Active Directory

Now that I’m kind-of an IT guy, I had to set up some users and groups on our Windows 2000 Server. I wanted to list out all the groups I created and their members, but there doesn’t seem to be that facility in the Active Directory utilities. At least for someone who’s only half way through the book. A little Google help and I was off and running:

Sub ListGroupUsers()
 
    Dim oServer As IADsContainer
    Dim oGroup As IADs ‘keep general as can be users or groups
   Dim oUser As IADs ‘keep general as can be users or groups

    ‘change sDomain to actual names
   Const sDomain As String = “Domain/ServerName”
    Const sPath As String = “WinNT://”
   
    Set oServer = GetObject(sPath & sDomain & “,computer”)
   
    ‘Loop through all the entities, but act only on groups
   For Each oGroup In oServer
        If oGroup.Class = “Group” Then
            ‘This identifies the groups that I set up, so delete it if you want
           ‘all groups
           If Left$(oGroup.Name, 1) = “g” Or Left$(oGroup.Name, 2) = “dl” Then
                Debug.Print oGroup.Name & “: “ & oGroup.Description
                Debug.Print “—————————————————–“
                For Each oUser In oGroup.Members
                    Debug.Print oUser.Name
                Next oUser
                Debug.Print
            End If
        End If
    Next oGroup
End Sub

I’m not going to claim that this is the most efficient method. I think you can use the Filter method of oServer to limit the container to just Groups like oServer.Filter("Groups") but I didn’t try it myself. Also, I couldn’t get the .FullName property of oUser and I’m not sure why. Basically, this is a composite of about five examples I found on Google Groups so I don’t pretend to understand it completely.

To use this code, set a reference to Active DS Type Library.

Posted in Uncategorized

2 thoughts on “Active Directory

  1. I did pretty much the same activity last week. Needed to rationalise the number of logon scripts we still use.

    I dumped a list of users

        Set objDomain = GetObject(“WinNT://” & sDomain)
        objDomain.Filter = Array(“User”)

        For Each objUser In objDomain
            rng.Value = objUser.Name
            rng.Offset(0, 1).Value = objUser.FullName
            rng.Offset(0, 2).Value = objUser.LoginScript
            Set rng = rng.Offset(1)
        Next

    My code probably isnt the tidiest, but it worked and I only needed it once… handy!

  2. Rob: It wouldn’t let me get the FullName property because of a permission error. I suppose I could log on my local machine as a domain administrator, but just to get the FullName? Seems silly.

Leave a Reply

Your email address will not be published. Required fields are marked *