Getting a list of users in an AD Group. using Vbscript.

I much prefer using Quest to do this (see this post), but I needed to use Vbscript as I had to output the results into an Excel spreadsheet.

If you look around the internet, you’ll find plenty of examples of how to do that.

But when I ran the following code on my system, it failed:
For Each objUser in objGroup.Members
    Wscript.Echo "Name: " & objUser.DisplayName
    Wscript.Echo "Department: " & objUser.department
    Wscript.Echo "Street address: " & objUser.streetAddress
    Wscript.Echo "Title: " & objUser.title
    Wscript.Echo "Description: " & objUser.description
    Wscript.Echo “Account Disabled?: “ & objUser.AccountDisabled
    Wscript.Echo
Next

After much head scratching, I realised that another AD Group was a member of the current group, AND AD Groups do not have a AccountDisabled attribute.

The solution was to check the class attribute to see if the group member was a “user” or something else.
For Each objUser in objGroup.Members
    Wscript.Echo "Name: " & objUser.DisplayName
    Wscript.Echo "Department: " & objUser.department
    Wscript.Echo "Street address: " & objUser.streetAddress
    Wscript.Echo "Title: " & objUser.title
    Wscript.Echo "Description: " & objUser.description
    If LCase(objUser.class) = “user” Then
        Wscript.Echo “Account Disabled?: “ & objUser.AccountDisabled
    Else
        Wscript.Echo “I am a AD Group. “
    End If
    Wscript.Echo
Next

References:
How Can I Return Information For Each Member in a Group? (Hey Scripting Guy! Blog)
User Attributes – Inside Active Directory by Sakari Kouti
Active Directory Explorer by Sysinternals

Related posts:

1. VBscript to get the system uptime from a group of computers
2. Getting a list of users in an Active Directory group.
3. Group Policy and WMI filtering slowness.

YARPP powered by AdBistro

Powered byImage may be NSFW.
Clik here to view.