7.2. Viewing the Direct Members of a Group

Problem

You want to view the direct members of a group.

Solution

Using a graphical user interface

  1. Open the Active Directory Users and Computers snap-in.

  2. If you need to change domains, right-click on Active Directory Users and Computers in the left pane, select Connect to Domain, enter the domain name, and click OK.

  3. In the left pane, right-click on the domain and select Find.

  4. Enter the name of the group and click Find Now.

  5. Double-click on the group in the bottom results pane.

  6. Click the Members tab.

Using a command-line interface

> dsget group "<GroupDN>" -members

Using VBScript

' This code prints the direct members of the specified group.
' ------ SCRIPT CONFIGURATION ------
strGroupDN = "<GroupDN>" ' e.g. cn=SalesGroup,ou=Groups,dc=rallencorp,dc=com
' ------ END CONFIGURATION ---------

set objGroup = GetObject("LDAP://" & strGroupDN)
Wscript.Echo "Members of " & objGroup.Name & ":"
for each objMember in objGroup.Members
   Wscript.Echo objMember.Name
next

Discussion

The member attribute of a group object contains the distinguished names of the direct members of the group. By direct members, I mean the members that have been directly added to the group. This is in contrast to indirect group members, which are members of the group due to nested group membership. See Recipe 7.3 for how to find the nested membership of a group.

See Also

Recipe 7.3 for viewing nested group membership

Get Active Directory Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial