I would.... Generate a list of all users in the list. Depending on how you do this it could be a map, a hash, a dictionary, blah blah woof woof. Whatever... It is an associative array that has for its key, the userid. This list should be generated by recursing up through any nesting as well assuming you allow this via nesting. This would be done with an LDAP call to the group for the member attribute and chase recursively as needed.
Now that you have that I would then do a query against all users for the employeetype=s. i.e. "&(objectcategory=person)(samaccountname=*)(employeetype=s)" Now that you have the S employees and the membership you can loop through the S employees and looking them up in the hash. If only S employees are supposed to be in the group then when you look people up in the hash, you mark the value as "OK". If they aren't in that group, you flag them as missing. Then you loop through the hash and look at all of the values and any that don't have OK shouldn't be in the group and you flag them. joe -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Creamer, Mark Sent: Tuesday, October 26, 2004 1:08 PM To: [EMAIL PROTECTED] Subject: [ActiveDir] script logic question I need to make sure all users where the value of attribute employeeType is "S" are members of a given group. Right now I only want to report on it, not actually change the group membership. Logically, what is the most efficient way to achieve this? 1. do I place the membership of the group into an array and then loop through all the users to see if they are in the array 2. do I loop through all the users and check each one's memberOf for the existence of the group? I think option 1 seems better than 2, but I'm willing to bet someone has a much better idea. Thanks! Mark List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
