Monday, August 23, 2010

Get All Users in Group

In this post I will be showing you three easy ways to get all users in an Active Directory group.

Method 1 - dsget

Using "dsget" with the following syntax.

dsget group "DN_of_group" -members -expand > userlist.txt

for example:

dsget group "CN=My Group,OU=Security Groups,DC=domain,DC=local" -members -expand > c:\usersingroup.txt

This method shows all users with their full distinguishedName attribute in the results.

Method 2 - net group

Use the "net group" command.

net group "groupname" /domain > c:\usersingroup.txt

This method will show the user logon name for each member of the labelled group. This method does not need you to specify the distinguished name of the group.

Method 3 - vbs

The third method I will be showing you is by using a simple VBS script. Enter the following text into notepad and save it as a vbs file. Make sure you correct the domain name to your domain and enter the group name next to it.

Set oGroup = getobject("WinNT://domain.local/" & "group name")
For Each oMember in oGroup.Members
WScript.Echo oMember.FullName
Next


To run the script open a command prompt, navigate to the script. Run the following command:

cscript scriptname.vbs > c:\usersingroup.txt

This script above displays the users display name. If you want the script to show the users username change oMember.FullName to oMember.Name.

No comments:

Post a Comment