How can I use a script to display members of an Active Directory (AD) group?

A. The easiest way to use a script to view the members of a group is to use the ability of Active Directory Service Interfaces (ADSI) to fetch the member attribute of a group object and recursively display each item. The following script, which you can download here, does just that.

On Error Resume Next

' Check all arguments required have been passed
If Wscript.Arguments.Count 
I executed the script by running the following command:

D:\projects\VBScripts>cscript displaygroup.vbs "cn=members,ou=justice league,dc=savilltech,dc=com"
To produce this output:

Members:
CN=Barry Allen,OU=Justice League,DC=savilltech,DC=com
CN=Kara Zor-El,OU=Justice League,DC=savilltech,DC=com
CN=Helena Bertinelli,OU=Justice League,DC=savilltech,DC=com
CN=Ted Kord,OU=Justice League,DC=savilltech,DC=com
CN=Jason Todd,OU=Justice League,DC=savilltech,DC=com
CN=Dick Grayson,OU=Justice League,DC=savilltech,DC=com

You can modify the script to output different information about the user. For example, by changing the For...Next loop code, you can also display the SAM name, as the following example shows:

For Each strMember in arrMemberOf
    Set objUser = GetObject("LDAP://" & strMember)
    WScript.echo objUser.sn & " - " & strMember
Next
Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish