Re: [ActiveDir] Need some user/group tools...
Hyena from http://www.systemtools.com/ is a great tool for doing this, in fact it can do a lot more =) We use it for compliance reporting, we build up reports including folder ACL's, local group membership, and AD group membership including nested group membership. It has some pretty powerful filtering tools and can save objects so you can run multiple reports while only hitting your DC's once. I don't work for them, just a satisfied admin who likes the productivity boost from good tools =) Thanks, Andrew Fidel "Matt Hargraves" <[EMAIL PROTECTED]> Sent by: [EMAIL PROTECTED] 08/01/2006 07:28 PM Please respond to ActiveDir@mail.activedir.org To ActiveDir@mail.activedir.org cc Subject [ActiveDir] Need some user/group tools... This might be something that I can do with a combination of scripts, though I'm not sure where I'd get them from. 1) I need to be able to export a list of users (the userID is fine) with their group memberships. (AD objects) 2) I need to be able to export a list of groups with their list of members and memberships. (AD objects) 3) I need to be able to export a list of groups with their list of members and memberships. (NT objects) Once I get all of that information, I need to 'connect the dots' between domains to determine overall group membership (across domains), including nesting. If the tool doesn't exist to do this last part I'm sure I can find someone to do the gruntwork of putting together a _vbscript_ to do the grunt work of it in Access or something like that. Preferably all of this would go into CSV files so that it can go into Access or maybe pull it all into SQL. Thanks for any help that can be provided.
RE: [ActiveDir] Need some user/group tools...
I threw this together for ya to help out: :-) strUser = ""strComputer = ""strPath = "WinNT://" & strComputer & "/" & strUser & ",group"wscript.echo "Path: " & strPathwscript.echoSet objUser = GetObject(strPath)Set objClass = GetObject(objUser.Schema)'on error resume nextWScript.Echo "Mandatory properties for " & objUser.Name & ":"For Each property In objClass.MandatoryProperties wscript.stdout.write property & vbTab WScript.stdout.write objUser.Get(property) wscript.echoNextWScript.Echo "Optional properties for " & objUser.Name & ":"For Each property In objClass.OptionalProperties wscript.stdout.write property & vbTab WScript.stdout.write Typename (objUser.Get(property)) & vbTab WScript.stdout.write objUser.Get(property) wscript.echoNext set arr = objUser.Membersfor each str in arr wscript.echo str.Class & " " & str.namenext From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt HargravesSent: Tuesday, August 01, 2006 11:02 PMTo: ActiveDir@mail.activedir.orgSubject: Re: [ActiveDir] Need some user/group tools... That's not even fair I own that book already.I was hoping to avoid doing the scripting part... but that being said, how much of that will work in NT domains to get groups and their members/memberships? On 8/1/06, Michael B. Smith <[EMAIL PROTECTED]> wrote: You can certainly get all the piece parts from here: http://rallenhome.com/books/adcookbook/code.html And you can use joe's wonderful adfind (or dsquery if you were to insist) to do much of the gruntwork. I show you some examples here: http://blogs.brnets.com/michael/archive/2004/06/24/168.aspx From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt HargravesSent: Tuesday, August 01, 2006 7:29 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Need some user/group tools... This might be something that I can do with a combination of scripts, though I'm not sure where I'd get them from.1) I need to be able to export a list of users (the userID is fine) with their group memberships. (AD objects) 2) I need to be able to export a list of groups with their list of members and memberships. (AD objects)3) I need to be able to export a list of groups with their list of members and memberships. (NT objects) Once I get all of that information, I need to 'connect the dots' between domains to determine overall group membership (across domains), including nesting. If the tool doesn't exist to do this last part I'm sure I can find someone to do the gruntwork of putting together a _vbscript_ to do the grunt work of it in Access or something like that.Preferably all of this would go into CSV files so that it can go into Access or maybe pull it all into SQL.Thanks for any help that can be provided.
Re: [ActiveDir] Need some user/group tools...
That's not even fair I own that book already.I was hoping to avoid doing the scripting part... but that being said, how much of that will work in NT domains to get groups and their members/memberships? On 8/1/06, Michael B. Smith <[EMAIL PROTECTED]> wrote: You can certainly get all the piece parts from here: http://rallenhome.com/books/adcookbook/code.html And you can use joe's wonderful adfind (or dsquery if you were to insist) to do much of the gruntwork. I show you some examples here: http://blogs.brnets.com/michael/archive/2004/06/24/168.aspx From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Matt HargravesSent: Tuesday, August 01, 2006 7:29 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Need some user/group tools... This might be something that I can do with a combination of scripts, though I'm not sure where I'd get them from.1) I need to be able to export a list of users (the userID is fine) with their group memberships. (AD objects) 2) I need to be able to export a list of groups with their list of members and memberships. (AD objects)3) I need to be able to export a list of groups with their list of members and memberships. (NT objects) Once I get all of that information, I need to 'connect the dots' between domains to determine overall group membership (across domains), including nesting. If the tool doesn't exist to do this last part I'm sure I can find someone to do the gruntwork of putting together a _vbscript_ to do the grunt work of it in Access or something like that.Preferably all of this would go into CSV files so that it can go into Access or maybe pull it all into SQL.Thanks for any help that can be provided.
RE: [ActiveDir] Need some user/group tools...
You can certainly get all the piece parts from here: http://rallenhome.com/books/adcookbook/code.html And you can use joe's wonderful adfind (or dsquery if you were to insist) to do much of the gruntwork. I show you some examples here: http://blogs.brnets.com/michael/archive/2004/06/24/168.aspx From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matt HargravesSent: Tuesday, August 01, 2006 7:29 PMTo: ActiveDir@mail.activedir.orgSubject: [ActiveDir] Need some user/group tools... This might be something that I can do with a combination of scripts, though I'm not sure where I'd get them from.1) I need to be able to export a list of users (the userID is fine) with their group memberships. (AD objects) 2) I need to be able to export a list of groups with their list of members and memberships. (AD objects)3) I need to be able to export a list of groups with their list of members and memberships. (NT objects) Once I get all of that information, I need to 'connect the dots' between domains to determine overall group membership (across domains), including nesting. If the tool doesn't exist to do this last part I'm sure I can find someone to do the gruntwork of putting together a _vbscript_ to do the grunt work of it in Access or something like that.Preferably all of this would go into CSV files so that it can go into Access or maybe pull it all into SQL.Thanks for any help that can be provided.
[ActiveDir] Need some user/group tools...
This might be something that I can do with a combination of scripts, though I'm not sure where I'd get them from.1) I need to be able to export a list of users (the userID is fine) with their group memberships. (AD objects) 2) I need to be able to export a list of groups with their list of members and memberships. (AD objects)3) I need to be able to export a list of groups with their list of members and memberships. (NT objects) Once I get all of that information, I need to 'connect the dots' between domains to determine overall group membership (across domains), including nesting. If the tool doesn't exist to do this last part I'm sure I can find someone to do the gruntwork of putting together a _vbscript_ to do the grunt work of it in Access or something like that.Preferably all of this would go into CSV files so that it can go into Access or maybe pull it all into SQL.Thanks for any help that can be provided.
