Check group membership
Forum rules
Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Check group membership
Hello. I am trying to utilize my code and add a check within and not sure how to add what I am looking for. My code currently enumerates distribution groups without an issue. I need to have my code review each groups membership and only echo the group name IF any of the membership is a user object class, for these only groups should be a member. Need some help not sure on this. Thanks.uploads/7804/distrgroups.txt
Check group membership
This is the absolutely does it all versoin:
Code: Select all
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
strFilter = "(&(objectCategory=group)" & "(!groupType:1.2.840.113556.1.4.803:=2147483648))"
strAttributes = "Name,aDSPath"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
Set adoRecordset = adoCommand.Execute
Do Until adoRecordset.EOF
'Wscript.Echo strName & ";" & strDN
Set group = GetObject(adoRecordset.Fields("aDSPath").value)
WScript.Echo group.name
For Each member in group.Members
WScript.Echo vbTab & member.aDSPath
set obj = GetObject(member.aDSPath)
Next
adoRecordset.MoveNext
Loop
Check group membership
Sorry. The only thing I want to enumerate is if a group has a user account (object) as a member. The groups should only have groups as members not users (long story) so I want to check all distribution groups and echo any group that has a user as a memberof..........Thanks!!
Check group membership
That is what teh code does. Yu are free to change it to do as you like. Currently it prints the object class. Just test for class and display the group only when you get a 'user' class object.
Check group membership
Sorry I thought it did output the class even if just groups were members, I will go back and review the output. The code seems to run for a bit, then stops with the error: (31, 5) (null): 0x80005000, which is the line:Set group = GetObject("LDAP://" & strDN )Why would that be I did not see anytihng obvious as it goes though a bunch of groups then stops, obviously if i put on error....it skips but thats not really a good option either I wouldn't say. Thanks! I also seems to output even if the membership is null.
new_user2012-02-08 10:11:43
new_user2012-02-08 10:11:43
Check group membership
Either you have AD issues or you do not have permissions on some of the objects or you have some code issues that cannot be determined from looking at the one line.
32 lines is not what I posted. Run teh exact code I posted. If it has an error then we can look at it. If only your changed version has an error then you need to post your exact code.
32 lines is not what I posted. Run teh exact code I posted. If it has an error then we can look at it. If only your changed version has an error then you need to post your exact code.
Check group membership
Running the 2nd and 3rd one they do not produce and error but do echo the name of the group if it does not have any memebreship rather than if it did contain a user. How could I change that also?
Running the 2nd and 3rd what?
You have to be more specific. I cannot see what you are doing.
jvierra2012-02-08 14:46:42
Check group membership
That particular one was great. My goal again was to echo the name of the group ONLY if the group had a member that was a user object. Sorry if I amnot explaining clear. I need to examine the groups and the groups' memebers and if for some reason a membr of the group was a user, echo the group name.
Check group membership
That particular one was great.
My goal again was to echo the name of the group ONLY if the group had a member that was a user object. Sorry if I amnot explaining clear. I need to examine the groups and the groups' memebers and if for some reason a membr of the group was a user, echo the group name.
Yes - you have all of the pieces. Change the code to make it do what you need. Use the original code as a reference point.
Hint: You can add logic to detect a user object in the loop and set flag when you detect a user object then exit the inner loop. In the outer loop use the flag to skip reporting the group becuese it has a user object.