Look up AD group info and return GROUPS

[theniteowl]

Hi All,
I have a script to look up an Active Directory group and return the members but we have found that it does not return members who are actually other AD groups.

I get a list of 6 or so members that are individual IDs but there are three groups that I know are assigned as members of the group in question and this info is not returned when looking at .Members.

Anyone know how to do this?

Thanks.

At my age I still learn something new every day, but I forget two others.

 

[CherryPanda]

Posting the script would help to answer your question. As is my best guess is that specifying "subtree" is the answer you're looking for.

 

[theniteowl]

It's just the basic AD lookup script you can find most places. It only returns individual names rather than groups though.
Here is the code.

strDomain = "MYDOMAIN"
strGroupname = "My_Group_Name"
oustr = ""
Set adsGroup = getobject("WinNT://" & strDomain & "/" & strGroupname)
Set adsMembers = adsGroup.Members
For Each varItem in adsMembers
outstr = outstr & varItem.Name & vbCrLf
'msgbox varItem.Name
Next 'varItem

msgbox outstr

At my age I still learn something new every day, but I forget two others.

 

[tsuji]

WinNT provider is not global- & universal-security-group aware. It was not allowed for the legacy win nt-domain. You've to use LDAP provider for the task. R Mueller's site gives some comprehensive group administration advice. This specific page may be pertinent:

http://www.rlmueller.net/Programs/EnumGroup.txt