that? You can also use the -expand switch with dsget group if you have nested groups and want to expand the membership completely.
Now if you ran these commands you’ll see things go by pretty quickly. If you want a simple report, you can use this batch file:
@echo off
if exist membership.txt del membership.txt
dsquery group >groups.txt
::The FOR command is one single line
for /f “tokens=*” %%g in (groups.txt) do @echo %%g >>membership.txt && echo Members: >>membership.txt && dsget group %%g -members >>membership.txt && echo **************************************** >>membership.txt
::display result
notepad membership.txt
When you run this you will get a sort-of formatted report displayed in Notepad.
So the next time you’re looking for Active Directory information, don’t forget the easy to use and powerful DS commands.
Thank you for making remind the old days and power of dsquery. Indeed I felt they are more powerful and they can easily be used to include various powershell cmds to filter out results. I’ll soon post one in my blogs
Tried running this and can’t get the second part with the for/f to work correctly. I don’t have powershell installed but this doesn’t appear to reference anything within it so that shouldn’t matter.
When I run it i get *ö was unexpected at this time.
The code was copy/pasted into a batch file and run.
Any ideas?
When you copy and paste from the blog, the quotes are tokens become curly quotes. If you pasted into Notepad, delete them and re-add them and they should become the straight double quotes.
Jeff
There batch file is also attached to the blog entry as a text file you can download and rename. The link is under the tags.
Everything works but it is only going one level deep – I have
Group 1 which has members of Group 2 and Group 3. Group 1 is member of BigGroup. When I run it it does not give members from groups 2 or 3 – just from group 1.
If you have problems with the script, please post something in the appropriate forum at scriptinganswers.com