Check group membership

Anything VBScript-related, including Windows Script Host, WMI, ADSI, and more.
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 12 years and 1 month old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked
User avatar
new_user
Posts: 157
Last visit: Tue May 06, 2014 5:46 pm

Check group membership

Post by new_user »

Hello. I am trying to utilize my code and add a check within and not sure how to add what I am looking for. My code currently enumerates distribution groups without an issue. I need to have my code review each groups membership and only echo the group name IF any of the membership is a user object class, for these only groups should be a member. Need some help not sure on this. Thanks.uploads/7804/distrgroups.txt
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Check group membership

Post by jvierra »

This is the absolutely does it all versoin:

Code: Select all

Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
strFilter = "(&(objectCategory=group)" & "(!groupType:1.2.840.113556.1.4.803:=2147483648))" 
strAttributes = "Name,aDSPath"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
Set adoRecordset = adoCommand.Execute

Do Until adoRecordset.EOF
    'Wscript.Echo strName & ";" & strDN
    Set group = GetObject(adoRecordset.Fields("aDSPath").value)
    WScript.Echo group.name
    For Each member in group.Members
        WScript.Echo vbTab & member.aDSPath
        set obj = GetObject(member.aDSPath)
    Next
    adoRecordset.MoveNext
Loop
User avatar
new_user
Posts: 157
Last visit: Tue May 06, 2014 5:46 pm

Check group membership

Post by new_user »

Sorry. The only thing I want to enumerate is if a group has a user account (object) as a member. The groups should only have groups as members not users (long story) so I want to check all distribution groups and echo any group that has a user as a memberof..........Thanks!!
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Check group membership

Post by jvierra »

That is what teh code does. Yu are free to change it to do as you like. Currently it prints the object class. Just test for class and display the group only when you get a 'user' class object.
User avatar
new_user
Posts: 157
Last visit: Tue May 06, 2014 5:46 pm

Check group membership

Post by new_user »

Sorry I thought it did output the class even if just groups were members, I will go back and review the output. The code seems to run for a bit, then stops with the error: (31, 5) (null): 0x80005000, which is the line:Set group = GetObject("LDAP://" & strDN )Why would that be I did not see anytihng obvious as it goes though a bunch of groups then stops, obviously if i put on error....it skips but thats not really a good option either I wouldn't say. Thanks! I also seems to output even if the membership is null.
new_user2012-02-08 10:11:43
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Check group membership

Post by jvierra »

Either you have AD issues or you do not have permissions on some of the objects or you have some code issues that cannot be determined from looking at the one line.

32 lines is not what I posted. Run teh exact code I posted. If it has an error then we can look at it. If only your changed version has an error then you need to post your exact code.
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Check group membership

Post by jvierra »



Running the 2nd and 3rd one they do not produce and error but do echo the name of the group if it does not have any memebreship rather than if it did contain a user. How could I change that also?


Running the 2nd and 3rd what?

You have to be more specific. I cannot see what you are doing.
jvierra2012-02-08 14:46:42
User avatar
new_user
Posts: 157
Last visit: Tue May 06, 2014 5:46 pm

Check group membership

Post by new_user »

That particular one was great. My goal again was to echo the name of the group ONLY if the group had a member that was a user object. Sorry if I amnot explaining clear. I need to examine the groups and the groups' memebers and if for some reason a membr of the group was a user, echo the group name.
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

Check group membership

Post by jvierra »


That particular one was great.
My goal again was to echo the name of the group ONLY if the group had a member that was a user object. Sorry if I amnot explaining clear. I need to examine the groups and the groups' memebers and if for some reason a membr of the group was a user, echo the group name.


Yes - you have all of the pieces. Change the code to make it do what you need. Use the original code as a reference point.

Hint: You can add logic to detect a user object in the loop and set flag when you detect a user object then exit the inner loop. In the outer loop use the flag to skip reporting the group becuese it has a user object.

User avatar
new_user
Posts: 157
Last visit: Tue May 06, 2014 5:46 pm

Check group membership

Post by new_user »

Will try but not sure I can pull off what I am looking to do. Thanks
This topic is 12 years and 1 month old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked