September 2003
Intermediate to advanced
624 pages
15h 49m
English
Content preview from Active Directory CookbookBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
7.3. Viewing the Nested Members of a Group
Problem
You want to view the nested members of a group.
Solution
Using a graphical user interface
Open the Active Directory Users and Computers snap-in.
If you need to change domains, right-click on Active Directory Users and Computers in the left pane, select Connect to Domain, enter the domain name, and click OK.
In the left pane, right-click on the domain and select Find.
Enter the name of the group and click Find Now.
Double-click on the group in the bottom results pane.
Click the Members tab.
You now have to double-click on each group member to view its membership.
Using a command-line interface
> dsget group "<GroupDN>" -members -expandUsing VBScript
' This code prints the nested membership of a group.
' ------ SCRIPT CONFIGURATION ------
strGroupDN = "<GroupDN>" ' e.g. cn=SalesGroup,ou=Groups,dc=rallencorp,dc=com ' ------ END CONFIGURATION --------- strSpaces = " " set dicSeenGroupMember = CreateObject("Scripting.Dictionary") Wscript.Echo "Members of " & strGroupDN & ":" DisplayMembers "LDAP://" & strGroupDN, strSpaces, dicSeenGroupMember Function DisplayMembers ( strGroupADsPath, strSpaces, dicSeenGroupMember) set objGroup = GetObject(strGroupADsPath) for each objMember In objGroup.Members Wscript.Echo strSpaces & objMember.Name if objMember.Class = "group" then if dicSeenGroupMember.Exists(objMember.ADsPath) then Wscript.Echo strSpaces & " ^ already seen group member " & _ "(stopping to avoid loop)" else dicSeenGroupMember.Add objMember.ADsPath, ...