|
|
ICC Home / Members / Meetings / Peer Support / Documentation / Projects
GetGroupsForUser cmd-line scriptReturn to IT/SA Services Documentation Home |
UsageSave Wayne's code (following) as "GetGroupsForUser.vbs" and run from an ADMN-elevated cmd.exe console: D:\batch>Cscript GetGroupsForUser.vbs <username> Since a user has access to their own group memberships, anyone can do this from the Run box for themselves via: cmd /K Cscript \\ad.ufl.edu\netlogon\ifas\entnem\GetGroupsForUser.vbs %username% Source code
' Display the group membership of a user
' code keeps track of the groups that have already been seen.
' Pretty output hacked in to make nested groups readable
'if you set the strUserDN manually
'strUserDN = "CN=username,OU=XXXXX,OU=XXXXX,OU=Departments,OU=UF,DC=ad,DC=ufl,DC=edu"
force_cscript
sub force_cscript
dim args : args=""
dim i, wshshell
If right(lCase(wscript.fullname),11)= "wscript.exe" then
for i=0 to wscript.arguments.count-1
args = args & wscript.arguments(i) & " "
next
set wshshell=createobject("wscript.shell")
wshshell.run wshshell.ExpandEnvironmentStrings("%comspec%") & _
" /k cscript.exe //nologo """ & wscript.scriptfullname & """" & " " & args 'change to /k for stay
set wshshell=nothing
wscript.quit
end if
end sub
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
If (Wscript.Arguments.Count < 1) Then
Wscript.Echo "Required Parameter (username) missing"
Wscript.Quit
End If
strUser = Wscript.Arguments(0)
wscript.echo "Location of " & strUser & " in UFAD:", vbCRLF
objCommand.CommandText = _
"SELECT distinguishedName FROM 'LDAP://DC=ad,DC=ufl,DC=edu' WHERE objectCategory='user' " & _
"AND sAMAccountName='" & strUser & "'"
Set objRecordSet = objCommand.Execute
StrUserDN = objRecordSet.Fields("distinguishedName").Value
Canonical= Replace(StrUserDN, "DC=ad,DC=ufl,DC=edu", "")
Canonical=split(Canonical, ",")
For Each Part in Canonical
Part = replace(part, "CN=", "\")
Part = replace(part, "OU=UF", "UF")
Part = replace(part, "OU=", "\")
CanonicalName = Part & CanonicalName
Next
wscript.echo CanonicalName, vbCRLF
size = 0
set objUser = GetObject("LDAP://" & strUserDN)
strSpaces = ""
set dicSeenGroup = CreateObject("Scripting.Dictionary")
wscript.echo " Groups are members of their children."
wscript.echo " Child nodes show indirect membership."
wscript.echo " Nodes with (SEEN) suffix have already been traversed.", vbCRLF
'Wscript.Echo "Group membership for " & objUser.Get("cn") & ":", vbCRLF
DisplayGroups "LDAP://" & strUserDN, strSpaces, dicSeenGroup, size
Function DisplayGroups ( strObjectADsPath, strSpaces, dicSeenGroup, size)
set objObject = GetObject(strObjectADsPath)
on error resume next ' Doing this to avoid an error when memberOf is empty
if IsArray( objObject.Get("memberOf") ) then
colGroups = objObject.Get("memberOf")
else
colGroups = Array( objObject.Get("memberOf") )
end if
For i = (UBound(colGroups) - 1) to 0 Step -1
For j= 0 to i
If UCase(colGroups(j)) > UCase(colGroups(j+1)) Then
strHolder = colGroups(j+1)
colGroups(j+1) = colGroups(j)
colGroups(j) = strHolder
End If
Next
Next
if isarray(colGroups) then
kids = ubound(colGroups)+1
else
kids = 0
end if
strPretty = strSpaces & "\"
if (size=0 and kids>0) then
strSpaces = strSpaces & " "
else
if (size=0 and kids=0) then
strSpaces = strSpaces & "|"
else
strPretty = strSpaces & "|"
strSpaces = strSpaces & "|"
end if
end if
strOutput = strPretty & "- " & objObject.Get("cn") 'delete4debug & " S:" & size & " K:" & kids
WScript.Echo strOutput
for each strGroupDN In colGroups
kids = kids - 1
if Not dicSeenGroup.Exists(strGroupDN) then
dicSeenGroup.Add strGroupDN, 1
DisplayGroups "LDAP://" & strGroupDN, strSpaces & " ", dicSeenGroup, kids
else
if not isempty(strGroupDN) then
set objTemp = GetObject("LDAP://" & strGroupDN)
strOutput1 = strSpaces & " !- " & objTemp.Get("cn") & " (SEEN)"
wscript.echo strOutput1
end if
end if
next
End Function
|
last edited 1 May 2008 by Steve Lasley