September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
7.2. Viewing the Direct Members of a Group
Problem
You want to view the direct members of a group.
Solution
Using a graphical user interface
Open the Active Directory Users and Computers snap-in.
If you need to change domains, right-click on Active Directory Users and Computers in the left pane, select Connect to Domain, enter the domain name, and click OK.
In the left pane, right-click on the domain and select Find.
Enter the name of the group and click Find Now.
Double-click on the group in the bottom results pane.
Click the Members tab.
Using a command-line interface
> dsget group "<GroupDN>" -membersUsing VBScript
' This code prints the direct members of the specified group.
' ------ SCRIPT CONFIGURATION ------
strGroupDN = "<GroupDN>" ' e.g. cn=SalesGroup,ou=Groups,dc=rallencorp,dc=com
' ------ END CONFIGURATION ---------
set objGroup = GetObject("LDAP://" & strGroupDN)
Wscript.Echo "Members of " & objGroup.Name & ":"
for each objMember in objGroup.Members
Wscript.Echo objMember.Name
nextDiscussion
The member attribute of a group
object contains the distinguished names of the direct members of the
group. By direct members, I mean the members that have been directly
added to the group. This is in contrast to indirect group members,
which are members of the group due to nested group membership. See
Recipe 7.3 for how to find the nested
membership of a group.
See Also
Recipe 7.3 for viewing nested group membership