You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Basic Scripting » Who belongs to this group? Using AD
Register User       Forum List       Calendar       FAQ
Page 1 of 1 1
Topic Options
#111076 - 2003-12-30 06:03 PM Who belongs to this group? Using AD
marguz Offline
Fresh Scripter

Registered: 2002-10-29
Posts: 19
Loc: Illinois
Hello,
I've been trying to get access to some info in Active Directory. The info in question would be to list all users that are part of a given group, so I need to query a given group for the info. I've tried using some example scripts listed here, but I really don't understand where I can find the info on the proper function calls to use.

Can someone please give an example on how to do this using the "LDAP" thing, and also point me in the direction on where to read-up on using Kixtart and AD.

TIA
Mark
Top
#111077 - 2003-12-30 06:23 PM Re: Who belongs to this group? Using AD
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11165
Loc: Boston, MA, USA
The UDF Forum already contains numerous UDFs to query AD objects, group memberships, and so on. Please take a look there, e.g. GetGroups(). Additionally MSDN has extensive documentation for ADSI.
_________________________
There are two types of vessels, submarines and targets.

Top
#111078 - 2003-12-30 06:36 PM Re: Who belongs to this group? Using AD
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
Well... GetGroups() seems only to list the groups a person is a member of so does not meet the requirements. OTOH, GroupMembers() will list all members of a group.

See also our FAQ for more info on ADSI.
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#111079 - 2003-12-30 07:15 PM Re: Who belongs to this group? Using AD
Radimus Moderator Offline
Moderator
*****

Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
Code:
 

$groupname = 'some group'
$obj = GetObject("WinNT://"+@domain+"/"+$groupname+",group")
IF $obj
	for each $user in $obj.members
		? $user.name
		next
	$obj = 0
	ENDIF
_________________________
How to ask questions the smart way <-----------> Before you ask

Top
#111080 - 2003-12-30 07:47 PM Re: Who belongs to this group? Using AD
Radimus Moderator Offline
Moderator
*****

Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
and the same thing in UDF format:

Code:
 
break on

for each $name in EnumGroup('somegroup')
	? $name
	endif


Code:
 
Function EnumGroup($group, Optional $Domain)
	DIM $users, $obj
	if not $domain		$domain = @domain	endif
	$obj = GetObject("WinNT://"+$domain+"/"+$group+",group")
	IF not $obj		exit 1		endif
	for each $user in $obj.members
		$users=$users + '|' + $user.name
		next
	$obj = 0
	$EnumGroup = split(substr($users,2),'|')
	EndFunction
_________________________
How to ask questions the smart way <-----------> Before you ask

Top
#111081 - 2003-12-30 08:29 PM Re: Who belongs to this group? Using AD
Les Offline
KiX Master
*****

Registered: 2001-06-11
Posts: 12734
Loc: fortfrances.on.ca
Yeah, but he wanted LDAP...
_________________________
Give a man a fish and he will be back for more. Slap him with a fish and he will go away forever.

Top
#111082 - 2003-12-31 02:28 AM Re: Who belongs to this group? Using AD
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11165
Loc: Boston, MA, USA
Right from the MSDN site adopted for KiXtart:
Code:

dim $filter[0]
$objOU = GetObject('LDAP://cn=Users,dc=NA,dc=fabrikam,dc=com')
$filter[0]='user'  
$ObjOU.Filter=$filter
For Each $objUser in $objOU
  ? $objUser.cn
Next
_________________________
There are two types of vessels, submarines and targets.

Top
#111083 - 2003-12-31 02:44 AM Re: Who belongs to this group? Using AD
Radimus Moderator Offline
Moderator
*****

Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
so call translatename() to get the ldap string, and pass it into a modified UDF like what I provided, which only returns the CN as elements in an array.

the only "problem" with using AD/LDAP is that very often you only need the 'simplest' form of the result.

In any case they both work

but we have apparently lost our poster...
_________________________
How to ask questions the smart way <-----------> Before you ask

Top
#111084 - 2003-12-31 04:16 AM Re: Who belongs to this group? Using AD
marguz Offline
Fresh Scripter

Registered: 2002-10-29
Posts: 19
Loc: Illinois
No, I'm here ;-)
One of my Citrix boxes stoped it's IMA service and BLA, BLA, BLA... Bad Day

Thanks to all of you for the replies.
I've search this site for "LDAP" but really could not find what I wanted (or maybe I just did not understand what the code would do ) But I really like to sample code I got in the replies, and I will be going over to MSDN.

sealeopard, you listed code that was adopted for Kixtart. Is there a HowTo on what gets replaced with what?


Very nice and helpful forum.
Mark
Top
#111085 - 2003-12-31 04:42 AM Re: Who belongs to this group? Using AD
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11165
Loc: Boston, MA, USA
Essentially, put "$" signs in front of all variables and replace ampersands "&" with plus signs "+" to concacenate strings.
_________________________
There are two types of vessels, submarines and targets.

Top
#111086 - 2003-12-31 10:22 AM Re: Who belongs to this group? Using AD
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11631
Loc: CA
Not to muddy the water, but I have confirmed that this "FILTER" method in fact does not work as one would expect. A COMPUTER object also has a field for USER, so this type of query actually returns the names of computers as well if found in a container with user accounts.

Mark,
If you can give us the name of your groups and your domain we may be able to supply code that will return what it is you're looking for.
Are you running KiXtart 4.22 ? Are you a Domain Admin or OU Admin?
Top
#111087 - 2003-12-31 10:30 AM Re: Who belongs to this group? Using AD
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11631
Loc: CA
Here is an example to show all members of a specified group within an OU named Groups

You need to supply your real path to the container and the name of the group to check. Then from a command console run KIX32.EXE THIS_SCRIPT.KIX and you should get back what you're looking for.

break on
dim $iRC
$iRC=setoption('Explicit','on')
$iRC=setoption('NoVarsInStrings','on')

ListGroupMembers('GRAPHICS')

function ListGroupMembers($Group)
dim $CheckGroup,$Member
$CheckGroup = getobject('LDAP://CN='+$Group+',ou=Groups,dc=mycompany,dc=com')
  for each $Member in $CheckGroup.members
    ? 'Members of: ' +$Group+'  '+$member.SamAccountName+'   '+$member.fullname
  next
endfunction
Top
#111088 - 2003-12-31 03:48 PM Re: Who belongs to this group? Using AD
marguz Offline
Fresh Scripter

Registered: 2002-10-29
Posts: 19
Loc: Illinois
OK,
The groups will be user input (TA.TIMEKEEPER for example),
the domain is global.shsystem.org

I'm running Kixtart 4.22 and I'm one of the Domain Admins.

Mark
Top
#111089 - 2003-12-31 06:06 PM Re: Who belongs to this group? Using AD
Allen Administrator Offline
KiX Supporter
*****

Registered: 2003-04-19
Posts: 4567
Loc: USA
Doc, not sure if you need this, but I ran into the filter problem a while back. I searched and searched and finally stumbled across some sample code to help sort out the computers from the users. The snipet below is just creating an array if the Filter defined is "User" and then checks the "class" of the object to determine if it is a computer or user.

Code:

          if ucase($filter)="USER"
            If $OUObject.Class = "user" 
              $objects=$objects + ucase($OUObject.Name)
            endif
          endif

Top
#111090 - 2004-01-01 11:16 AM Re: Who belongs to this group? Using AD
NTDOC Administrator Offline
Administrator
*****

Registered: 2000-07-28
Posts: 11631
Loc: CA
Thanks Al_Po I don't need it. Was just pointing out a minor flaw in this code which is being shown/demo'ed around on different scripting sites.


However, on another note. In my opinion the idea of the FILTER is to allow a fast query without having to check the CLASS. Now by using the CLASS check you slow down the query because it has to apply a CLASS check on each object that matched the FILTER. It may still be faster then a CLASS check on every object, but would be much better if you were able to search on a FILTER item that is unique to the USER object alone.

Edited by NTDOC (2004-01-01 11:13 PM)
Top
#111091 - 2004-01-02 02:46 AM Re: Who belongs to this group? Using AD
Sealeopard Offline
KiX Master
*****

Registered: 2001-04-25
Posts: 11165
Loc: Boston, MA, USA
My example came directly from the MS site at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/ScriptCenter/user/ScrUG63.asp and an alternate way is at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/ScriptCenter/user/scrug50.asp
_________________________
There are two types of vessels, submarines and targets.

Top
#111092 - 2004-01-07 06:58 PM Re: Who belongs to this group? Using AD
Radimus Moderator Offline
Moderator
*****

Registered: 2000-01-06
Posts: 5187
Loc: Tampa, FL
here it can be done both ways...
TranslateName() is only required if you go not have the LDAP name

Code:

break on
$group = 'some_group_name'
for each $member in NTDSGroupMembers($Group)
? $member
next

$group = TranslateName('some_group_name')
for each $member in LDAPGroupMembers($Group)
? $member
next


Code:

Function NTDSGroupMembers($group, Optional $Domain)
	DIM $users, $obj
	if not $domain			$domain = @domain		endif
	if not instr($group,$domain)	$group=$domain+'/'+ $group	endif
	$obj = GetObject("WinNT://"+$group+",group")		IF not $obj	exit 1		endif
	for each $user in $obj.members
		$users=$users + '|' + $user.name
		next
	$obj = 0
	$NTDSGroupMembers = split(substr($users,2),'|')
	EndFunction

function LDAPGroupMembers($Group)
	dim $obj,$Member,$members
	if not instr($group,'LDAP://')		$group='LDAP://'+ $group	endif
	$obj = getobject($Group)				IF not $obj	exit 1		endif
	for each $Member in $obj.members
		if $member.Class = "user"
			$members=$members+ '|'+$member.SamAccountName
			endif
		next
	$obj = 0
	$LDAPGroupMembers=split(substr($members,2),'|')
	endfunction

Function TranslateName($LookupName, optional $LookupNameType, optional $ReturnNameType, optional $InitType, optional $BindName)
	Dim $NameTranslate 

	if not $LookupNameType and not instr($LookupName,'\')	$LookupName = @domain+'\'+$LookupName		endif
	if not $LookupNameType		$LookupNameType=3	endif
	if not $ReturnNameType		$ReturnNameType=1	endif
	if not $InitType		$InitType=1		endif
	if not $BindName		$BindName=@domain	endif
	if $InitType = 3		$BindName=''		endif

	$NameTranslate = CREATEOBJECT("NameTranslate")		if @error	Exit 1		endif
	$NameTranslate.Init($InitType, $BindName)		if @error	Exit 2		endif
	$NameTranslate.Set($LookupNameType, $LookupName)	if @error	Exit 3		endif
	$TranslateName = $NameTranslate.Get($ReturnNameType)	if @error	Exit 4		endif
	Endfunction
_________________________
How to ask questions the smart way <-----------> Before you ask

Top
Page 1 of 1 1


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 484 anonymous users online.
details
Newest Members
Sir_Barrington, batdk82, StuTheCoder, M_Moore, BeeEm
17886 Registered Users
My Cookies · Mark all read Powered by UBB.threads™ Contact Us · KiXtart.org website · Top

Generated in 0.07 seconds in which 0.025 seconds were spent on a total of 12 queries. Zlib compression enabled.
Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org