Get ONLY child groups from group

[Geates]

I am querying LDAP to get child objects. I'd like to only get group objects but my query returns all children objects. What is my query missing

set objCommand = CreateObject("ADODB.Command")
set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection

strQuery = [red]"SELECT Member FROM 
'LDAP://OU=Groups,DC=xxx,DC=xxx,DC=xxx' WHERE objectCategory='group' AND cn='vmview'"[/red]
objCommand.CommandText = strQuery
set objRecordSet = objCommand.Execute

The query returns

CN=Group1,OU=Groups,DC=xxx,DC=xxx,DC=xxx
CN=Group2,OU=Groups,DC=xxx,DC=xxx,DC=xxx
CN=User1,OU=User,DC=xxx,DC=xxx,DC=xxx

but would like

CN=Group1,OU=Groups,DC=xxx,DC=xxx,DC=xxx
CN=Group2,OU=Groups,DC=xxx,DC=xxx,DC=xxx

I could script this output but would prefer to get it from a query.

-Geates


"I hope I can chill and see the change - stop the bleed inside and feel again. Cut the chain of lies you've been feeding my veins; I've got nothing to say to you!"
-Infected Mushroom

"I do not offer answers, only considerations."
- Geates's Disclaimer

 

[markdmac]

Hi Geates,

If you take a look at the member property in ADSIEdit you will see that it only lists the LDAP for each member, so you would need to bind to each member object to get its object category or class type.

GroupLDAP = SearchDistinguishedName("DomainLocalGroup1")

Set objGroup = GetObject("LDAP://" & GroupLDAP)
For Each strUser in objGroup.Member
	 Set objUser =  GetObject("LDAP://" & strUser)
	 If Instr(objUser.objectCategory,"Group") > 0  Then
			WScript.Echo strUser
	End If
	Set objUser = Nothing	
Next


Public Function SearchDistinguishedName(ByVal vSAN)
    ' Function:     SearchDistinguishedName
    ' Description:  Searches the DistinguishedName for a given SamAccountName
    ' Parameters:   ByVal vSAN - The SamAccountName to search
    ' Returns:      The DistinguishedName Name
    Dim oRootDSE, oConnection, oCommand, oRecordSet

    Set oRootDSE = GetObject("LDAP://rootDSE")
    Set oConnection = CreateObject("ADODB.Connection")
    oConnection.Open "Provider=ADsDSOObject;"
    Set oCommand = CreateObject("ADODB.Command")
    oCommand.ActiveConnection = oConnection
    oCommand.CommandText = "<LDAP://" & oRootDSE.get("defaultNamingContext") & _
        ">;(&(objectCategory=Group)(samAccountName=" & vSAN & "));distinguishedName;subtree"
    Set oRecordSet = oCommand.Execute
    On Error Resume Next
    SearchDistinguishedName = oRecordSet.Fields("DistinguishedName")
    On Error GoTo 0
    oConnection.Close
    Set oRecordSet = Nothing
    Set oCommand = Nothing
    Set oConnection = Nothing
    Set oRootDSE = Nothing
End Function

I hope that helps.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[Geates]

I opted for the slower object.Members recursion

-Geates

"I hope I can chill and see the change - stop the bleed inside and feel again. Cut the chain of lies you've been feeding my veins; I've got nothing to say to you!"
-Infected Mushroom

"I do not offer answers, only considerations."
- Geates's Disclaimer