Hello,
First, please excuse my english written
After, the script below enumerates all groups (and their members) of a user.
Perhaps, this can help you for your needs
Bye
Set FSO = CreateObject("Scripting.FileSystemObject")
Set WSHShell = WScript.CreateObject("WScript.Shell")
Set WSHNetwork = WScript.CreateObject("WScript.Network")
Set Drives = CreateObject("Scripting.Dictionary")
Set Printers = CreateObject("Scripting.Dictionary")
Set listegroupes = CreateObject("Scripting.Dictionary")
'Création d'un objet LDAP
Set rootDSE = GetObject("LDAP://rootDSE")
'Création d'un objet connexion ADO
Set Con = CreateObject("ADODB.Connection")
'Création d'un objet commande ADO
Set ocommand = CreateObject("ADODB.Command")
'Récupération du domaine d'appartenance
sDomain = rootDSE.Get("defaultNamingContext")
Set domain = GetObject("LDAP://" & sDomain)
Nom_utilisateur=WSHNetwork.UserName
Domaine_utilisateur=WSHNetwork.UserDomain
if not(membrede(Nom_utilisateur)) then
wscript.echo "no group for user " & Nom_utilisateur & "(" &
Domaine_utilisateur & ")"
else
wscript.echo "user " & Nom_utilisateur & " is member of :" & VBCRLF
For Each Group In listegroupes.items
wscript.echo "group -->" & Group & VBCRLF
Next
end if
'-------- ROUTINES RECUPERATION APPARTENANCE GROUPE-------------------'
function membrede(nomuser)
Con.Provider = "ADsDSOObject"
Con.Open "Active Directory Provider"
ocommand.ActiveConnection = Con
'build LDAP request
'initialize filter
sfilteruser="(&(objectClass=user)(|(name=" & nomuser & ")(sn="& nomuser
&")(sAMAccountName=" & nomuser & ")))" 'for user
sfiltergroup="(objectClass=group)" 'for groups
'attributes to return.
sAttribsToReturn = "memberOf" 'pour retrouver l'attribut "membre de..."
'initialize deep.
sDepth = "subTree" 'everywhere in domain
'direct membership
macommand = "<" & domain.adspath & ">;" & sfilteruser & ";" &
sAttribsToReturn & ";" & sDepth
ocommand.CommandText = macommand
Set rs = ocommand.Execute
compteur=0
if (rs.RecordCount = 1) then
rs.MoveFirst
do
mo=rs.Fields("memberof").value
if not(IsNull(mo)) then
For Each grp In mo
listegroupes.add compteur,grp
compteur=compteur+1
Next
else
membrede=FALSE
exit function
'wscript.echo "le compte " & nomuser & " n'appartient à aucun groupe" &
vbcrlf
end if
rs.movenext
loop while Not rs.EOF
else
membrede=FALSE
exit function
' wscript.echo "Petit problème"
end if
'indirect membership
index=0
do
macommand = "<LDAP://" & listegroupes(index) &">;" & sfiltergroup & ";" &
sAttribsToReturn & ";" & sDepth
'wscript.echo macommand
ocommand.CommandText = macommand
Set rs = ocommand.Execute
if (rs.RecordCount>0) then
rs.MoveFirst
do
mo=rs.Fields("memberof").value
if not(IsNull(mo)) then
For Each grp In mo
listegroupes.add compteur,grp
compteur=compteur+1
' wscript.echo grp
Next
else
' wscript.echo "pas de membre de pour:" & listegroupes(index)
end if
rs.movenext
loop while Not rs.EOF
else
' wscript.echo "pas de record trouvé"
end if
index=index+1
loop while (index<compteur)
for each cle in listegroupes
grp=right(listegroupes(cle),len(listegroupes(cle))-3)
p = Instr(1, grp, ",", 0)
grp=left(grp,p-1)
listegroupes(cle)=grp
next
membrede=TRUE
end function
'-------- FIN ROUTINES RECUPERATION APPARTENANCE GROUPE-------------------'
________________________________
De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de Mike Hogenauer
Envoyé : mardi 25 juillet 2006 20:49
À : [email protected]
Objet : [ActiveDir] Enumerating Group type and Mebership...
All,
Im trying to enumerate all groups in my AD environment. I need to get Group
name group type and group members for each group
Ive tried some sample VB scripts from
http://www.microsoft.com/technet/scriptcenter/resources/qanda/apr05/hey0419.
mspx
Then I tried (below) but It still doesnt seem to pull back everything I
need- Any help would be great! In a perfect world - J - I need a list of
all security groups and distribution groups and their members
Thanks,
Mike
Enumerate Security Groups and Member in Domain
csvde -f c:\tmp\SecurityGroups.csv -p subtree -l cn,mail,member -r
"(|(&(objectCategory=Group)(objectClass=Group)(|(groupType=-2147483644)(grou
pType=-2147483646)(groupType=-2147483640))))" -j c:\tmp
Enumerate Distribution Groups and Member in Domain
csvde -f c:\tmp\DistributionLists.csv -p subtree -l cn,mail,member -r
"(|(&(objectCategory=Group)(objectClass=Group)(|(groupType=8)(groupType=4)(g
roupType=2))))" -j c:\tmp
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx
