Using the DSGET Active Directory command-line tool, I have scripted SAMIDGrpMbrs.bat to retrieve the members of a domain group.
The syntax for using SAMIDGrpMbrs.bat is:
\[call\] SAMIDGrpMbrs GroupID
Where GroupID is the sAMAccountName (SAMID) of the group.
To process the output in a script:
for /f "Tokens=1* Delims=;" %%a in ('SAMIDGrpMbrs GroupID') do ( set UserDN=%%a set UserSAMID=%%b ... ... )NOTE: Imbedded domain groups are recursively expanded to arrive at a complete set of domain members.
NOTE: SAMIDGrpMbrs.bat uses DNGrpMbrs.bat.
SAMIDGrpMbrs.bat contains:
@echo off if \{%1\}==\{\} @echo Syntax: SAMIDGrpMbrs GroupID&goto :EOF setlocal enabledelayedexpansion set samid=%1 set samid=%samid:"=% set qry=dsquery * domainroot -filter "(&(objectCategory=Group)(objectClass=group)(sAMAccountName=%samid%))" -attr distinguishedName -Limit 0 for /f "Skip=1 Tokens=*" %%g in ('%qry%') do ( set grp="%%g" set grp=!grp: =! call DNGrpMbrs !grp! ) endlocal
0 comments
Hide comments