Using the DSGET Active Directory command-line tool, I have scripted SAMIDGrpMbrs.bat to retrieve the members of a domain group.
The syntax for using SAMIDGrpMbrs.bat is:
\[call\] SAMIDGrpMbrs GroupID
Where GroupID is the sAMAccountName (SAMID) of the group.
To process the output in a script:
for /f "Tokens=1* Delims=;" %%a in ('SAMIDGrpMbrs GroupID') do (
set UserDN=%%a
set UserSAMID=%%b
...
...
)
NOTE: Imbedded domain groups are recursively expanded to arrive at a complete set of domain members.
NOTE: SAMIDGrpMbrs.bat uses DNGrpMbrs.bat.
SAMIDGrpMbrs.bat contains:
@echo off
if \{%1\}==\{\} @echo Syntax: SAMIDGrpMbrs GroupID&goto :EOF
setlocal enabledelayedexpansion
set samid=%1
set samid=%samid:"=%
set qry=dsquery * domainroot -filter "(&(objectCategory=Group)(objectClass=group)(sAMAccountName=%samid%))" -attr distinguishedName -Limit 0
for /f "Skip=1 Tokens=*" %%g in ('%qry%') do (
set grp="%%g"
set grp=!grp: =!
call DNGrpMbrs !grp!
)
endlocal
0 comments
Hide comments
