JSI Tip 7451. How can I report all Active Directory distribution group memberships?

Using the Active Directory command-line tools, I have scripted DistList.bat to report all Active Directory distribution group memberships.

The syntax for using DistList.bat is:

DistList ReportFile

where ReportFile will contain the fixed width report (161 characters), using the following format:

Distribution Group                                                               Member
"CN=TST DIST,CN=Users,DC=JSIINC,DC=COM"                                          "CN=test,CN=Users,DC=JSIINC,DC=COM"
DistList.bat contains:
@echo off
if \{%1\}==\{\} @echo Syntax DistList ReportFile&goto :EOF
set report=%1
if exist %report% del /q %report%
set work=Distribution Group                                                                                     #
set dist=%work:~0,80%
set work=Member                                                                                                 #
set user=%work:~0,80%
@echo %dist% %user%>>%report%
for /f "Tokens=*" %%g in ('dsquery group domainroot -name *') do (
 for /f "Tokens=*" %%d in ('dsget group %%g -secgrp') do (
  if /i "%%d" EQU "no      " for /f "Tokens=*" %%m in ('dsget group %%g -members') do (
   set dist=%%g&set user=%%m&call :out
goto :EOF
set work=%dist%                                                                                     #
set dist=%work:~0,80%
set work=%user%                                                                                     #
set user=%work:~0,80%
@echo %dist% %user%>>%report%
NOTE: See How can I remove a user from membership in all distribution groups, and optionally disable their account?

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.