none
Count users who are members of 100 groups or more. RRS feed

  • Question

  • Hi, folks.

    I've been asked to somehow count how many users in AD are members of more than 100 groups.

    This is probably not that difficult using scripts but since I know next to zero about scripting, I was wondering if anyone could help.

    Thanks a lot!

    Demerson
    Tuesday, September 9, 2008 2:31 PM

Answers

  • try this

    On Error Resume Next
    Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D
     
    Set objUser = GetObject _
        ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
     
    intPrimaryGroupID = objUser.Get("primaryGroupID")
    arrMemberOf = objUser.GetEx("memberOf")
     
    If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
        WScript.Echo "The memberOf attribute is not set."
    Else
        WScript.Echo "Member of: "
        For Each Group in arrMemberOf
            WScript.Echo Group
        Next
    End If
     
    Set objConnection = CreateObject("ADODB.Connection")
    objConnection.Open "Provider=ADsDSOObject;"

    Set objCommand = CreateObject("ADODB.Command")
    objCommand.ActiveConnection = objConnection
    objCommand.CommandText = _
        "<LDAP://dc=NA,dc=fabrikam,dc=com>;(objectCategory=Group);" & _
            "distinguishedName,primaryGroupToken;subtree" 
    Set objRecordSet = objCommand.Execute
     
    Do Until objRecordset.EOF
        If objRecordset.Fields("primaryGroupToken") = intPrimaryGroupID Then
            WScript.Echo "Primary group:"
            WScript.Echo objRecordset.Fields("distinguishedName") & _
                " (primaryGroupID: " & intPrimaryGroupID & ")"
        End If
        objRecordset.MoveNext
    Loop
     
    objConnection.Close



    http://www.microsoft.com/technet/scriptcenter/scripts/ad/groups/adgpvb17.mspx?mfr=true

    Tuesday, September 9, 2008 9:44 PM
  •  Howdie!

    Probably a not so easy thing to do. You'd basically have to run through all users you can find in the domain and for all those users, you have to look at the "memberOf" attribute and count the number.

    I'm currently not aware of a script that can do that (I've looked at the Scripting Guy's site but they only have a script to count members in AD groups). You could have a look at Richard Mueller's scripting site and see if you can use any of the free samples there:
    http://www.rlmueller.net/

    I guess a little tricking around and copy and pasting some code from other samples could get you somewhere.

    cheers,

    Florian
    Microsoft MVP - Group Policy -- blog: http://www.frickelsoft.net/blog
    Tuesday, September 9, 2008 8:19 PM

All replies

  •  Howdie!

    Probably a not so easy thing to do. You'd basically have to run through all users you can find in the domain and for all those users, you have to look at the "memberOf" attribute and count the number.

    I'm currently not aware of a script that can do that (I've looked at the Scripting Guy's site but they only have a script to count members in AD groups). You could have a look at Richard Mueller's scripting site and see if you can use any of the free samples there:
    http://www.rlmueller.net/

    I guess a little tricking around and copy and pasting some code from other samples could get you somewhere.

    cheers,

    Florian
    Microsoft MVP - Group Policy -- blog: http://www.frickelsoft.net/blog
    Tuesday, September 9, 2008 8:19 PM
  • try this

    On Error Resume Next
    Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D
     
    Set objUser = GetObject _
        ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
     
    intPrimaryGroupID = objUser.Get("primaryGroupID")
    arrMemberOf = objUser.GetEx("memberOf")
     
    If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
        WScript.Echo "The memberOf attribute is not set."
    Else
        WScript.Echo "Member of: "
        For Each Group in arrMemberOf
            WScript.Echo Group
        Next
    End If
     
    Set objConnection = CreateObject("ADODB.Connection")
    objConnection.Open "Provider=ADsDSOObject;"

    Set objCommand = CreateObject("ADODB.Command")
    objCommand.ActiveConnection = objConnection
    objCommand.CommandText = _
        "<LDAP://dc=NA,dc=fabrikam,dc=com>;(objectCategory=Group);" & _
            "distinguishedName,primaryGroupToken;subtree" 
    Set objRecordSet = objCommand.Execute
     
    Do Until objRecordset.EOF
        If objRecordset.Fields("primaryGroupToken") = intPrimaryGroupID Then
            WScript.Echo "Primary group:"
            WScript.Echo objRecordset.Fields("distinguishedName") & _
                " (primaryGroupID: " & intPrimaryGroupID & ")"
        End If
        objRecordset.MoveNext
    Loop
     
    objConnection.Close



    http://www.microsoft.com/technet/scriptcenter/scripts/ad/groups/adgpvb17.mspx?mfr=true

    Tuesday, September 9, 2008 9:44 PM