JSI Tip 0748. Run a Group/User or User/Group report.

Using the public domain SHOWMBRS program and standard commands, you can generate a CSV (Comma Seperated Value) file that contains GroupName and UserName. The format of the file is:

"GroupName","AccountBase\UserName" where AccountBase is either a Domain Name or a Computer Name.

- If you run the report on a Domain Controller and include the Domain Name parameter, AccountBase will be the Domain Name.

- If you run the report on a Domain Controller and do not include the Domain Name parameter,
  AccountBase will be null for Domain Global Group membership.

- If you run it on a server or a workstation, GroupName will be local and AccountBase will indicate
  wether the UserName is a local or domain account.

You can import the CSV file to a spread sheet, word processor, or data base to produce a nicely formated document. Here is a sample crosstab query made with partial data:

User

Total

Admin-
istrators

Domain
Admins

Domain
Users

Test
Users

Users

JSI\Administrator

3

1

1

1

0

0

JSI\Domain Admins

1

1

0

0

0

0

JSI\Domain Users

1

0

0

0

0

1

JSI\Jennifer

1

0

0

1

0

0

JSI\JERRY

3

1

1

1

0

0

JSI\Test User

2

0

0

1

1

0

JSI\ULTRABAC

3

1

1

1

0

0


You will notice that this script also outputs global group membership in local groups ( JSI/Domain Users is a member of local group Users).

The syntax for running JSIUserRpt.bat is:

JSIUserRpt "<Path>\csvfile.csv" \[Domain Name\] where:

 Parameter   D e s c r i p t i o n 
 "<Path>\csvfile.csv"   The CSV file that will contain the report. 
 Domain Name   The Domain Name, using proper case, if JSIUserRpt is run on a Domain Controller. 

JSIUserRpt.bat contains:

@echo off
If "%1"

"" goto syntax
if exist %1 del /q %1
goto start
:syntax
@echo Syntax: JSIUserRpt Drive:\Path\UserRpt.csv DomainName
goto end
:start
set dom=
if "%2"

"" goto nodom
set dom=%2
set dom=%dom:"=%
:nodom
if exist %TEMP%\UserRpt.log del /q %TEMP%\UserRpt.log
net localgroup /domain|Findstr /b /c:"*" >>%TEMP%\UserRpt.log
net group /domain|Findstr /b /c:"*" >>%TEMP%\UserRpt.log
REM The following is 1 line
for /f "tokens=1-3* delims=*" %%i in (%TEMP%\UserRpt.log) do call :group %1 "%%i"&call :group %1 "%%j"&call :group %1 "%%k"
set fix=
set grp=
set tst=
set dom=
goto end
:group
set grp=
set grp=%2
:strips
set fix=%grp%
REM Next line has 10 spaces between the : and the "
set grp=%grp:          "="%
REM Next line has 5 spaces between the : and the "
set grp=%grp:     "="%
REM Next line has 3 spaces between the : and the "
set grp=%grp:   "="%
set grp=%grp: "="%
if %grp%

"" goto end
if %grp%

%fix% goto goodgrp
goto strips
:goodgrp
for /f "Tokens=1-3*" %%i in ('showmbrs %grp%') do call :users %1 "%%i" "%%j" "%%k" "%%l"
goto end
:users
If not %5

"" goto end
set fix=%2%3%4%5
set fix=%fix:"""="%
set fix=%fix:"""="%
set fix=%fix:""= %
set tst=%fix:$"="%
if not %tst%

%fix% goto end
for /f "Tokens=1* Delims=\" %%i in (%fix%) do call :bslash "%%i" "%%j"
@echo %grp%,%fix% >> %1
goto end
:bslash
if not %2

"" goto end
if "%dom%"

"" goto end
set tst="%dom%\%fix%
set fix=%tst:\"=\%
:end

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish