List group membership for all users in domain

[7Star]

I found a script from some ms site that list groups that a user are member of, even nested groups. But that I want to be able to do with this script is not having specify which OU the user resides in. I want to search for a user in the whole domain and see what groups the user are member of. Any idea how to do this?

' Commands to bind to AD and extract domain name
Set objRootLDAP = GetObject("LDAP://RootDSE")
strDNSDomain = objRootLDAP.Get("DefaultNamingContext")

Set FileSystem = WScript.CreateObject("Scripting.FileSystemObject")
Set OutPutFile = FileSystem.CreateTextFile("test.txt", True)

strUser ="cn=test,"
strOU ="OU=test,"
strLDAP ="LDAP://" & strUser & strOU & strDNSDomain 
Set objUser = GetObject(strLDAP)

Set colGroups = objUser.Groups
For Each objGroup in colGroups
    'Wscript.Echo objGroup.CN   
    GetNested(objGroup)
Next
Function GetNested(objGroup)
    On Error Resume Next
    colMembers = objGroup.GetEx("memberOf")
    For Each strMember in colMembers
        strPath = "LDAP://" & strMember
        Set objNestedGroup = GetObject(strPath)
       ' WScript.Echo objNestedGroup.CN
	OutputFile.Writeline objGroup.CN    	
        GetNested(objNestedGroup)
    Next
End Function

Thx in advance

// Ola

 

[dm4ever]

Look for posts by markdmac, he has posted useful functions that return a user object or at least their path (distinguishedname) so that you can use it with the code you posted.

--------------------------------------------------------------------------------
dm4ever
My philosophy: K.I.S.S - Keep It Simple Stupid

 

[markdmac]

Use the functions found here: faq329-5688

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.