dump in file from users, groups and membership

dump in file from users, groups and membership: Posted by Matthias on December 17th, 2003; Hi all,

does someone know how I can create a dump in a file from
all users, groups and group membership? It would be good
for documentation.
It would be nice if someone could tell me this for NT4
domain and Windows 2003 Active Directory.

Many thanks
Matthias; Posted by Richard Mueller [MVP] on December 17th, 2003; Matthias wrote:

Hi,

A quick VBScript program to dump out a list of all users and the groups they
belong to, plus all groups and their members, could be:

Option Explicit
Dim objDomain, objUser, objGroup

Set objDomain = GetObject("WinNT://MyDomain")
objDomain.Filter = Array("user")

For Each objUser In objDomain
Wscript.Echo "User: " & objUser.Name
For Each objGroup In objUser.Groups
Wscript.Echo "-- Member of group: " & objGroup.Name
Next
Next

objDomain.Filter = Array("group")

For Each objGroup In objDomain
Wscript.Echo "Group: " & objGroup.Name
For Each objUser In objGroup.Members
Wscript.Echo "-- Member: " & objUser.Name
Next
Next

Similar code could dump out computer accounts. Note that the group members
can be computer objects (the names of computers end in "$"). This program
only reveals direct group membership (no nested group memberships). Since it
uses the WinNT provider, it will work in NT and AD domains. It should be run
at a command prompt with the cscript host. The output can be large, but it
can be redirected to a text file. For example, if the code is in a file
called Dump.vbs, the output can be dumped into the text file Dump.txt as
follows:

cscript //nologo Dump.vbs > Dump.txt

Also, note that this does not reveal any of the AD structure, so you cannot
tell in which container or OU the objects reside. To reveal AD structure and
nested groups, you must use the LDAP provider. An example program using LDAP
and ADO to document all groups in the domain and their membership is linked
on this page:

http://www.rlmueller.net/Document%20Domain%20Groups.htm

A sample VBScript program to document all user Distinguished Names in a
domain:

http://www.rlmueller.net/Create%20User%20List%202.htm

And, a sample program to document all groups that one user belongs to:

http://www.rlmueller.net/List%20User%20Groups.htm

Finally, you can use the csvde and ldifde command line utilites to dump out
user information from AD. In addition, W2k3 has the DSGet and DSQuery
command line utilities. Each has syntax help at the command line (on the
server).

--
Richard
Microsoft MVP Scripting and ADSI
HilltopLab web site - http://www.rlmueller.net
--

Similar Posts

Adding users to groups (Security & Administration) by Sigmundur Jonsson
Users Groups or Non Administrators (Security & Administration) by Chip1035
Local Users and Groups (Microsoft Windows) by Lee
Users and Groups on Windows XP (Security & Administration) by kay quisenberry
groups(creating users) (Windows CRM) by g