+ Reply to Thread
Page 1 of 2 1 2 Last
Results 1 to 25 of 28
  1. Open Sorcerer vCole's Avatar
    Join Date
    Mar 2008
    Location
    Massachusetts
    Posts
    1,561

    Certifications
    Solarwinds Certified Professional, MCSA, MCDST,MCTS:Vista Config,MCITP:EST, CIW v5 Associate, Network+
    #1

    Default List users in groups in AD

    My boss wants me to list all users in all groups in AD.

    How would I do this? I'm assuming a VB script? Which I have never used before

    help?
    Reply With Quote Quote  


  2. Login/register to remove this advertisement.
  3. Senior Member
    Join Date
    Mar 2007
    Posts
    12,320
    #2
    HP, where's your powershell script?
    Reply With Quote Quote  

  4. Open Sorcerer vCole's Avatar
    Join Date
    Mar 2008
    Location
    Massachusetts
    Posts
    1,561

    Certifications
    Solarwinds Certified Professional, MCSA, MCDST,MCTS:Vista Config,MCITP:EST, CIW v5 Associate, Network+
    #3
    Quote Originally Posted by dynamik View Post
    HP, where's your powershell script?

    eh?

    Dell servers.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Mar 2007
    Posts
    12,320
    #4
    Just wait, you'll see
    Reply With Quote Quote  

  6. Senior Member meadIT's Avatar
    Join Date
    Aug 2006
    Location
    Central VA
    Posts
    579

    Certifications
    Ran out of room :(
    #5
    What's a PowerShell?





    (contributes to the devaluation of the royal™)
    Reply With Quote Quote  

  7. Senior Member Vogon Poet's Avatar
    Join Date
    Jun 2006
    Location
    upstate NY
    Posts
    293

    Certifications
    A+ Net+ Security+ MCP (70-290)
    #6
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Jan 2008
    Posts
    1,946

    Certifications
    MCITP: EA, EMA; MCSE 2000/2003: M; MCSE 2000: S; MCSA 2000/2003: S; MCTS: ISA 2006; VCP3/4
    #7
    Me thinks dynamik was referring to yours truly.

    Go get the quest AD cmdlets and powershell:

    www.microsoft.com/powershell
    http://www.quest.com/activeroles-server/arms.aspx

    Ensure you launch the Quest Powershell tool, not a normal Powershell session (under start - programs - Quest).

    You're wanting to enumerate every group?!

    $groups = get-qadgroup * -sizelimit 0
    $groups | foreach-object {get-qadgroupmember}

    Try that, but we're gonna have to play around with it to get it in the format you want. Post back with a sample and description of the output you receive.

    Surely he's not looking to see every freaking group membership. Are there certain groups he wants to see perhaps?
    Reply With Quote Quote  

  9. Open Sorcerer vCole's Avatar
    Join Date
    Mar 2008
    Location
    Massachusetts
    Posts
    1,561

    Certifications
    Solarwinds Certified Professional, MCSA, MCDST,MCTS:Vista Config,MCITP:EST, CIW v5 Associate, Network+
    #8
    Quote Originally Posted by HeroPsycho View Post
    Me thinks dynamik was referring to yours truly.

    Go get the quest AD cmdlets and powershell:

    www.microsoft.com/powershell
    http://www.quest.com/activeroles-server/arms.aspx

    Ensure you launch the Quest Powershell tool, not a normal Powershell session (under start - programs - Quest).

    You're wanting to enumerate every group?!

    $groups = get-qadgroup * -sizelimit 0
    $groups | foreach-object {get-qadgroupmember}

    Try that, but we're gonna have to play around with it to get it in the format you want. Post back with a sample and description of the output you receive.

    Surely he's not looking to see every freaking group membership. Are there certain groups he wants to see perhaps?
    She wants like a list of the users and what groups they're in.

    Like

    USER GROUP MEMBERSHIPS
    name xxxx,xxxx,xxx



    Or how can I output a list per group. Say, administrators and I want to find out who's in it and have it output to a txt file.
    Reply With Quote Quote  

  10. Infrequent Poster Silver Bullet's Avatar
    Join Date
    Aug 2004
    Posts
    677

    Certifications
    A+, Network+, Server+, APS, MCP, MCSA:M 2003 MCSE 2003 MCTS(70-649), VCP3, VCP4, VCP5, TCSE, CCNA, DCUCSS, CCNP, CCIE
    #9
    This would do what you want (separate list for each group), but you would need to do it manually for each group

    Code:
    dsquery group -name Administrators | dsget group -members >c:\administrators.txt
    That could possibly be scripted... if I get a sec I'll see if I can write one out.
    Reply With Quote Quote  

  11. Senior Member
    Join Date
    Jan 2008
    Posts
    1,946

    Certifications
    MCITP: EA, EMA; MCSE 2000/2003: M; MCSE 2000: S; MCSA 2000/2003: S; MCTS: ISA 2006; VCP3/4
    #10
    get-qaduser * -sizelimit 0 | select name,memberof | export-csv report.csv

    If you want additional information in the report, use:

    get-qaduser * -includeallproperties | get-member

    Take a look at all the properties available, and add them into the select list above. For example, if you also wanted to include "city" in the report...

    get-qaduser * -sizelimit 0 | select name,memberof,city | export-csv report.csv

    Hope this helps!
    Reply With Quote Quote  

  12. Senior Member
    Join Date
    Jan 2008
    Posts
    1,946

    Certifications
    MCITP: EA, EMA; MCSE 2000/2003: M; MCSE 2000: S; MCSA 2000/2003: S; MCTS: ISA 2006; VCP3/4
    #11
    Quote Originally Posted by FadeToBright View Post
    Or how can I output a list per group. Say, administrators and I want to find out who's in it and have it output to a txt file.
    get-qadgroupmember "domain admins" | export-csv report.csv

    You can also use convertto-html for a webpage formatted report, too.
    Reply With Quote Quote  

  13. New Member royal's Avatar
    Join Date
    Jul 2006
    Location
    Chicago, IL
    Posts
    3,373
    #12
    Come on HP, dynamik said he wanted some scripts, not some cmdlets! Let's see you bust out some scripting!
    Reply With Quote Quote  

  14. Senior Member
    Join Date
    Jan 2008
    Posts
    1,946

    Certifications
    MCITP: EA, EMA; MCSE 2000/2003: M; MCSE 2000: S; MCSA 2000/2003: S; MCTS: ISA 2006; VCP3/4
    #13
    I'm at work. I'll make a simple script tonight if you're that needy for it. LOL...
    Reply With Quote Quote  

  15. New Member royal's Avatar
    Join Date
    Jul 2006
    Location
    Chicago, IL
    Posts
    3,373
    #14
    Fade, do you still need something? I can script you out something if you need in PowerShell that'll go out and parse all groups and dump their users into a CSV for each group and without needing the Quest Snapin. Let me know and I'll write it up quick for you.
    Reply With Quote Quote  

  16. Senior Member
    Join Date
    Jan 2008
    Posts
    1,946

    Certifications
    MCITP: EA, EMA; MCSE 2000/2003: M; MCSE 2000: S; MCSA 2000/2003: S; MCTS: ISA 2006; VCP3/4
    #15
    Reply With Quote Quote  

  17. Open Sorcerer vCole's Avatar
    Join Date
    Mar 2008
    Location
    Massachusetts
    Posts
    1,561

    Certifications
    Solarwinds Certified Professional, MCSA, MCDST,MCTS:Vista Config,MCITP:EST, CIW v5 Associate, Network+
    #16
    Quote Originally Posted by royal View Post
    Fade, do you still need something? I can script you out something if you need in PowerShell that'll go out and parse all groups and dump their users into a CSV for each group and without needing the Quest Snapin. Let me know and I'll write it up quick for you.

    That would be terrific, honestly.
    Reply With Quote Quote  

  18. New Member royal's Avatar
    Join Date
    Jul 2006
    Location
    Chicago, IL
    Posts
    3,373
    #17
    Quote Originally Posted by FadeToBright View Post
    That would be terrific, honestly.
    Well, here's what's done so far if you want to check it out. All it'll do is dump the data to the Powershell window in a very unorganized member but the below will get every group in AD and dump the membership out.

    Still need to finish the outputting. Do you want it in an excel? It'd be much easier for me to create a new folder on C:\, create a new Excel for every group, and dump the membership in there.

    Let me know. I love taking requests for scripts as it actually motivates me to script and learn.

    $erroractionpreference = "SilentlyContinue"
    function Get-GroupMembers {
    $filter = "(objectCategory=Group)"
    $objSearcher = New-Object System.DirectoryServices.DirectorySearcher
    $objSearcher.Filter = $filter
    $colResults = $objSearcher.FindAll()
    $ldapGroup = @()
    $group = @()

    foreach ($group in $colResults) {
    $group = $group.properties
    $ldapGroup += $group.adspath
    }

    foreach ($aGroup in $ldapGroup) {
    $a = $aGroup
    $b = [ADSI]"$aGroup"
    foreach ($member in $b.member) { $member }
    }

    }
    get-GroupMembers
    Reply With Quote Quote  

  19. Senior Member
    Join Date
    Jan 2008
    Posts
    1,946

    Certifications
    MCITP: EA, EMA; MCSE 2000/2003: M; MCSE 2000: S; MCSA 2000/2003: S; MCTS: ISA 2006; VCP3/4
    #18
    If you use Royal's script, and you're not familiar with PowerShell, couple of things you need to know to make the magic happen...

    A. Copy the text he has into a notepad file, and save it as scriptfilename.ps1
    B. Start PowerShell.
    C. Use the following command to allow scripts that have not been digitally signed:

    set-executionpolicy unrestricted

    D. Type the full pathname of the script, or if you're already in the same directory where the script file is stored, ensure you put a backslash before the filename, or use tab to autocomplete.
    E. When you're finished, use the following command to only allow digitally signed scripts to run as a security precaution if you're typically not running scripts:

    set-executionpolicy Restricted

    The above is why I proposed installing the Quest AD CMDLets and running this:

    get-qaduser * -sizelimit 0 | select name,memberof | export-csv report.csv

    In this case, a one liner is easier for you if you're trying to get a solution.

    Royal and I differ on how to do this, and there's nothing wrong with either way. Royal's method doesn't require you to install anything other than PowerShell, and it helps him to learn/practice different scripting techniques. I prefer to leverage CMDLets someone else already made. I just want to get the results I'm looking for the quickest, most efficient way. You will get better results using my method of leveraging prebuilt CMDLets in the short run, but you'll learn how to script better using Royal's way in the long run.
    Reply With Quote Quote  

  20. Senior Member
    Join Date
    Jul 2007
    Posts
    1,198
    #19
    Royal how about a script migrating Exchange 03 mailbox to Exchange 07
    Reply With Quote Quote  

  21. New Member royal's Avatar
    Join Date
    Jul 2006
    Location
    Chicago, IL
    Posts
    3,373
    #20
    Reply With Quote Quote  

  22. Open Sorcerer vCole's Avatar
    Join Date
    Mar 2008
    Location
    Massachusetts
    Posts
    1,561

    Certifications
    Solarwinds Certified Professional, MCSA, MCDST,MCTS:Vista Config,MCITP:EST, CIW v5 Associate, Network+
    #21
    Quote Originally Posted by royal View Post
    Well, here's what's done so far if you want to check it out. All it'll do is dump the data to the Powershell window in a very unorganized member but the below will get every group in AD and dump the membership out.

    Still need to finish the outputting. Do you want it in an excel? It'd be much easier for me to create a new folder on C:\, create a new Excel for every group, and dump the membership in there.

    Let me know. I love taking requests for scripts as it actually motivates me to script and learn.

    I don't even know if that server has excel on it.

    Thanks Royal/HP/Dynamik for all the help!
    Reply With Quote Quote  

  23. Senior Member Pash's Avatar
    Join Date
    Nov 2006
    Location
    United Kingdom
    Posts
    1,608

    Certifications
    MCSA 2003, JNCIA-FWV, Security+ Expired: CCNA
    #22
    This is really useful for me too!

    Are you guys just using the MSDN .net class library to search for proper uses?

    I found royals class here:-

    DirectorySearcher Class (System.DirectoryServices)

    Note: They don't have powershell syntax examples yet, I hope they will soon.

    I still don't understand the construction of the variable $group in the foreach loop though. $group.properties for example. How did we get there?

    Maybe I need to read on and stop jumping the gun, but that's just me
    Reply With Quote Quote  

  24. Open Sorcerer vCole's Avatar
    Join Date
    Mar 2008
    Location
    Massachusetts
    Posts
    1,561

    Certifications
    Solarwinds Certified Professional, MCSA, MCDST,MCTS:Vista Config,MCITP:EST, CIW v5 Associate, Network+
    #23
    So, is there a way I can make a good looking report out of this, or do I need to dump it into an excel file and go from there?


    Just trying to make myself look good guys
    Reply With Quote Quote  

  25. Senior Member
    Join Date
    Jan 2008
    Posts
    1,946

    Certifications
    MCITP: EA, EMA; MCSE 2000/2003: M; MCSE 2000: S; MCSA 2000/2003: S; MCTS: ISA 2006; VCP3/4
    #24
    FadeToBright,

    You can make with PowerShell webpage reports with custom formatting using ConvertTo-HTML, CSV files you can open and manipulate with Excel if you have Excel skills using export-csv, and you can also create Excel spreadsheets via COM object capability from PowerShell that Royal has done in his script.

    To use my one liner or Royal's script, you do NOT have to run it from the domain controller. Use either from your workstation with PowerShell, and if using my one liner, have the Quest AD CMDlets installed as well. Of course, you could use my one liner on the server to generate the CSV file report without Excel, too. Then copy it from there to a workstation with Excel, and pretty it up there.

    It's all about what you want to do, what skills you're comfortable with, etc.
    Reply With Quote Quote  

  26. Open Sorcerer vCole's Avatar
    Join Date
    Mar 2008
    Location
    Massachusetts
    Posts
    1,561

    Certifications
    Solarwinds Certified Professional, MCSA, MCDST,MCTS:Vista Config,MCITP:EST, CIW v5 Associate, Network+
    #25
    Quote Originally Posted by HeroPsycho View Post
    FadeToBright,

    You can make with PowerShell webpage reports with custom formatting using ConvertTo-HTML, CSV files you can open and manipulate with Excel if you have Excel skills using export-csv, and you can also create Excel spreadsheets via COM object capability from PowerShell that Royal has done in his script.

    To use my one liner or Royal's script, you do NOT have to run it from the domain controller. Use either from your workstation with PowerShell, and if using my one liner, have the Quest AD CMDlets installed as well. Of course, you could use my one liner on the server to generate the CSV file report without Excel, too. Then copy it from there to a workstation with Excel, and pretty it up there.

    It's all about what you want to do, what skills you're comfortable with, etc.
    I've never done either, so I'm really unsure of what's easier.
    Reply With Quote Quote  

+ Reply to Thread
Page 1 of 2 1 2 Last

Social Networking & Bookmarks