So I ended up with this nice little chunk of code that gave the members of a group.
The Code
dsquery group -samid "AdminsGroup" | dsget group -members
This gives a decent amount of info, but it's basically unusable for normal readable information.
It gives back information something like this "CN=c-hean,OU=USERS,OU=ESF,OU=EN,OU=BIGOU,DC=STUPIDOMAIN,DC=COM".
So I dug into things a little more and came up with this. Let's use the information from the previous script and add " | dsget user -display" to get the users information.
Read more about dsget user by going here. http://technet.microsoft.com/en-us/library/cc732535.aspx
The Code
dsquery group -samid "AdminsGroup" | dsget group -members | dsget user -display
Now it cleans it up and displays the names of the users instead of the full Distinguished Name, like "Smith, Smith".
There is a lot of other information you can get from your script by just changing a couple of the parameters. So for example if you want First Name, Middle Intial and Last Name just change it to this " -fn -mi -ln" instead of "-display". Now it shows "Bob R Smith".
The Code
dsquery group -samid "AdminsGroup" | dsget group -members | dsget user -fn -mi -ln
NOTES:
Please note somethings that this might give you is an error if one of the "users" is actually a "group" in the group you searched. You will get something like this "dsget failed:CN=Service Desk,OU=GROUPS,OU=ESF,OU=EN,OU=BIGOU,DC=STUPIDOMAIN,DC=COM".:The object class of the target does not match the one specified on the command
line.".
This tells us that the groups "Service Desk" failed to give us the information you are looking for because it is a "group" not a "user".
I am sure there is a way around this but thats for another time.
No comments:
Post a Comment