none
Export AD Group Membership

    Question

  • Hi there,

    I got a few scripts in Vbs, batch and Powershell that export AD group membership to text file. However, all these scripts only export members in the local domain where the group is.

    Any workaround to export members from other domain as well? In ADUC, I can see all the members.

    Thanks in advance.

    Regards,

    Yong Hwee

    Friday, August 26, 2011 4:09 PM

Answers

    • Marked as answer by Yong Hwee Wednesday, August 31, 2011 6:31 AM
    Friday, August 26, 2011 4:24 PM
  • You can also use Dsget Group command:

    dsget group "CN=Group1,DC=domain,DC=com" –members –expand

    However, it will resolve to ForeignSecurityPrincipals.  You can easily covert them based on the domain SID and objectSID.


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX

    Blogs - http://blogs.sivarajan.com/
    Articles - http://www.sivarajan.com/publications.html
    Twitter: @santhosh_sivara - http://twitter.com/santhosh_sivara
    This posting is provided AS IS with no warranties,and confers no rights.
    Friday, August 26, 2011 4:45 PM
  • Hi,

     

    Quest power shell 

     

    # Requires Quest Active Directory Extension
    # Get date for file name
    $day = Get-Date -UFormat "%Y%m%d"
     
    $count = 0
    $groups = Get-QADGroupMember "Group name"
    foreach ($group in $groups)
     { $count++
     $members = Get-QADGroupMember $group.DisplayName
     }
    $members | sort-object | select DisplayName | get-unique -asstring | Export-Csv -Path $day-members.csv

     

    Change the domain name and use the vbs below and export membership information of all the groups in any domain

    http://gallery.technet.microsoft.com/scriptcenter/8ce88238-8e85-4d34-a356-ddd5660ec49a

    I think you have read access to other domain

     

     

    Use the vbs below if you want to export group membership of a particular script

     

     

    On Error Resume Next

     

    Set objGroup = GetObject _

    (“LDAP://CN=Health Group,OU=health,OU=Test Users,DC=mydomain,DC=int”)

    objGroup.GetInfo

     

    arrMemberOf = objGroup.GetEx(“member”)

     

    Dim fso, file1

    Set fso = CreateObject(“Scripting.FileSystemObject”)

    Set file1 = fso.OpenTextFile(“c:\groupmembers.xls”,2, True)

     

    file1.WriteLine(“Name ” & Chr(9) & “Description”)

     

    For Each strMember in arrMemberOf

     

    Set objUserS = GetObject(“LDAP://” & strMember)

    objUserS.GetInfo

    file1.WriteLine(objUserS.Get(“displayName”) )

    Next

     

    fso.Close

    msgBox “Done”


    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.


    • Marked as answer by Yong Hwee Wednesday, August 31, 2011 6:31 AM
    Friday, August 26, 2011 4:55 PM

All replies

    • Marked as answer by Yong Hwee Wednesday, August 31, 2011 6:31 AM
    Friday, August 26, 2011 4:24 PM
  • You can also use Dsget Group command:

    dsget group "CN=Group1,DC=domain,DC=com" –members –expand

    However, it will resolve to ForeignSecurityPrincipals.  You can easily covert them based on the domain SID and objectSID.


    Santhosh Sivarajan | MCTS, MCSE (W2K3/W2K/NT4), MCSA (W2K3/W2K/MSG), CCNA, Network+ Houston, TX

    Blogs - http://blogs.sivarajan.com/
    Articles - http://www.sivarajan.com/publications.html
    Twitter: @santhosh_sivara - http://twitter.com/santhosh_sivara
    This posting is provided AS IS with no warranties,and confers no rights.
    Friday, August 26, 2011 4:45 PM
  • Hi,

     

    Quest power shell 

     

    # Requires Quest Active Directory Extension
    # Get date for file name
    $day = Get-Date -UFormat "%Y%m%d"
     
    $count = 0
    $groups = Get-QADGroupMember "Group name"
    foreach ($group in $groups)
     { $count++
     $members = Get-QADGroupMember $group.DisplayName
     }
    $members | sort-object | select DisplayName | get-unique -asstring | Export-Csv -Path $day-members.csv

     

    Change the domain name and use the vbs below and export membership information of all the groups in any domain

    http://gallery.technet.microsoft.com/scriptcenter/8ce88238-8e85-4d34-a356-ddd5660ec49a

    I think you have read access to other domain

     

     

    Use the vbs below if you want to export group membership of a particular script

     

     

    On Error Resume Next

     

    Set objGroup = GetObject _

    (“LDAP://CN=Health Group,OU=health,OU=Test Users,DC=mydomain,DC=int”)

    objGroup.GetInfo

     

    arrMemberOf = objGroup.GetEx(“member”)

     

    Dim fso, file1

    Set fso = CreateObject(“Scripting.FileSystemObject”)

    Set file1 = fso.OpenTextFile(“c:\groupmembers.xls”,2, True)

     

    file1.WriteLine(“Name ” & Chr(9) & “Description”)

     

    For Each strMember in arrMemberOf

     

    Set objUserS = GetObject(“LDAP://” & strMember)

    objUserS.GetInfo

    file1.WriteLine(objUserS.Get(“displayName”) )

    Next

     

    fso.Close

    msgBox “Done”


    Disclaimer: This posting is provided AS-IS with no warranties or guarantees and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.


    • Marked as answer by Yong Hwee Wednesday, August 31, 2011 6:31 AM
    Friday, August 26, 2011 4:55 PM
  • See this for Quest powershell, you will find all Prerequisites and implementation plan.

    http://social.technet.microsoft.com/wiki/contents/articles/quest-powershell-for-active-directory.aspx 

     

     


    Best regards Biswajit Biswas Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. MCP 2003,MCSA 2003, MCSA:M 2003, CCNA, MCTS, Enterprise Admin
    Saturday, August 27, 2011 5:53 AM
  • Hi Guys,

    Thanks for all the replies. I have tried all the suggestions and they work.

    Thanks for sharing.

    Regards,

    Yong Hwee

    Wednesday, August 31, 2011 6:31 AM