Wednesday, December 4, 2013

Give me the info for the people of a group.

I started to get where I wanted to go with a previous post of getting user information so I decided to break down some information.

So I ended up with this nice little chunk of code that gave the members of a group.

The Code
dsquery group -samid "AdminsGroup" | dsget group -members

This gives a decent amount of info, but it's basically unusable for normal readable information.

It gives back information something like this "CN=c-hean,OU=USERS,OU=ESF,OU=EN,OU=BIGOU,DC=STUPIDOMAIN,DC=COM".

So I dug into things a little more and came up with this. Let's use the information from the previous script and add  " | dsget user -display" to get the users information.
Read more about  dsget user by going here.

The Code
dsquery group -samid "AdminsGroup" | dsget group -members | dsget user -display

Now it cleans it up and displays the names of the users instead of the full Distinguished Name, like "Smith, Smith".

There is a lot of other information you can get from your script by just changing a couple of the parameters. So for example if you want First Name, Middle Intial and Last Name just change it to this " -fn -mi -ln" instead of "-display". Now it shows "Bob    R    Smith".

The Code

dsquery group -samid "AdminsGroup" | dsget group -members | dsget user  -fn -mi -ln


Please note somethings that this might give you is an error if one of the "users" is  actually a "group" in the group you searched. You will get something like this "dsget failed:CN=Service Desk,OU=GROUPS,OU=ESF,OU=EN,OU=BIGOU,DC=STUPIDOMAIN,DC=COM".
:The object class of the target does not match the one specified on the command
This tells us that the groups "Service Desk" failed to give us the information you are looking for because it is a "group" not a "user".

I am sure there is a way around this but thats for another time.

No comments:

Post a Comment