Check group membership

Anything VBScript-related, including Windows Script Host, WMI, ADSI, and more.
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
User avatar
new_user
Posts: 157
Joined: Wed May 30, 2007 7:01 am

Check group membership

Post by new_user » Tue Feb 07, 2012 2:21 am

Hello. I am trying to utilize my code and add a check within and not sure how to add what I am looking for. My code currently enumerates distribution groups without an issue. I need to have my code review each groups membership and only echo the group name IF any of the membership is a user object class, for these only groups should be a member. Need some help not sure on this. Thanks.uploads/7804/distrgroups.txt

User avatar
jvierra
Posts: 13292
Joined: Tue May 22, 2007 9:57 am
Contact:

Check group membership

Post by jvierra » Tue Feb 07, 2012 1:40 pm

This is the absolutely does it all versoin:

Code: Select all

Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
strFilter = "(&(objectCategory=group)" & "(!groupType:1.2.840.113556.1.4.803:=2147483648))" 
strAttributes = "Name,aDSPath"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
Set adoRecordset = adoCommand.Execute

Do Until adoRecordset.EOF
    'Wscript.Echo strName & ";" & strDN
    Set group = GetObject(adoRecordset.Fields("aDSPath").value)
    WScript.Echo group.name
    For Each member in group.Members
        WScript.Echo vbTab & member.aDSPath
        set obj = GetObject(member.aDSPath)
    Next
    adoRecordset.MoveNext
Loop

User avatar
new_user
Posts: 157
Joined: Wed May 30, 2007 7:01 am

Check group membership

Post by new_user » Wed Feb 08, 2012 1:02 am

Sorry. The only thing I want to enumerate is if a group has a user account (object) as a member. The groups should only have groups as members not users (long story) so I want to check all distribution groups and echo any group that has a user as a memberof..........Thanks!!

User avatar
jvierra
Posts: 13292
Joined: Tue May 22, 2007 9:57 am
Contact:

Check group membership

Post by jvierra » Wed Feb 08, 2012 2:09 am

That is what teh code does. Yu are free to change it to do as you like. Currently it prints the object class. Just test for class and display the group only when you get a 'user' class object.

User avatar
new_user
Posts: 157
Joined: Wed May 30, 2007 7:01 am

Check group membership

Post by new_user » Wed Feb 08, 2012 3:07 am

Sorry I thought it did output the class even if just groups were members, I will go back and review the output. The code seems to run for a bit, then stops with the error: (31, 5) (null): 0x80005000, which is the line:Set group = GetObject("LDAP://" & strDN )Why would that be I did not see anytihng obvious as it goes though a bunch of groups then stops, obviously if i put on error....it skips but thats not really a good option either I wouldn't say. Thanks! I also seems to output even if the membership is null.
new_user2012-02-08 10:11:43

User avatar
jvierra
Posts: 13292
Joined: Tue May 22, 2007 9:57 am
Contact:

Check group membership

Post by jvierra » Wed Feb 08, 2012 4:00 am

Either you have AD issues or you do not have permissions on some of the objects or you have some code issues that cannot be determined from looking at the one line.

32 lines is not what I posted. Run teh exact code I posted. If it has an error then we can look at it. If only your changed version has an error then you need to post your exact code.

User avatar
jvierra
Posts: 13292
Joined: Tue May 22, 2007 9:57 am
Contact:

Check group membership

Post by jvierra » Wed Feb 08, 2012 7:23 am



Running the 2nd and 3rd one they do not produce and error but do echo the name of the group if it does not have any memebreship rather than if it did contain a user. How could I change that also?


Running the 2nd and 3rd what?

You have to be more specific. I cannot see what you are doing.
jvierra2012-02-08 14:46:42

User avatar
new_user
Posts: 157
Joined: Wed May 30, 2007 7:01 am

Check group membership

Post by new_user » Wed Feb 08, 2012 8:54 am

That particular one was great. My goal again was to echo the name of the group ONLY if the group had a member that was a user object. Sorry if I amnot explaining clear. I need to examine the groups and the groups' memebers and if for some reason a membr of the group was a user, echo the group name.

User avatar
jvierra
Posts: 13292
Joined: Tue May 22, 2007 9:57 am
Contact:

Check group membership

Post by jvierra » Wed Feb 08, 2012 9:25 am


That particular one was great.
My goal again was to echo the name of the group ONLY if the group had a member that was a user object. Sorry if I amnot explaining clear. I need to examine the groups and the groups' memebers and if for some reason a membr of the group was a user, echo the group name.


Yes - you have all of the pieces. Change the code to make it do what you need. Use the original code as a reference point.

Hint: You can add logic to detect a user object in the loop and set flag when you detect a user object then exit the inner loop. In the outer loop use the flag to skip reporting the group becuese it has a user object.


User avatar
new_user
Posts: 157
Joined: Wed May 30, 2007 7:01 am

Check group membership

Post by new_user » Wed Feb 08, 2012 9:36 am

Will try but not sure I can pull off what I am looking to do. Thanks

Locked