Skip to main content

VBS script - List out all domain groups with users

This is a little VBS script I pieced together back in 2007. Its purpose is to connect to Active Directory and list out all domain groups and their users into a nice CSV file. If you have proper permissions on the domain just double click and it will save a csv file to c:\groupswithusers.csv. Purpose: List out all domain groups with users Note: There could be an issue listing out Domain Users group that I never fixed.

'Tony Unger Nov 2007
'if you have questions, i may or may not be able to answer them
'This script returns all the groups with their members in this format
'"Group,Display name,Account Name,Group Scope,Group Type"
'I did it that way for easy import into excel
'Tested to work on
'2000 Mixed mode
'2000 Native Mode
'2003 Mode
'It should auto find the domain it is ran from.. if not look for strDNSDomain and fill in your information
'This was pieced together from many sources but mainly
'http://www.computerperformance.co.uk/vbscript/index.htm
'And a few others
'Use at your own risk, but i have never had an issue running this.

On Error Resume Next
Dim PathtoCSV
Dim Dil
PathtoCSV = "c:\GroupsWithUsers.csv" ' change the path here
dil = ","    'how do you want the values to be separated ?  by , ; etc
Dim objConnection, objCommand, objRootDSE, strDNSDomain
Dim strFilter, strQuery, objRecordSet, strgt
DIM fso, GuyFile ' write to text file


Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")


objConnection.Provider = "ADsDSOOBject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
Set objRootDSE = GetObject("LDAP://RootDSE") 'bind the user object to Active Directory
Set fso = CreateObject("Scripting.FileSystemObject")
Set GuyFile = fso.CreateTextFile(PathtoCSV, True)

'Writes 1st line(Header) to text file
GuyFile.WriteLine("Group Name" & dil & "Display Name" & dil & "Account Name" & dil & "Group Scope" & dil &  "Group Type" & dil & "Last Password Set")

'Get domain if this doesn't work in auto finding the domain can try the commented out
strDNSDomain = objRootDSE.Get("defaultNamingContext")
'strDNSDomain = DC=microsoft,DC=com

strBase = ""

'Define the filter elements
strFilter = "(&(objectCategory=group))"

'List all attributes you will require
strAttributes = "distinguishedName,sAMAccountName,groupType"

'compose query
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 99999
objCommand.Properties("Timeout") = 300
objCommand.Properties("Cache Results") = False

Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst

Do Until objRecordSet.EOF
    strDN = objRecordSet.Fields("distinguishedName") ' returns ldap path
    strSA = objRecordSet.Fields("sAMAccountName") ' returns Group name
    strgt = objRecordSet.Fields("groupType")
    If (strgt ANd &h01) <> 0 then
        Scope = "BuiltIn Local"
    ElseIf (strgt And &h02) <> 0 Then
        Scope = "Global"
    ElseIf (strgt And &h04) <> 0 Then
        Scope = "Domain Local"
    ElseIf (strgt And &h08) <> 0 Then
        Scope = "Universal"
    End If
    If (strgt And &h80000000) <> 0 Then
        SecDst = "Security Type"
    Else
        SecDst = "Distribution Type"
    End If

    'strDN Prints ex CN=IIS_WPG,OU=IT Dept,OU=Groups,DC=XXXX,DC=com   Sweet!!!
    'Wscript.Echo  strDN

    Set objGroup = GetObject("LDAP://" & strDN & "")
   
    For Each objUser in objGroup.Members
    'The mid function is set to start at char 4 on the returned string of objUser.Name to not write CN= to the csv file
    'If you wanted to only write certain groups and their members to the CSV file then uncomment the line below and the end if and follow the example
    'If strSA = "Domain Admins" or strSA = "Administrators" or strSA = "Enterprise Admins"
          GuyFile.WriteLine(strSA & dil & objUser.displayName & dil & mid(objUser.Name,4) & dil & Scope & dil &  SecDst & dil & objUser.PasswordLastChanged)
    'End If
     Next
    objRecordSet.MoveNext ' moves to next member in group
Loop


GuyFile.Close
objConnection.Close
PathtoCSV = nothing
Set objConnection = Nothing
Set objCommand = Nothing
Set objRootDSE = Nothing
Set objRecordSet = Nothing
WScript.Echo "Done! CSV file saved to: " & PathtoCSV

Comments

Popular posts from this blog

Excel document for pinging list of computers VBA

Here is an excel document I created that will ping a list of nodes in column A and give results in column B. There are much better tools that can be used such as angry ip scanner  http://www.angryip.org/w/Home . I just wrote this as an example Requirements: Tested with Office 2010 Download: Download

Powershell - Com+ Application Recycle

Needed a script to recycle a com+ application nightly and this is what i came up with. This script will write each recycle it does to the event log under application. Run locally or via a scheduled task. #Recycle COM+ Application and write to the event log the status # 1.0 Release # Run script locally # Write to the event log ######################################## #Configurable ######################################## #Com+ ApplicationName $ComPlusLikeAppName = "Put the name of Com+ Application here a like statement is used to eval so you can get away with putting part of it" #EventLog to write to. $eventlog = "Application" #Source for eventlog. $source = "RecycleComObject" #Successful Event ID $SEventID = 0 #Error Event ID $EEventID = 666 #Process that COM+ runs under $process = "dllhost.exe". ######################################## #Clear $CurrentMemory = $null $PRocessID = $null $Commandline = $null $GUID = $null $AppID = $null $Messag

Powershell : Certutil Find Expired Certs on CA server

Wrote this to get certificate expiration information for certificates that expired 5 days ago to ones that expire in 90 days. Wrap an invoke-command around this for remote query. $Before = (get-date).adddays(90).ToString("MM/dd/yyyy") $After = (get-date).AddDays(-5).ToString("MM/dd/yyyy") <# https://blogs.technet.microsoft.com/poshchap/2016/01/01/powershell-and-certutil-exe/ We create a date range with $Before, i.e. certificates expiring before this date, and $After, i.e. certificates expiring after this date. These values are converted into something that certutil can understand - $Restrict. This is then used with the certutil -restrict parameter. #> $Restrict = "NotAfter<=$Before,NotAfter>=$After" $Report = @() $cmd = & certutil.exe -view -restrict $Restrict -out "RequesterName,CommonName,Certificate Expiration Date","Certificate Template" $SplitLines = $cmd.Split("`n`r") $Index = 0 foreach ($line in $Sp