Skip navigation
Menu

Q. How can I use VBScript to return all the groups in my domain, returning distinguishedName, sAMAccountName, group scope and type in CSV format?

I have scripted GetGroups.vbs to return all the groups in your domain, returning the following in semi-colon separated format:

"distinguishedName";"sAMAccountName";"Scope";"SecDst"

Where:

DistinguishedName is the distinguished name of the group.

sAMAccountName    is the NetBIOS (Pre-Windows 2000) name of the group.


Scope             is the group scope:
                         B   for a Built-in group.
                         L   for a Domain Local group.
                         G   for a Global group.
                         U   for a Universal group.

SecDst            is the group type:
                         S   for a security group.
                         D   for a distribution group.
GetGroups.vbs contains: 
On Error Resume Next
Dim objConnection, objCommand, objRootDSE, strDNSDomain
Dim strFilter, strQuery, objRecordSet, gt
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOOBject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
'Get domain
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
'Define the filter elements
strFilter = "(&(objectCategory=group))"
'List all attributes you will require
strAttributes = "distinguishedName,sAMAccountName,groupType"
'compose query
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 99999
objCommand.Properties("Timeout") = 300
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    strDN = objRecordSet.Fields("distinguishedName")
    strSA = objRecordSet.Fields("sAMAccountName")
    gt = objRecordSet.Fields("groupType")
    if (gt ANd &h01)  0 then
    Scope = "B"
    ElseIf (gt And &h02)  0 Then
    Scope = "G"
    ElseIf (gt And &h04)  0 Then
    Scope = "L"
    ElseIf (gt And &h08)  0 Then
    Scope = "U"
    End If
    If (gt And &h80000000)  0 Then
     SecDst = "S"
    Else
     SecDst = "D"
    End If
    Wscript.Echo 
" & strDN & 
;
 & strSA & 
;
 & Scope & 
;
 & SecDst &
"
    objRecordSet.MoveNext
Loop
' Clean up.
objConnection.Close
Set objConnection = Nothing
Set objCommand = Nothing
Set objRootDSE = Nothing
Set objRecordSet = Nothing


Hide comments

More information about text formats

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish