Search a user by username and list its Group memberships

I was writing this to help a vendor coz he kept asking me the groups of some particular account. So i thought i write this to help him. Or rather, save myself from having to reply to his email. <grin>
The script below will prompt you for a user ID, it will then return you the group membership of the account it belongs to. And since i wrote this, i thought i share it.
Copy the codes and paste it to a notepad, save as a .vbs file to use it.
On Error Resume Next

Const ADS_UF_LOCKOUT = &H0010

DomainDN = "dc=domain,dc=com"

strUserName = ""
strUserDN = ""
strGroups = ""

strUserName = InputBox ("Enter User ID: eg, abc", "Enter User Name")

‘Connect to AD to search for User account

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

objCommand.CommandText = _
"SELECT distinguishedName FROM ‘LDAP://" & DomainDN & _
"’ WHERE objectCategory=’user’ and samAccountName=’" & strUserName & "’"

Set objRecordSet = objCommand.Execute

If objRecordSet.RecordCount = 0 Then
WScript.Echo strUserName & " cannot be found in Active Directory"
strUserDN = objRecordSet.Fields("distinguishedName").Value
End If

‘If user is found, its DN is used to retrieve group memberships

Set objUser = GetObject("LDAP://" & struserDN)

intPrimaryGroupID = objUser.Get("primaryGroupID")
arrMemberOf = objUser.GetEx("memberOf")

WScript.Echo "The memberOf attribute is not set."
For Each Group in arrMemberOf
strGroups = strGroups & Group & vbcrlf
End If

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"

Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.CommandText = ";(objectCategory=Group);distinguishedName,primaryGroupToken;subtree"
Set objRecordSet = objCommand.Execute


Wscript.echo strGroups

/Dennis Chung

2 thoughts on “Search a user by username and list its Group memberships

  1. Dennis says:

    Yes, you are right. to be exact, the command will be like this;
    net user "User ID" /domain
    However, you do not open up the possibility of reusing the information returned programmatically.
    By venturing into using VBScript, it has the advantage of programmatically use the information and populate perhaps a database or an excel spreadsheet.
    Command Lines are good. I love them too. But max is to have a combination of command lines and process them by piping. Doesn\’t give you the flexibility of using the potential of programming. 🙂
    And btw, you can also get better set of DS* commands if you like, but the request runs on a domain controller. The script allows you to run on the client.

Leave a Reply to Ramesh Cancel reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s