Using the Active Directory command-line tools, I have scripted DistList.bat to report all Active Directory distribution group memberships.
The syntax for using DistList.bat is:
DistList ReportFile
where ReportFile will contain the fixed width report (161 characters), using the following format:
Distribution Group Member "CN=TST DIST,CN=Users,DC=JSIINC,DC=COM" "CN=test,CN=Users,DC=JSIINC,DC=COM"DistList.bat contains:
@echo off if \{%1\}==\{\} @echo Syntax DistList ReportFile&goto :EOF setlocal set report=%1 if exist %report% del /q %report% set work=Distribution Group # set dist=%work:~0,80% set work=Member # set user=%work:~0,80% @echo %dist% %user%>>%report% for /f "Tokens=*" %%g in ('dsquery group domainroot -name *') do ( for /f "Tokens=*" %%d in ('dsget group %%g -secgrp') do ( if /i "%%d" EQU "no " for /f "Tokens=*" %%m in ('dsget group %%g -members') do ( set dist=%%g&set user=%%m&call :out ) ) ) endlocal goto :EOF :out set work=%dist% # set dist=%work:~0,80% set work=%user% # set user=%work:~0,80% @echo %dist% %user%>>%report%NOTE: See How can I remove a user from membership in all distribution groups, and optionally disable their account?
1 comment
Hide comments