HomeActive DirectoryVB Script To List Members of AD Groups

VB Script To List Members of AD Groups

Software Effect Enterprises, Inc Posted on by 
strScanGroups = "Domain Admins,Enterprise Admins,Schema Admins"

strSMTPRelay = "relay.yourcompany.corp"
strFrom = "Administrator@yourcompany.com"
strTo = "helpdesk@yourcompany.com"


Dim rootDSE, domainObject, adDomain, mailDomain
Set rootDSE = GetObject("LDAP://RootDSE")
domainContainer = rootDSE.Get("defaultNamingContext")
Set domainObject = GetObject("LDAP://" & domainContainer)

Set fs = CreateObject ("Scripting.FileSystemObject")
Set outFile = fs.CreateTextFile (".\AdminGroupReport.txt")

arrGroups = Split(strScanGroups, ",")
strPad = "                                       "

scanDomain(domainObject)
outFile.Close


strTextBody = "Attached is the report listing members in key admin groups." & vbCRLF & vbCRLF & vbCRLF
strTextBody = strTextBody & "These groups include: " & vbCRLF & vbCRLF
For x = 0 to UBound(arrGroups)
	strTextBody = strTextBody & arrGroups(x) & vbCRLF
Next

Set objMessage = CreateObject("CDO.Message")
objMessage.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2 
objMessage.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = strSMTPRelay
objMessage.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25 
objMessage.Configuration.Fields.Update

objMessage.Subject = "Admin User Report for " & Now()
objMessage.From = strFrom
objMessage.To = strTo
objMessage.TextBody = strTextBody
objMessage.AddAttachment Replace(WScript.ScriptFullName, WScript.ScriptName, "") & "AdminGroupReport.txt"

objMessage.Send


Wscript.Echo "Done!"


Sub scanDomain(oObject)
	Dim oAD
	For Each oAD in oObject
		Select Case oAD.Class
			Case "group"
				For x = 0 to UBound(arrGroups)
					If UCase(arrGroups(x)) = UCase(oAD.sAMAccountName) or arrGroups(x) = "*" then
						outFile.WriteLine
						outFile.WriteLine "----------------------------------------------------------------------------------------------------------"
						outFile.WriteLine "Group: " & Replace(oAD.Name, "CN=" ,"")

						oAD.GetInfo
						On Error Resume Next
						arrMemberOf = oAD.GetEx("member")
						If Err.Number = 0 then
							Err.Clear
							For Each strMember in arrMemberOf
								Set oUser = GetObject("LDAP://" & strMember)
								
								If Err.Number <> 0 Then
									outFile.WriteLine "     " & strMember & Left(strPad, 80 - Len(strMember)) & "User Status Unknown"
									Err.Clear
								Else
									If oUser.AccountDisabled = TRUE then
										strStatus = "Account Disabled"
									Else
										strStatus = ""
									End If
									outFile.WriteLine "     " & oUser.sAMAccountName & Left(strPad, 40 - Len(oUser.sAMAccountName)) & oUser.displayName & Left(strPad, 40 - Len(oUser.displayName)) & strStatus
								End If
							Next           
						Else
							Err.Clear
						End If
						On Error Goto 0
					End If
				Next
			Case "organizationalUnit"
				scanDomain(oAD)
			Case "container"
				scanDomain(oAD)
		End Select
	Next
End Sub

Comments are closed.