Using the public domain SHOWMBRS program and standard commands, you can generate a CSV (Comma Seperated Value) file that contains GroupName and UserName. The format of the file is:
"GroupName","AccountBase\UserName" where AccountBase is either a Domain Name or a Computer Name.
- If you run the report on a Domain Controller and include the Domain Name parameter, AccountBase will be the Domain Name.
- If you run the report on a Domain Controller and do not include the Domain Name parameter,
AccountBase will be null for Domain Global Group membership.
- If you run it on a server or a workstation, GroupName will be local and AccountBase will indicate
wether the UserName is a local or domain account.
You can import the CSV file to a spread sheet, word processor, or data base to produce a nicely formated document. Here is a sample crosstab query made with partial data:
|
User |
Total |
Admin- |
Domain |
Domain |
Test |
Users |
JSI\Administrator |
3 |
1 |
1 |
1 |
0 |
0 |
JSI\Domain Admins |
1 |
1 |
0 |
0 |
0 |
0 |
|
JSI\Domain Users |
1 |
0 |
0 |
0 |
0 |
1 |
|
JSI\Jennifer |
1 |
0 |
0 |
1 |
0 |
0 |
|
JSI\JERRY |
3 |
1 |
1 |
1 |
0 |
0 |
|
JSI\Test User |
2 |
0 |
0 |
1 |
1 |
0 |
|
JSI\ULTRABAC |
3 |
1 |
1 |
1 |
0 |
0 |
You will notice that this script also outputs global group membership in local groups ( JSI/Domain Users is a member of local group Users).
The syntax for running JSIUserRpt.bat is:
JSIUserRpt "<Path>\csvfile.csv" \[Domain Name\] where:
| Parameter | D e s c r i p t i o n |
| "<Path>\csvfile.csv" | The CSV file that will contain the report. |
| Domain Name | The Domain Name, using proper case, if JSIUserRpt is run on a Domain Controller. |
JSIUserRpt.bat contains:
@echo off
If "%1"
"" goto syntax
if exist %1 del /q %1
goto start
:syntax
@echo Syntax: JSIUserRpt Drive:\Path\UserRpt.csv DomainName
goto end
:start
set dom=
if "%2"
"" goto nodom
set dom=%2
set dom=%dom:"=%
:nodom
if exist %TEMP%\UserRpt.log del /q %TEMP%\UserRpt.log
net localgroup /domain|Findstr /b /c:"*" >>%TEMP%\UserRpt.log
net group /domain|Findstr /b /c:"*" >>%TEMP%\UserRpt.log
REM The following is 1 line
for /f "tokens=1-3* delims=*" %%i in (%TEMP%\UserRpt.log) do call :group %1 "%%i"&call :group %1 "%%j"&call :group %1 "%%k"
set fix=
set grp=
set tst=
set dom=
goto end
:group
set grp=
set grp=%2
:strips
set fix=%grp%
REM Next line has 10 spaces between the : and the "
set grp=%grp: "="%
REM Next line has 5 spaces between the : and the "
set grp=%grp: "="%
REM Next line has 3 spaces between the : and the "
set grp=%grp: "="%
set grp=%grp: "="%
if %grp%
"" goto end
if %grp%
%fix% goto goodgrp
goto strips
:goodgrp
for /f "Tokens=1-3*" %%i in ('showmbrs %grp%') do call :users %1 "%%i" "%%j" "%%k" "%%l"
goto end
:users
If not %5
"" goto end
set fix=%2%3%4%5
set fix=%fix:"""="%
set fix=%fix:"""="%
set fix=%fix:""= %
set tst=%fix:$"="%
if not %tst%
%fix% goto end
for /f "Tokens=1* Delims=\" %%i in (%fix%) do call :bslash "%%i" "%%j"
@echo %grp%,%fix% >> %1
goto end
:bslash
if not %2
"" goto end
if "%dom%"
"" goto end
set tst="%dom%\%fix%
set fix=%tst:\"=\%
:end
