Search a user by username and list its Group memberships

I was writing this to help a vendor coz he kept asking me the groups of some particular account. So i thought i write this to help him. Or rather, save myself from having to reply to his email. <grin>
 
The script below will prompt you for a user ID, it will then return you the group membership of the account it belongs to. And since i wrote this, i thought i share it.
 
Copy the codes and paste it to a notepad, save as a .vbs file to use it.
====================================================
On Error Resume Next

Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D
Const ADS_SCOPE_SUBTREE = 2
Const ADS_UF_LOCKOUT = &H0010

DomainDN = "dc=domain,dc=com"

strUserName = ""
strUserDN = ""
strGroups = ""

strUserName = InputBox ("Enter User ID: eg, abc", "Enter User Name")

‘========================================
‘Connect to AD to search for User account
‘========================================

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

objCommand.CommandText = _
"SELECT distinguishedName FROM ‘LDAP://" & DomainDN & _
"’ WHERE objectCategory=’user’ and samAccountName=’" & strUserName & "’"

Set objRecordSet = objCommand.Execute

If objRecordSet.RecordCount = 0 Then
WScript.Echo strUserName & " cannot be found in Active Directory"
WScript.Quit
Else
strUserDN = objRecordSet.Fields("distinguishedName").Value
End If

‘==============================================================
‘If user is found, its DN is used to retrieve group memberships
‘==============================================================

Set objUser = GetObject("LDAP://" & struserDN)

intPrimaryGroupID = objUser.Get("primaryGroupID")
arrMemberOf = objUser.GetEx("memberOf")

If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
WScript.Echo "The memberOf attribute is not set."
Wscript.quit
Else
For Each Group in arrMemberOf
strGroups = strGroups & Group & vbcrlf
Next
End If

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"

Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.CommandText = ";(objectCategory=Group);distinguishedName,primaryGroupToken;subtree"
Set objRecordSet = objCommand.Execute

objConnection.Close

Wscript.echo strGroups
====================================================

/Dennis Chung
Advertisements

2 thoughts on “Search a user by username and list its Group memberships

  1. Dennis says:

    Yes, you are right. to be exact, the command will be like this;
    net user "User ID" /domain
     
    However, you do not open up the possibility of reusing the information returned programmatically.
    By venturing into using VBScript, it has the advantage of programmatically use the information and populate perhaps a database or an excel spreadsheet.
     
    Command Lines are good. I love them too. But max is to have a combination of command lines and process them by piping. Doesn\’t give you the flexibility of using the potential of programming. 🙂
     
    And btw, you can also get better set of DS* commands if you like, but the request runs on a domain controller. The script allows you to run on the client.

Leave a Reply to Dennis Cancel reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s