Now that I’m kind-of an IT guy, I had to set up some users and groups on our Windows 2000 Server. I wanted to list out all the groups I created and their members, but there doesn’t seem to be that facility in the Active Directory utilities. At least for someone who’s only half way through the book. A little Google help and I was off and running:
Dim oServer As IADsContainer
Dim oGroup As IADs ‘keep general as can be users or groups
Dim oUser As IADs ‘keep general as can be users or groups
‘change sDomain to actual names
Const sDomain As String = “Domain/ServerName”
Const sPath As String = “WinNT://”
Set oServer = GetObject(sPath & sDomain & “,computer”)
‘Loop through all the entities, but act only on groups
For Each oGroup In oServer
If oGroup.Class = “Group” Then
‘This identifies the groups that I set up, so delete it if you want
If Left$(oGroup.Name, 1) = “g” Or Left$(oGroup.Name, 2) = “dl” Then
Debug.Print oGroup.Name & “: “ & oGroup.Description
For Each oUser In oGroup.Members
I’m not going to claim that this is the most efficient method. I think you can use the Filter method of oServer to limit the container to just Groups like
oServer.Filter("Groups") but I didn’t try it myself. Also, I couldn’t get the .FullName property of oUser and I’m not sure why. Basically, this is a composite of about five examples I found on Google Groups so I don’t pretend to understand it completely.
To use this code, set a reference to Active DS Type Library.
2 thoughts on “Active Directory”
I did pretty much the same activity last week. Needed to rationalise the number of logon scripts we still use.
I dumped a list of users
Set objDomain = GetObject(“WinNT://” & sDomain)
objDomain.Filter = Array(“User”)
For Each objUser In objDomain
rng.Value = objUser.Name
rng.Offset(0, 1).Value = objUser.FullName
rng.Offset(0, 2).Value = objUser.LoginScript
Set rng = rng.Offset(1)
My code probably isnt the tidiest, but it worked and I only needed it once… handy!
Rob: It wouldn’t let me get the FullName property because of a permission error. I suppose I could log on my local machine as a domain administrator, but just to get the FullName? Seems silly.
Posting code? Use <pre> tags for VBA and <code> tags for inline.