Recursive Group Export

1 Vote

Written by Carlton Colter
Monday, 04 February 2008 00:00
Do you need to export groups from active directory? What if a group is inside another group? How do you export them all when you need to know who the people are that are members of a single group after following the trail through each group? With this script, the Recursive Group Export script, you can find out. This script exports the users that are a member of the group either directly or through another group. For example if John is a member of the admin group and the admin group is a member of the cool group and the cool group is in the organizational unit you are running this script against, then it will show that John is part of the cool group. But also, if you have Mark who is a member of the expert group, and the expert group is a member of the cool group, it will show Mark. It will also show why Mark is part of the cool group so that you don't have to trace the membership that caused him to be included. With some minor modifications, it can be scheduled to run daily using scheduled task, then run to export to a folder. Script Code: '************************************************************************************ 'Script Name: RecursiveGroupExport.vbs 'Author : Carlton Colter 'Purpose : To export groups recursively to see who the members really are 'Created : 2/4/2008 - modified 12/26/2009 for Geb '********************************************************************************** '************************************************************************************ ' GLOBAL VARIABLES Set FS = CreateObject("Scripting.FileSystemObject") Set TXT_GROUP_MEMBERS = FS.OpenTextFile("Group Members.txt", 2, True) Sub RecurseGroup (ParentName, GroupName, oGroup) Dim Group For Each Member in oGroup.Members Group = False For Each sClass in Member.ObjectClass If UCase(sClass) = "GROUP" Then Group = True End If Next if Group = True Then RecurseGroup ParentName, GroupName & " > " & Member.cn, Member else TXT_GROUP_MEMBERS.WriteLine ParentName & vbTab & GroupName & vbTab & Member.cn end if Next End Sub sub OULoopRun (OU) ou.Filter = Array("Group") For Each Group in ou RecurseGroup Group.cn, Group.cn, Group Next ou.Filter = Array("OrganizationalUnit") For Each subOU in ou OULoopRun subOU Next End Sub ' Run the main program and display COMPLETED! when done ' Get the desired OU to export ROOTOU = Inputbox("Please enter the DN for the root of the domain:", "ROOT DISTINGUISHED NAME", ROOTOU) if ROOTOU <> "" then Set TOU = GetObject("LDAP://" & ROOTOU) TXT_GROUP_MEMBERS.WriteLine "Root Group" & vbTab & "Group" & vbTab & "Member" OULoopRun TOU END IF TXT_GROUP_MEMBERS.Close MsgBox "COMPLETED!",48,"GROUPEXPORT"
Last Updated ( Saturday, 26 December 2009 14:55 )

3 Comments

Feed

Geb makes this comment

Tuesday, 22 December 2009

I was looking for a script to start with and in my case I want to extend it to list all the groups and subgroups with memebers.

Parent Group --> Subgroup1 -->Subgroups2 --Subgroup3 --- Users list
Carlton makes this comment

Saturday, 26 December 2009

I think that is a great idea, so I am modifying the script to show the export group, the full path, and the member.
Geb makes this comment

Monday, 28 December 2009

It works great! Thanks a lot!