subject:"\[ActiveDir\] Enumerating Group type and Mebership..."

Re: [ActiveDir] Enumerating Group type and Mebership...

2006-08-19 Thread Mathieu CHATEAU





Hello Mike,

Try this one:
-
Option Explicit
Dim objDomain, objUser, objGroup


Set objDomain = GetObject("WinNT://MyDomain")
objDomain.Filter = Array("user")


For Each objUser In objDomain
 Wscript.Echo "User: "  objUser.Name
 For Each objGroup In objUser.Groups
  Wscript.Echo "-- Member of group: "  objGroup.Name
 Next
Next


objDomain.Filter = Array("group")


For Each objGroup In objDomain
 Wscript.Echo "Group: "  objGroup.Name
 For Each objUser In objGroup.Members
  Wscript.Echo "-- Member: "  objUser.Name
 Next
Next


Fire it with something like cscript dump.vbs  dump.txt


Just my 2 cents
Mathieu CHATEAU
http://lordoftheping.blogspot.com


Tuesday, July 25, 2006, 8:49:11 PM, you wrote:







All,

Im trying to enumerate all groups in my AD environment. I need to get Group name group type and group members for each group

Ive tried some sample _vbscript_s fromhttp://www.microsoft.com/technet/scriptcenter/resources/qanda/apr05/hey0419.mspx

Then I tried (below) but It still doesnt seem to pull back everything I need- Any help would be great! In a perfect world -J- I need a list of all security groups and distribution groups and their members
Thanks,
Mike

Enumerate Security Groups and Member in Domain

csvde -f c:\tmp\SecurityGroups.csv -p subtree -l cn,mail,member -r "(|((objectCategory=Group)(objectClass=Group)(|(groupType=-2147483644)(groupType=-2147483646)(groupType=-2147483640" -j c:\tmp


Enumerate Distribution Groups and Member in Domain

csvde -f c:\tmp\DistributionLists.csv -p subtree -l cn,mail,member -r "(|((objectCategory=Group)(objectClass=Group)(|(groupType=8)(groupType=4)(groupType=2" -j c:\tmp










--
Best regards,
Mathieu  mailto:[EMAIL PROTECTED]



List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

RE: [ActiveDir] Enumerating Group type and Mebership...

2006-08-18 Thread joe




I believe that was one of the items in a list of about 25 
requests generated here on the list that I submitted into the bug/request system 
at MSFT as well as sending directly to the responsible Dev (the guy doing a lot 
of the GUI user experience stuff) at AD. He loved the ideas but said that for 
most of them LH R2 sounded more likely than LH.

 joe


--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm




From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Matt 
HargravesSent: Tuesday, July 25, 2006 5:02 PMTo: 
ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Enumerating 
Group type and Mebership...
You either have a small environment or someone wants a document that 
will be completely outdated 12 minutes after it's compiled.Though just 
to be honest, I'd love to be able to click on a '+' on groups and show their 
members and continue to follow the '+' if there is nesting. That would be 
an awesome feature in the ADUC. Maybe I should submit that feature request 
to Quest and Microsoft. 
On 7/25/06, Mike 
Hogenauer [EMAIL PROTECTED] 
wrote:

  
  
  
  I need all Security Groups and 
  Distribution groups  and their members 
  
  Thanks Laura!
  
  
  
  From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of 
  Laura A. RobinsonSent: Tuesday, July 25, 2006 12:00 
  PM
  To: ActiveDir@mail.activedir.org
  Subject: RE: [ActiveDir] Enumerating Group type and Mebership...
  
  
  
  
  What is "everything [you] need", 
  specifically?
  
  
  
  Thanks,
  
  
  
  Laura
  




From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of 
Mike HogenauerSent: Tuesday, July 25, 2006 2:49 
PMTo: ActiveDir@mail.activedir.orgSubject: 
[ActiveDir] Enumerating Group type and Mebership...
All, 

I'm trying to enumerate all groups in my AD environment. I need to get 
Group name group type and group members for each group 

I've tried some sample _vbscript_s from http://www.microsoft.com/technet/scriptcenter/resources/qanda/apr05/hey0419.mspx 


Then I tried (below) but It still doesn't seem to pull back everything I 
need- Any help would be great! In a perfect world - J - I need a list of all 
security groups and distribution groups and their members 
Thanks,
Mike 

Enumerate Security Groups and Member in Domain

csvde -f c:\tmp\SecurityGroups.csv -p subtree -l cn,mail,member -r 
"(|((objectCategory=Group)(objectClass=Group)(|(groupType=-2147483644)(groupType=-2147483646)(groupType=-2147483640" 
-j c:\tmp


Enumerate Distribution Groups and Member in Domain

csvde -f c:\tmp\DistributionLists.csv -p subtree -l cn,mail,member 
-r 
"(|((objectCategory=Group)(objectClass=Group)(|(groupType=8)(groupType=4)(groupType=2" 
-j c:\tmp

RE: [ActiveDir] Enumerating Group type and Mebership...

2006-08-18 Thread joe




This is the kind of thing if I got a request for it I would 
end up wrapping into a perl script and then tossing into a webpage via CGI that 
the "someone" could look at when they wanted as they are just looking to poke 
around occasionally and it is stupid to burn up admin resources for ad hoc 
requests like this. I would probably present a list of the groups first and then 
let them select what they want and then display that info. 

If it is for some sort of overall review, then I would just 
hand over the perl script and let them run it as they want. 

I don't know if you are aware but your filter is not 
capturing system type groups like Remote Desktop Users, Pre-We2K group, etc... 


In generala nice little shortcut... for all windows 
security-enabled groups, use (grouptype=-1) and for all non windows 
security-enabled groups use (grouptype=0); the attribute is indexed and not 
valid for anything but groups so you don't need anything else. Cutting out the 
ORs will help speed it up since it won't have to do a join of several 
lookups.

A couple of quick command to verify 
this

adfind -sc s:grouptype searchflags

G:\Tempadfind -sc s:grouptype 
searchflags

AdFind V01.31.00cpp Joe Richards ([EMAIL PROTECTED]) 
March 2006

Using server: r2dc2.test.loc:389Directory: Windows 
Server 2003Base DN: 
CN=Schema,CN=Configuration,DC=test,DC=loc

dn:CN=Group-Type,CN=Schema,CN=Configuration,DC=test,DC=locsearchFlags: 
9 [INDEX(1);PRESERVE TOMBSTONE(8)]

1 Objects returned

adfind -sc scontainsl:grouptype

G:\Tempadfind -sc 
scontainsl:grouptype

group

And 
you can test the various query efficiencies with something 
like

adfind 
-b search_base -f search_filter -stats+only

G:\Tempadfind -default -f 
"(groupType=-1)" -stats+only

AdFind V01.31.00cpp Joe 
Richards ([EMAIL PROTECTED]) 
March 2006

Using server: 
r2dc2.test.loc:389Directory: Windows Server 2003Base DN: 
DC=test,DC=loc



Statistics=Elapsed Time: 11 
(ms)Returned 36 entries of 36 visited - (100.00%)

Used 
Filter:(groupType=-1)

Used 
Indices:idx_groupType:36:N

Analysis-Hit Rate of 
100.00% is Efficient

Indices used:

Index Name : 
idx_groupTypeRecord Count: 36 (estimate)Index Type : Normal 
Attribute Index

Filter Breakdown:

(groupType=-1)




--
O'Reilly Active Directory Third Edition - http://www.joeware.net/win/ad3e.htm




From: [EMAIL PROTECTED] 
[mailto:[EMAIL PROTECTED] On Behalf Of Mike 
HogenauerSent: Tuesday, July 25, 2006 5:12 PMTo: 
ActiveDir@mail.activedir.orgSubject: RE: [ActiveDir] Enumerating 
Group type and Mebership...


Were 
medium size  and yes someone does want a current outdated list J - 

Just 
trying to make it happen. 


From: 
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] 
On Behalf Of Matt HargravesSent: Tuesday, July 25, 2006 2:02 
PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] 
Enumerating Group type and Mebership...

You either have a small 
environment or someone wants a document that will be completely outdated 12 
minutes after it's compiled.Though just to be honest, I'd love to be 
able to click on a '+' on groups and show their members and continue to follow 
the '+' if there is nesting. That would be an awesome feature in the 
ADUC. Maybe I should submit that feature request to Quest and Microsoft. 


On 7/25/06, Mike Hogenauer 
[EMAIL PROTECTED] 
wrote:



I need all Security Groups and Distribution 
groups  and their members 

Thanks Laura!



From: 
[EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Laura 
A. RobinsonSent: Tuesday, July 25, 2006 12:00 
PM

To: ActiveDir@mail.activedir.org

Subject: RE: [ActiveDir] Enumerating Group type and 
Mebership...



What is "everything [you] need", 
specifically?



Thanks,



Laura

  
  
  
  
  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mike 
  HogenauerSent: Tuesday, July 25, 2006 2:49 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] 
  Enumerating Group type and Mebership...
  All, 
  
  I'm trying to enumerate all groups in my AD environment. I need to get 
  Group name group type and group members for each group 
  
  I've tried some sample _vbscript_s from http://www.microsoft.com/technet/scriptcenter/resources/qanda/apr05/hey0419.mspx 
  
  
  Then I tried (below) but It still doesn't seem to pull back everything I 
  need- Any help would be great! In a perfect world - J - I need a list of all security 
  groups and distribution groups and their members 
  Thanks,
  Mike 
  
  Enumerate Security Groups and Member in Domain
  
  csvde -f c:\tmp\SecurityGroups.csv -p subtree -l cn,mail,member -r 
  "(|((objectCategory=Group)(objectClass=Group)(|(groupType=-2147483644)(groupType=-2147483646)(groupType=-2147483640" 
  -j c:\tmp
  
  
  Enumerate Distribution Groups and Member in 
  Domain
  
  csvde -f c:\tmp\DistributionLists.csv -p subtree -l cn,mail,member -r 
  "(|((objectCategory=Group)(

Re: [ActiveDir] Enumerating Group type and Mebership...

2006-07-26 Thread AFidel


Personally I like to find a find a good
tool if it makes my life easier. In the area of user/group reporting one
such tool is Hyena from Systemtools.com. I'm not sure how (in) efficient
it's ldap queries are when it's asked for nested group membership but I've
never had to run it against an AD environment with more then a couple thousand
users and groups. Even in those largest cases it's returned results in
minutes or less so I wouldn't think a well setup environment would take
more than say an hour for even a large AD structure (there I go assuming).
Custom scripting is great when the problem is so trivial or so complex
that standard off the shelf tools don't make sense, but for the majority
of cases they just seem like a good investment to me =)

Andrew Fidel






Matt Hargraves
[EMAIL PROTECTED] 
Sent by: [EMAIL PROTECTED]
07/25/2006 05:54 PM



Please respond to
ActiveDir@mail.activedir.org





To
ActiveDir@mail.activedir.org


cc



Subject
Re: [ActiveDir] Enumerating
Group type and Mebership...








Getting a list of groups is easy... getting it all enumerated
will be a bit more complex, though not terribly so.

The ADUC allows you to create queries and list all security groups. You
can then export this list to a file. Once you have the file, you
need to import that list into Excel (pretty easy), then run a _vbscript_
against with LDAP or ADSI scripting in it (or something like that) to enumerate
group members. If they want nested members also, then you've got
a lot more complex issue, but I would just state that it's not practical
and let him work with the current list. 

Hopefully the resulting gargantuan file will be enough to make anyone choke
and stop making rediculous requests that they don't understand the futility
of. Enumerating 10k groups simply so that you can toss the list out
later that week because it's just going to get more and more out of date
is worse than silly, it's a waste of company effort (and money). Make
it too easy for him to generate that report and soon he'll be wanting to
see what items they have access to in the environment, so you'll end up
enumerating out all files and shares and rights assignments on computers.




On 7/25/06, Mike Hogenauer [EMAIL PROTECTED]
wrote:
We're medium size  and yes someone does
want a current outdated list J
- 
Just trying to make it happen. 

From: [EMAIL PROTECTED]
[mailto: [EMAIL PROTECTED]]
On Behalf Of Matt Hargraves
Sent: Tuesday, July 25, 2006 2:02 PM

To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Enumerating Group type
and Mebership...

You either have a small environment or someone wants a
document that will be completely outdated 12 minutes after it's compiled.

Though just to be honest, I'd love to be able to click on a '+' on groups
and show their members and continue to follow the '+' if there is nesting.
That would be an awesome feature in the ADUC. Maybe I should
submit that feature request to Quest and Microsoft. 

On 7/25/06, Mike Hogenauer [EMAIL PROTECTED]
wrote:
I need all Security Groups and Distribution
groups  and their members 

Thanks Laura!

From: [EMAIL PROTECTED]
[mailto: [EMAIL PROTECTED]]
On Behalf Of Laura A. Robinson
Sent: Tuesday, July 25, 2006 12:00 PM

To: ActiveDir@mail.activedir.org

Subject: RE: [ActiveDir] Enumerating Group type
and Mebership...

What is everything [you] need, specifically?

Thanks,

Laura




From: [EMAIL PROTECTED]
[mailto:
[EMAIL PROTECTED]] On Behalf
Of Mike Hogenauer
Sent: Tuesday, July 25, 2006 2:49 PM
To: ActiveDir@mail.activedir.org

Subject: [ActiveDir] Enumerating Group type and Mebership...
All, 

I'm trying to enumerate all groups in my AD environment.
I need to get Group name group type and group members for each group


I've tried some sample _vbscript_s from http://www.microsoft.com/technet/scriptcenter/resources/qanda/apr05/hey0419.mspx


Then I tried (below) but It still doesn't seem to pull
back everything I need- Any help would be great! In a perfect world - J
- I need a list of all security groups and distribution groups and
their members 
Thanks,
Mike 

Enumerate Security Groups and Member in Domain

csvde -f c:\tmp\SecurityGroups.csv -p subtree -l cn,mail,member
-r (|((objectCategory=Group)(objectClass=Group)(|(groupType=-2147483644)(groupType=-2147483646)(groupType=-2147483640
-j c:\tmp


Enumerate Distribution Groups and Member in Domain

csvde -f c:\tmp\DistributionLists.csv -p subtree -l cn,mail,member
-r (|((objectCategory=Group)(objectClass=Group)(|(groupType=8)(groupType=4)(groupType=2
-j c:\tmp

RE: [ActiveDir] Enumerating Group type and Mebership...

2006-07-26 Thread MAURAT

Hello,

First, please excuse my english written

After, the script below enumerates all groups (and their members) of a user.
Perhaps, this can help you for your needs

Bye

 
Set FSO = CreateObject(Scripting.FileSystemObject)
Set WSHShell = WScript.CreateObject(WScript.Shell)
Set WSHNetwork = WScript.CreateObject(WScript.Network)
Set Drives = CreateObject(Scripting.Dictionary)
Set Printers = CreateObject(Scripting.Dictionary)
Set listegroupes = CreateObject(Scripting.Dictionary)
'Création d'un objet LDAP
Set rootDSE = GetObject(LDAP://rootDSE)
'Création d'un objet connexion ADO
Set Con = CreateObject(ADODB.Connection)
'Création d'un objet commande ADO
Set ocommand = CreateObject(ADODB.Command)
'Récupération du domaine d'appartenance
sDomain = rootDSE.Get(defaultNamingContext)
Set domain = GetObject(LDAP://  sDomain)
 

Nom_utilisateur=WSHNetwork.UserName
Domaine_utilisateur=WSHNetwork.UserDomain
 
if not(membrede(Nom_utilisateur)) then
 wscript.echo no group for user   Nom_utilisateur  ( 
Domaine_utilisateur  )
else
 wscript.echo user   Nom_utilisateur   is member of :  VBCRLF
 For Each Group In listegroupes.items
  wscript.echo group --  Group  VBCRLF
 Next
end if
 
 
 
' ROUTINES RECUPERATION APPARTENANCE GROUPE---'
function membrede(nomuser)
Con.Provider = ADsDSOObject
Con.Open Active Directory Provider
ocommand.ActiveConnection = Con
 

'build LDAP request
'initialize filter
sfilteruser=((objectClass=user)(|(name=  nomuser  )(sn= nomuser
)(sAMAccountName=  nomuser  ))) 'for user
sfiltergroup=(objectClass=group) 'for groups
 
'attributes to return.
sAttribsToReturn = memberOf 'pour retrouver l'attribut membre de...
 
'initialize deep.
sDepth = subTree 'everywhere in domain
 
'direct membership
macommand =   domain.adspath  ;  sfilteruser  ; 
sAttribsToReturn  ;  sDepth
ocommand.CommandText = macommand
 
Set rs = ocommand.Execute
 
compteur=0
 
if (rs.RecordCount = 1) then
 rs.MoveFirst
 do
  mo=rs.Fields(memberof).value
  if not(IsNull(mo)) then
   For Each grp In mo
listegroupes.add compteur,grp
compteur=compteur+1
   Next
  else
   membrede=FALSE
   exit function
   'wscript.echo le compte   nomuser   n'appartient à aucun groupe 
vbcrlf
  end if
  rs.movenext
 loop while Not rs.EOF
else
 membrede=FALSE
 exit function
' wscript.echo Petit problème
end if
 
'indirect membership
index=0
do
 macommand = LDAP://  listegroupes(index) ;  sfiltergroup  ; 
sAttribsToReturn  ;  sDepth
 'wscript.echo macommand
 ocommand.CommandText = macommand
 Set rs = ocommand.Execute
 if (rs.RecordCount0) then
  rs.MoveFirst
  do
   mo=rs.Fields(memberof).value
   if not(IsNull(mo)) then
For Each grp In mo
 listegroupes.add compteur,grp
 compteur=compteur+1
' wscript.echo grp
Next
   else
'wscript.echo pas de membre de pour:  listegroupes(index)
   end if
   rs.movenext
  loop while Not rs.EOF
 else
'  wscript.echo pas de record trouvé
 end if
 index=index+1
loop while (indexcompteur)
 
for each cle in listegroupes
 grp=right(listegroupes(cle),len(listegroupes(cle))-3)
 p = Instr(1, grp, ,, 0)
 grp=left(grp,p-1)
 listegroupes(cle)=grp
next
membrede=TRUE
end function
' FIN ROUTINES RECUPERATION APPARTENANCE GROUPE---'
 
 
 


De : [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] De la part de Mike Hogenauer
Envoyé : mardi 25 juillet 2006 20:49
À : ActiveDir@mail.activedir.org
Objet : [ActiveDir] Enumerating Group type and Mebership...



All, 

 

Im trying to enumerate all groups in my AD environment. I need to get Group
name group type and group members for each group 

 

Ive tried some sample VB scripts from
http://www.microsoft.com/technet/scriptcenter/resources/qanda/apr05/hey0419.
mspx 

 

Then I tried (below) but It still doesnt seem to pull back everything I
need- Any help would be great! In a perfect world - J -  I need a list of
all security groups and distribution groups and their members 

Thanks,

Mike 

 

Enumerate Security Groups and Member in Domain

 

csvde -f c:\tmp\SecurityGroups.csv -p subtree -l cn,mail,member  -r
(|((objectCategory=Group)(objectClass=Group)(|(groupType=-2147483644)(grou
pType=-2147483646)(groupType=-2147483640 -j c:\tmp

 

 

Enumerate Distribution Groups and Member in Domain

 

csvde -f c:\tmp\DistributionLists.csv -p subtree -l cn,mail,member  -r
(|((objectCategory=Group)(objectClass=Group)(|(groupType=8)(groupType=4)(g
roupType=2 -j c:\tmp

 

 


List info   : http://www.activedir.org/List.aspx
List FAQ: http://www.activedir.org/ListFAQ.aspx
List archive: http://www.activedir.org/ml/threads.aspx

[ActiveDir] Enumerating Group type and Mebership...

2006-07-25 Thread Mike Hogenauer









All, 



Im trying to enumerate all groups in my AD environment.
I need to get Group name group type and group members for each group 



Ive tried some sample _vbscript_s from http://www.microsoft.com/technet/scriptcenter/resources/qanda/apr05/hey0419.mspx




Then I tried (below) but It still doesnt seem to pull
back everything I need- Any help would be great! In a perfect world - J - I need a list of all security
groups and distribution groups and their members 

Thanks,

Mike 



Enumerate Security Groups and Member in Domain



csvde -f c:\tmp\SecurityGroups.csv -p subtree -l
cn,mail,member -r (|((objectCategory=Group)(objectClass=Group)(|(groupType=-2147483644)(groupType=-2147483646)(groupType=-2147483640
-j c:\tmp





Enumerate Distribution Groups and Member in Domain



csvde -f c:\tmp\DistributionLists.csv -p subtree -l
cn,mail,member -r (|((objectCategory=Group)(objectClass=Group)(|(groupType=8)(groupType=4)(groupType=2
-j c:\tmp

RE: [ActiveDir] Enumerating Group type and Mebership...

2006-07-25 Thread Laura A. Robinson




What 
is "everything [you] need", specifically?

Thanks,

Laura

  
  
  From: [EMAIL PROTECTED] 
  [mailto:[EMAIL PROTECTED] On Behalf Of Mike 
  HogenauerSent: Tuesday, July 25, 2006 2:49 PMTo: 
  ActiveDir@mail.activedir.orgSubject: [ActiveDir] Enumerating Group 
  type and Mebership...
  
  
  All, 
  
  Im trying to enumerate all groups in my AD environment. I 
  need to get Group name group type and group members for each group 
  
  
  Ive tried some sample _vbscript_s from http://www.microsoft.com/technet/scriptcenter/resources/qanda/apr05/hey0419.mspx 
  
  
  Then I tried (below) but It still doesnt seem to pull back 
  everything I need- Any help would be great! In a perfect world - J - I need a list of all security 
  groups and distribution groups and their members 
  Thanks,
  Mike 
  
  Enumerate Security Groups and Member in 
  Domain
  
  csvde -f c:\tmp\SecurityGroups.csv -p subtree -l 
  cn,mail,member -r 
  "(|((objectCategory=Group)(objectClass=Group)(|(groupType=-2147483644)(groupType=-2147483646)(groupType=-2147483640" 
  -j c:\tmp
  
  
  Enumerate Distribution Groups and Member in 
  Domain
  
  csvde -f c:\tmp\DistributionLists.csv -p subtree -l 
  cn,mail,member -r 
  "(|((objectCategory=Group)(objectClass=Group)(|(groupType=8)(groupType=4)(groupType=2" 
  -j c:\tmp

Re: [ActiveDir] Enumerating Group type and Mebership...

2006-07-25 Thread mike kline

Give Joe's adfind a spin, there is a good article here that may help too (nice adfind examples)

http://blogs.brnets.com/michael/archive/2004/06/24/168.aspx


On 7/25/06, Mike Hogenauer [EMAIL PROTECTED] wrote:




All, 

I'm trying to enumerate all groups in my AD environment. I need to get Group name group type and group members for each group… 

I've tried some sample _vbscript_s from 
http://www.microsoft.com/technet/scriptcenter/resources/qanda/apr05/hey0419.mspx 

Then I tried (below) but It still doesn't seem to pull back everything I need- Any help would be great! In a perfect world - J - I need a list of all security groups and distribution groups and their members 

Thanks,
Mike 

Enumerate Security Groups and Member in Domain

csvde -f c:\tmp\SecurityGroups.csv -p subtree -l cn,mail,member -r (|((objectCategory=Group)(objectClass=Group)(|(groupType=-2147483644)(groupType=-2147483646)(groupType=-2147483640 -j c:\tmp



Enumerate Distribution Groups and Member in Domain

csvde -f c:\tmp\DistributionLists.csv -p subtree -l cn,mail,member -r (|((objectCategory=Group)(objectClass=Group)(|(groupType=8)(groupType=4)(groupType=2 -j c:\tmp

RE: [ActiveDir] Enumerating Group type and Mebership...

2006-07-25 Thread Mike Hogenauer









I need all Security Groups and Distribution
groups  and their members 



Thanks Laura!







From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Laura A. Robinson
Sent: Tuesday, July 25, 2006 12:00 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Enumerating Group type and Mebership...









What is everything [you] need, specifically?











Thanks,











Laura













From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Mike Hogenauer
Sent: Tuesday, July 25, 2006 2:49 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Enumerating Group type and Mebership...

All, 



Im trying to enumerate all groups in my AD environment. I
need to get Group name group type and group members for each group 



Ive tried some sample _vbscript_s from http://www.microsoft.com/technet/scriptcenter/resources/qanda/apr05/hey0419.mspx




Then I tried (below) but It still doesnt seem to pull back
everything I need- Any help would be great! In a perfect world - J - I need a list of all security
groups and distribution groups and their members 

Thanks,

Mike 



Enumerate Security Groups and Member in Domain



csvde -f c:\tmp\SecurityGroups.csv -p subtree -l
cn,mail,member -r (|((objectCategory=Group)(objectClass=Group)(|(groupType=-2147483644)(groupType=-2147483646)(groupType=-2147483640
-j c:\tmp





Enumerate Distribution Groups and Member in Domain



csvde -f c:\tmp\DistributionLists.csv -p subtree -l
cn,mail,member -r (|((objectCategory=Group)(objectClass=Group)(|(groupType=8)(groupType=4)(groupType=2
-j c:\tmp

Re: [ActiveDir] Enumerating Group type and Mebership...

2006-07-25 Thread Matt Hargraves

You either have a small environment or someone wants a document that will be completely outdated 12 minutes after it's compiled.Though just to be honest, I'd love to be able to click on a '+' on groups and show their members and continue to follow the '+' if there is nesting. That would be an awesome feature in the ADUC. Maybe I should submit that feature request to Quest and Microsoft.
On 7/25/06, Mike Hogenauer [EMAIL PROTECTED] wrote:














I need all Security Groups and Distribution
groups – and their members 



Thanks Laura!







From:
[EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]] On
Behalf Of Laura A. Robinson
Sent: Tuesday, July 25, 2006 12:00 PM
To: ActiveDir@mail.activedir.org

Subject: RE: [ActiveDir] Enumerating Group type and Mebership...









What is everything [you] need, specifically?











Thanks,











Laura














From: 
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] 
On Behalf Of Mike Hogenauer
Sent: Tuesday, July 25, 2006 2:49 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Enumerating Group type and Mebership...

All, 



I'm trying to enumerate all groups in my AD environment. I
need to get Group name group type and group members for each group… 



I've tried some sample _vbscript_s from 
http://www.microsoft.com/technet/scriptcenter/resources/qanda/apr05/hey0419.mspx




Then I tried (below) but It still doesn't seem to pull back
everything I need- Any help would be great! In a perfect world - J - I need a list of all security
groups and distribution groups and their members 

Thanks,

Mike 



Enumerate Security Groups and Member in Domain



csvde -f c:\tmp\SecurityGroups.csv -p subtree -l
cn,mail,member -r (|((objectCategory=Group)(objectClass=Group)(|(groupType=-2147483644)(groupType=-2147483646)(groupType=-2147483640
-j c:\tmp





Enumerate Distribution Groups and Member in Domain



csvde -f c:\tmp\DistributionLists.csv -p subtree -l
cn,mail,member -r (|((objectCategory=Group)(objectClass=Group)(|(groupType=8)(groupType=4)(groupType=2
-j c:\tmp

RE: [ActiveDir] Enumerating Group type and Mebership...

2006-07-25 Thread Mike Hogenauer









Were medium size  and yes someone does want a current outdated
list J - 

Just trying to make it happen. 





From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Matt Hargraves
Sent: Tuesday, July 25, 2006 2:02 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Enumerating Group type and Mebership...





You either have a small
environment or someone wants a document that will be completely outdated 12
minutes after it's compiled.

Though just to be honest, I'd love to be able to click on a '+' on groups and
show their members and continue to follow the '+' if there is nesting.
That would be an awesome feature in the ADUC. Maybe I should submit that
feature request to Quest and Microsoft. 





On 7/25/06, Mike Hogenauer
[EMAIL PROTECTED]
wrote:







I need all Security Groups and Distribution
groups  and their members 



Thanks Laura!







From: [EMAIL PROTECTED]
[mailto: [EMAIL PROTECTED]]
On Behalf Of Laura A. Robinson
Sent: Tuesday, July 25, 2006 12:00 PM






To: ActiveDir@mail.activedir.org





Subject: RE: [ActiveDir] Enumerating Group type and
Mebership...













What is everything [you]
need, specifically?











Thanks,











Laura













From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]
On Behalf Of Mike Hogenauer
Sent: Tuesday, July 25, 2006 2:49 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Enumerating Group type and Mebership...

All, 



I'm trying to enumerate all groups in my AD environment. I need to get Group
name group type and group members for each group 



I've tried some sample _vbscript_s from http://www.microsoft.com/technet/scriptcenter/resources/qanda/apr05/hey0419.mspx




Then I tried (below) but It still doesn't seem to pull back everything I
need- Any help would be great! In a perfect world - J - I need a list of all security groups and
distribution groups and their members 

Thanks,

Mike 



Enumerate Security Groups and Member in Domain



csvde -f c:\tmp\SecurityGroups.csv -p subtree -l cn,mail,member -r
(|((objectCategory=Group)(objectClass=Group)(|(groupType=-2147483644)(groupType=-2147483646)(groupType=-2147483640
-j c:\tmp





Enumerate Distribution Groups and Member in Domain



csvde -f c:\tmp\DistributionLists.csv -p subtree -l cn,mail,member -r
(|((objectCategory=Group)(objectClass=Group)(|(groupType=8)(groupType=4)(groupType=2
-j c:\tmp

Re: [ActiveDir] Enumerating Group type and Mebership...

2006-07-25 Thread Matt Hargraves

Getting a list of groups is easy... getting it all enumerated will be a bit more complex, though not terribly so.The ADUC allows you to create queries and list all security groups. You can then export this list to a file. Once you have the file, you need to import that list into Excel (pretty easy), then run a _vbscript_ against with LDAP or ADSI scripting in it (or something like that) to enumerate group members. If they want nested members also, then you've got a lot more complex issue, but I would just state that it's not practical and let him work with the current list.
Hopefully the resulting gargantuan file will be enough to make anyone choke and stop making rediculous requests that they don't understand the futility of. Enumerating 10k groups simply so that you can toss the list out later that week because it's just going to get more and more out of date is worse than silly, it's a waste of company effort (and money). Make it too easy for him to generate that report and soon he'll be wanting to see what items they have access to in the environment, so you'll end up enumerating out all files and shares and rights assignments on computers.
On 7/25/06, Mike Hogenauer [EMAIL PROTECTED] wrote:














We're medium size – and yes someone does want a current outdated
list J - 

Just trying to make it happen…. 





From:
[EMAIL PROTECTED] [mailto:
[EMAIL PROTECTED]] On
Behalf Of Matt Hargraves
Sent: Tuesday, July 25, 2006 2:02 PM
To: ActiveDir@mail.activedir.org

Subject: Re: [ActiveDir] Enumerating Group type and Mebership...





You either have a small
environment or someone wants a document that will be completely outdated 12
minutes after it's compiled.

Though just to be honest, I'd love to be able to click on a '+' on groups and
show their members and continue to follow the '+' if there is nesting.
That would be an awesome feature in the ADUC. Maybe I should submit that
feature request to Quest and Microsoft. 





On 7/25/06, Mike Hogenauer
[EMAIL PROTECTED]
wrote:







I need all Security Groups and Distribution
groups – and their members 



Thanks Laura!







From: 
[EMAIL PROTECTED]
[mailto: 
[EMAIL PROTECTED]]
On Behalf Of Laura A. Robinson
Sent: Tuesday, July 25, 2006 12:00 PM






To: ActiveDir@mail.activedir.org






Subject: RE: [ActiveDir] Enumerating Group type and
Mebership...













What is everything [you]
need, specifically?











Thanks,











Laura














From: 
[EMAIL PROTECTED]
[mailto:
[EMAIL PROTECTED]]
On Behalf Of Mike Hogenauer
Sent: Tuesday, July 25, 2006 2:49 PM
To: ActiveDir@mail.activedir.org

Subject: [ActiveDir] Enumerating Group type and Mebership...

All, 



I'm trying to enumerate all groups in my AD environment. I need to get Group
name group type and group members for each group… 



I've tried some sample _vbscript_s from 
http://www.microsoft.com/technet/scriptcenter/resources/qanda/apr05/hey0419.mspx




Then I tried (below) but It still doesn't seem to pull back everything I
need- Any help would be great! In a perfect world - J - I need a list of all security groups and
distribution groups and their members 

Thanks,

Mike 



Enumerate Security Groups and Member in Domain



csvde -f c:\tmp\SecurityGroups.csv -p subtree -l cn,mail,member -r
(|((objectCategory=Group)(objectClass=Group)(|(groupType=-2147483644)(groupType=-2147483646)(groupType=-2147483640
-j c:\tmp





Enumerate Distribution Groups and Member in Domain



csvde -f c:\tmp\DistributionLists.csv -p subtree -l cn,mail,member -r
(|((objectCategory=Group)(objectClass=Group)(|(groupType=8)(groupType=4)(groupType=2
-j c:\tmp

RE: [ActiveDir] Enumerating Group type and Mebership...

2006-07-25 Thread WATSON, BEN









Ugh, this sounds exactly like the SOX audit
our company is currently going through. People asking for reports and
screenshots of things they simply dont understand. Its a joy.











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt Hargraves
Sent: Tuesday, July 25, 2006 2:54
PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir]
Enumerating Group type and Mebership...





Getting a list of groups
is easy... getting it all enumerated will be a bit more complex, though not
terribly so.

The ADUC allows you to create queries and list all security groups. You
can then export this list to a file. Once you have the file, you need to
import that list into Excel (pretty easy), then run a _vbscript_ against with
LDAP or ADSI scripting in it (or something like that) to enumerate group
members. If they want nested members also, then you've got a lot more
complex issue, but I would just state that it's not practical and let him work
with the current list. 

Hopefully the resulting gargantuan file will be enough to make anyone choke and
stop making rediculous requests that they don't understand the futility
of. Enumerating 10k groups simply so that you can toss the list out later
that week because it's just going to get more and more out of date is worse
than silly, it's a waste of company effort (and money). Make it too easy
for him to generate that report and soon he'll be wanting to see what items
they have access to in the environment, so you'll end up enumerating out all
files and shares and rights assignments on computers. 






On 7/25/06, Mike
Hogenauer [EMAIL PROTECTED]
wrote:







We're medium size  and yes someone does want a current
outdated list J - 

Just trying to make it happen. 





From: [EMAIL PROTECTED]
[mailto: [EMAIL PROTECTED]]
On Behalf Of Matt Hargraves
Sent: Tuesday, July 25, 2006 2:02
PM






To: ActiveDir@mail.activedir.org





Subject: Re:
[ActiveDir] Enumerating Group type and Mebership...









You either have a small environment or someone wants a
document that will be completely outdated 12 minutes after it's compiled.

Though just to be honest, I'd love to be able to click on a '+' on groups and
show their members and continue to follow the '+' if there is nesting.
That would be an awesome feature in the ADUC. Maybe I should submit that
feature request to Quest and Microsoft. 



On
7/25/06, Mike Hogenauer [EMAIL PROTECTED] wrote:







I need all Security Groups and Distribution groups  and
their members 



Thanks Laura!







From: [EMAIL PROTECTED]
[mailto: [EMAIL PROTECTED]]
On Behalf Of Laura A. Robinson
Sent: Tuesday, July 25, 2006 12:00
PM






To: ActiveDir@mail.activedir.org






Subject: RE: [ActiveDir] Enumerating Group
type and Mebership...













What is everything [you] need, specifically?











Thanks,











Laura













From: [EMAIL PROTECTED]
[mailto:
[EMAIL PROTECTED]] On
Behalf Of Mike Hogenauer
Sent: Tuesday, July 25, 2006 2:49
PM
To: ActiveDir@mail.activedir.org

Subject: [ActiveDir] Enumerating
Group type and Mebership...

All, 



I'm
trying to enumerate all groups in my AD environment. I need to get Group name
group type and group members for each group 



I've
tried some sample _vbscript_s from http://www.microsoft.com/technet/scriptcenter/resources/qanda/apr05/hey0419.mspx




Then I
tried (below) but It still doesn't seem to pull back everything I need- Any
help would be great! In a perfect world - J - I need a list of all
security groups and distribution groups and their members 

Thanks,

Mike 



Enumerate Security Groups and Member in Domain



csvde -f
c:\tmp\SecurityGroups.csv -p subtree -l cn,mail,member -r (|((objectCategory=Group)(objectClass=Group)(|(groupType=-2147483644)(groupType=-2147483646)(groupType=-2147483640
-j c:\tmp





Enumerate Distribution Groups and Member in Domain



csvde -f
c:\tmp\DistributionLists.csv -p subtree -l cn,mail,member -r (|((objectCategory=Group)(objectClass=Group)(|(groupType=8)(groupType=4)(groupType=2
-j c:\tmp

RE: [ActiveDir] Enumerating Group type and Mebership...

2006-07-25 Thread Ken Schaefer









Hi,



Try these (if you dont get any better answers from the
gurus):



For just groups and their membership (batch file)



dsquery group  all-groups.txt
for /f tokens=1* delims=} %a in (all-groups.txt) do @(echo GROUP:%a
 dsget group %a -members)  group-members.txt



For groups, type and membership (vbs file):



' To output to a text file use:

' cscript //nologo test.vbs  filename.txt



Option Explicit



Dim objConn '
ADODB.Connection

Dim objCommand ' ADODB.Command

Dim objRS '
ADODB.Recordset

Dim objRootDSE ' RootDSE

Dim objGroup ' AD Group

Dim strDNSDomain ' String

Dim strQuery ' String

Dim strDN '
String





' Bind to the Root Container

Set objConn = CreateObject(ADODB.Connection)

objConn.Provider = ADsDSOObject

objConn.Open Active Directory Provider



' Create our Command Object

Set objCommand = CreateObject(ADODB.Command)

Set objCommand.ActiveConnection = objConn





' Determine the DNS domain from the RootDSE object.

Set objRootDSE = GetObject(LDAP://RootDSE)

strDNSDomain = objRootDSE.Get(defaultNamingContext)



' Search for all groups, return the Distinguished Name of each.

strQuery = LDAP://  strDNSDomain 
;(objectClass=group);distinguishedName;subtree

objCommand.CommandText = strQuery

objCommand.Properties(Page Size) = 100

objCommand.Properties(Timeout) = 30

objCommand.Properties(Cache Results) = False



Set objRS = objCommand.Execute

If objRS.EOF Then

 Wscript.Echo No groups found

 objConn.Close

 Set objRootDSE = Nothing

 Set objConn = Nothing

 Set objCommand = Nothing

 Set objRS = Nothing

 Wscript.Quit

End If



' Enumerate all groups, bind to each, and document group
members.

Do Until objRS.EOF

 strDN = objRS.Fields(distinguishedName)

 Set objGroup = GetObject(LDAP://  strDN)

 'Wscript.Echo objGroup.sAMAccountName  
(  GetType(objGroup.groupType)  )

 'If objGroup.GroupType = 2 or objGroup.GroupType = 4 or
objGroup.GroupType = 8 then

 Wscript.Echo objGroup.sAMAccountName
  (  GetType(objGroup.groupType)  )

 Call GetMembers(objGroup)

 'End If

 objRS.MoveNext

Loop



' Clean up.

objConn.Close

Set objRootDSE = Nothing

Set objGroup = Nothing

Set objConn = Nothing

Set objCommand = Nothing

Set objRS = Nothing



Function GetType(intType)

' Function to determine group type from the GroupType attribute.

 If (intType And h01)  0 Then

 GetType = Built-in

 ElseIf (intType And h02)  0 Then

 GetType = Global

 ElseIf (intType And h04)  0 Then

 GetType = Local

 ElseIf (intType And h08)  0 Then

 GetType = Universal

 End If

 If (intType And h8000)  0 Then

 GetType = GetType  /Security

 Else

 GetType = GetType 
/Distribution

 End If

End Function



Sub GetMembers(objADObject)

' Subroutine to document group membership.

' Members can be users or groups.

 Dim objMember, strType

 For Each objMember In objADObject.Members

 If UCase(Left(objMember.objectCategory, 8)) =
CN=GROUP Then

 strType = Group

 Else

 strType = User

 End If

 Wscript.Echo  Member:
  objMember.sAMAccountName _

   ( 
strType  )

 Next

 WScript.Echo 

 Set objMember = Nothing

End Sub



Cheers
Ken





--

My IIS Blog: www.adOpenStatic.com/cs/blogs/ken

Tech.Ed Sydney: learn all about IIS 7.0 - See you there!











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Mike Hogenauer
Sent: Wednesday, 26 July 2006 7:12 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Enumerating Group type and Mebership...







Were medium size  and yes someone does want a
current outdated list J - 

Just trying to make it happen. 





From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Matt Hargraves
Sent: Tuesday, July 25, 2006 2:02 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Enumerating Group type and Mebership...





You either have a small
environment or someone wants a document that will be completely outdated 12
minutes after it's compiled.

Though just to be honest, I'd love to be able to click on a '+' on groups and
show their members and continue to follow the '+' if there is nesting.
That would be an awesome feature in the ADUC. Maybe I should submit that
feature request to Quest and Microsoft. 



On 7/25/06, Mike Hogenauer
[EMAIL PROTECTED] wrote:







I need all Security Groups and Distribution
groups  and their members 



Thanks Laura!







From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Laura A. Robinson
Sent: Tuesday, July 25, 2006 12:00 PM






To: ActiveDir@mail.activedir.org





Subject: RE: [ActiveDir] Enumerating Group type and
Mebership...













What is everything [you]
need, specifically?











Thanks,











Laura













From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mike Hogenauer
Sent: Tuesday, July 25, 2006 2:49 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] Enumerating Group type and Mebership...

All, 



I'm trying to enumerate all groups in my AD environment. I need to get Group
name group type and group members

RE: [ActiveDir] Enumerating Group type and Mebership...

2006-07-25 Thread Marcus.Oh









Dsquery group limit 0| dsget
group members



I think that works (not near AD env).





Adfind b domain root -f (objectcategory=group) cn
members



Something like that 





:m:dsm:cci:mvp|
marcusoh.blogspot.com









From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Ken Schaefer
Sent: Tuesday, July 25, 2006 8:48 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Enumerating Group type and Mebership...







Hi,



Try these (if you dont get any better answers from the gurus):



For just groups and their membership (batch file)



dsquery group  all-groups.txt
for /f tokens=1* delims=} %a in (all-groups.txt) do @(echo GROUP:%a
 dsget group %a -members)  group-members.txt



For groups, type and membership (vbs file):



' To output to a text file use:

' cscript //nologo test.vbs  filename.txt



Option Explicit



Dim objConn '
ADODB.Connection

Dim objCommand ' ADODB.Command

Dim objRS '
ADODB.Recordset

Dim objRootDSE ' RootDSE

Dim objGroup ' AD Group

Dim strDNSDomain ' String

Dim strQuery ' String

Dim strDN '
String





' Bind to the Root Container

Set objConn = CreateObject(ADODB.Connection)

objConn.Provider = ADsDSOObject

objConn.Open Active Directory Provider



' Create our Command Object

Set objCommand = CreateObject(ADODB.Command)

Set objCommand.ActiveConnection = objConn





' Determine the DNS domain from the RootDSE object.

Set objRootDSE = GetObject(LDAP://RootDSE)

strDNSDomain = objRootDSE.Get(defaultNamingContext)



' Search for all groups, return the Distinguished Name of each.

strQuery = LDAP://  strDNSDomain 
;(objectClass=group);distinguishedName;subtree

objCommand.CommandText = strQuery

objCommand.Properties(Page Size) = 100

objCommand.Properties(Timeout) = 30

objCommand.Properties(Cache Results) = False



Set objRS = objCommand.Execute

If objRS.EOF Then

 Wscript.Echo No groups found

 objConn.Close

 Set objRootDSE = Nothing

 Set objConn = Nothing

 Set objCommand = Nothing

 Set objRS = Nothing

 Wscript.Quit

End If



' Enumerate all groups, bind to each, and document group
members.

Do Until objRS.EOF

 strDN = objRS.Fields(distinguishedName)

 Set objGroup = GetObject(LDAP://  strDN)

 'Wscript.Echo objGroup.sAMAccountName  
(  GetType(objGroup.groupType)  )

 'If objGroup.GroupType = 2 or objGroup.GroupType = 4 or
objGroup.GroupType = 8 then

 Wscript.Echo objGroup.sAMAccountName
  (  GetType(objGroup.groupType)  )

 Call GetMembers(objGroup)

 'End If

 objRS.MoveNext

Loop



' Clean up.

objConn.Close

Set objRootDSE = Nothing

Set objGroup = Nothing

Set objConn = Nothing

Set objCommand = Nothing

Set objRS = Nothing



Function GetType(intType)

' Function to determine group type from the GroupType attribute.

 If (intType And h01)  0 Then

 GetType = Built-in

 ElseIf (intType And h02)  0 Then

 GetType = Global

 ElseIf (intType And h04)  0 Then

 GetType = Local

 ElseIf (intType And h08)  0 Then

 GetType = Universal

 End If

 If (intType And h8000)  0 Then

 GetType = GetType  /Security

 Else

 GetType = GetType 
/Distribution

 End If

End Function



Sub GetMembers(objADObject)

' Subroutine to document group membership.

' Members can be users or groups.

 Dim objMember, strType

 For Each objMember In objADObject.Members

 If UCase(Left(objMember.objectCategory, 8)) =
CN=GROUP Then

 strType = Group

 Else

 strType = User

 End If

 Wscript.Echo  Member:
  objMember.sAMAccountName _

   ( 
strType  )

 Next

 WScript.Echo 

 Set objMember = Nothing

End Sub



Cheers
Ken





--

My IIS Blog: www.adOpenStatic.com/cs/blogs/ken

Tech.Ed Sydney: learn all about IIS 7.0 - See you there!











From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Mike Hogenauer
Sent: Wednesday, 26 July 2006 7:12 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] Enumerating Group type and Mebership...







Were medium size  and yes someone does want a current outdated
list J - 

Just trying to make it happen. 





From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Matt Hargraves
Sent: Tuesday, July 25, 2006 2:02 PM
To: ActiveDir@mail.activedir.org
Subject: Re: [ActiveDir] Enumerating Group type and Mebership...





You either have a small
environment or someone wants a document that will be completely outdated 12
minutes after it's compiled.

Though just to be honest, I'd love to be able to click on a '+' on groups and
show their members and continue to follow the '+' if there is nesting.
That would be an awesome feature in the ADUC. Maybe I should submit that
feature request to Quest and Microsoft. 



On 7/25/06, Mike Hogenauer
[EMAIL PROTECTED] wrote:







I need all Security Groups and Distribution
groups  and their members 



Thanks Laura!







From: [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED]] On Behalf Of Laura A. Robinson
Sent: Tuesday, July 25, 2006 12:00 PM






To: ActiveDir@mail.activedir.org





Subject: RE: [ActiveDir] Enumerating Group type and
Mebership

Re: [ActiveDir] Enumerating Group type and Mebership...

RE: [ActiveDir] Enumerating Group type and Mebership...

RE: [ActiveDir] Enumerating Group type and Mebership...

Re: [ActiveDir] Enumerating Group type and Mebership...

RE: [ActiveDir] Enumerating Group type and Mebership...

[ActiveDir] Enumerating Group type and Mebership...

RE: [ActiveDir] Enumerating Group type and Mebership...

Re: [ActiveDir] Enumerating Group type and Mebership...

RE: [ActiveDir] Enumerating Group type and Mebership...

Re: [ActiveDir] Enumerating Group type and Mebership...

RE: [ActiveDir] Enumerating Group type and Mebership...

Re: [ActiveDir] Enumerating Group type and Mebership...

RE: [ActiveDir] Enumerating Group type and Mebership...

RE: [ActiveDir] Enumerating Group type and Mebership...

RE: [ActiveDir] Enumerating Group type and Mebership...

15 matches

Site Navigation

Mail list logo

Footer information