Thursday, April 22, 2021

Enumerate Active Directory Group Members

Want to share a script? Click here to contribute!

Shane Boudreaux



Script will enumerate group members, based on an Active Directory Group name.

Scroll down to view the script.

Enumerate Active Directory Group Members

''  Enumerate Active Directory Group Members
''  Author:		Shane Boudreaux
''  Start Date:		5/22/07
''  Last Modified:	5/22/07

On Error Resume Next
Const ForAppending = 8
Const DOMAIN = "LDAP://DC=YourDomain,DC=com"
Const GROUPFOOTER = "====================="

Dim groupName

'' prompt user for FULL group name
groupName = inputbox("Enter Full Group Name")

'' check if output file exists; create if doesn''t exist
fileExists "c:members.txt"

'' find the group and output members to text file
findGroup groupName

wscript.echo "DONE!"
'' display results text file

Private Sub findGroup(grp)


	Set objConnection = CreateObject("ADODB.Connection")
	Set objCommand =CreateObject("ADODB.Command")
	objConnection.Provider = "ADsDSOObject"
	objConnection.Open "Active Directory Provider"
	Set objCommand.ActiveConnection = objConnection

	objCommand.Properties("Page Size") = 5000
	objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 

	objCommand.CommandText = "SELECT ''distinguishedName'' FROM ''" & DOMAIN & "'' WHERE objectCategory=''group'' " & _
		"AND Name=''" & grp & "*''"

	Set objRecordSet = objCommand.Execute

	Do Until objRecordSet.EOF
		group = objRecordSet.Fields("distinguishedName").Value
				getMembers group
End Sub

Private Sub getMembers(grp)
	Set objGroup = GetObject ("LDAP://" & grp)
	arrMemberOf = objGroup.GetEx("member")
	text = GROUPHEADER & vbcrlf & vbtab & grp & vbcrlf & GROUPFOOTER & vbcrlf & "MEMBERS:" & vbcrlf & GROUPFOOTER & vbcrlf
	For Each strMember in arrMemberOf
		''Dim temp
		''temp = pwdExpire(strMember)
		''strMember = strMember & vbcrlf & temp
		text = text & strMember & vbcrlf
	AppendToFile text
End Sub

Private Sub AppendToFile(text)
	Set objFSO = CreateObject("Scripting.FileSystemObject")
	Set objFile = objFSO.OpenTextFile("C:members.txt", ForAppending)
	If text  "" Then
		objFile.WriteLine text
		objFile.WriteLine "No Members OR Incorrect Input"
	End If
End Sub

Private Sub openFile()
	Const WIN_STYLE = 4
	Set objShell = WScript.CreateObject("WScript.Shell")
	objShell.Run "notepad.exe c:members.txt", WIN_STYLE
End Sub

Private Sub fileExists(file)
	'' NOTE: param file must be full path and file name!
	Set objFSO = CreateObject("Scripting.FileSystemObject")

	If objFSO.FileExists(file) Then
Exit Sub
	Else	'' Create File if DOESN''t Exist
Set objFSO = CreateObject("Scripting.FileSystemObject")
		Set objFile = objFSO.CreateTextFile(file)
	End If
End Sub

Private Function pwdExpire(user)
	Const SEC_IN_DAY = 86400
	Dim retVal
	Set objUserLDAP = GetObject("LDAP://" & user)
	intCurrentValue = objUserLDAP.Get("userAccountControl")
	If intCurrentValue and ADS_UF_DONT_EXPIRE_PASSWD Then
retVal = vbTab & "Password does NOT expire."
dtmValue = objUserLDAP.PasswordLastChanged 
retVal = vbTab & "The password was last changed on " & _
DateValue(dtmValue) & " at " & TimeValue(dtmValue) & VbCrLf & _
vbTab & "The difference between when the password was last set" &  _
"and today is " & int(now - dtmValue) & " days"
intTimeInterval = int(now - dtmValue)
Set objDomainNT = GetObject("WinNT://its")
intMaxPwdAge = objDomainNT.Get("MaxPasswordAge")
If intMaxPwdAge = intMaxPwdAge Then
  retVal = retVal & vbcrlf & vbtab & vbtab & "The password has expired."
  retVal = retVal & vbcrlf & vbtab & vbtab & "The password will expire on " & _
  DateValue(dtmValue + intMaxPwdAge) & " (" & _
 int((dtmValue + intMaxPwdAge) - now) & " days from today" & _
End If
End If
	End If
	pwdExpire = retVal
End Function

Disclaimer: We hope that the information in these pages is valuable to you. Your use of the information contained in these pages, however, is at your sole risk. All information on these pages is provided “as -is”, without any warranty, whether express or implied, of its accuracy, completeness, fitness for a particular purpose, title or non-infringement, and none of the third-party products or information mentioned in the work are authored, recommended, supported or guaranteed by me. I shall not be liable for any damages you may sustain by using this information, whether direct, indirect, special, incidental or consequential, even if it has been advised of the possibility of such damages.

Similar articles

Latest Articles

Top Cloud Service Providers...

Surveying the top cloud computing companies in 2021 goes way beyond AWS vs. Azure vs. Google. While those three are inarguable cloud leaders, the...

IT Planning During a...

Without a doubt, 2020 changed everything. I like to compare it to a science fiction movie where time travel is involved. Clearly, we have...

Best Data Quality Tools...

Data quality is a critical issue in today’s data centers. The complexity of the Cloud continues to grow, leading to an increasing need for...

NVIDIA’s New Grace ARM/GPU...

This week is NVIDIA’s GTC, or GPU Technology Conference, and they likely should have changed the name to ATC because this year – it...