Personal tools
Quills
Atom
RDF
RSS 2.0
Powered by Quills
 

Rob Engler

Jan 07, 2011

Exporting AD membership lists

by Rob Engler — last modified Jan 07, 2011 04:29 PM
Filed Under:

A few ways to export membership for Active Directory objects such as distribution lists or email-enabled security groups.

Active Directory is great for running your organization smoothly but it has almost no way to allow you to pull meta-data from it easily.

A client asked to have the membership of a few distribution and email-enabled objects pulled so that they could review it for accuracy. Here are a few ways to do it.

Command-line

From the command line on a domain controller, type

net group <AD groupname> > report.txt

This will dump the usernames for the members of that group. Useful but not terribly clean.

Alternately, use the csvde command

csvde -f report.txt -r sAMAccountName=<groupname> -l member

You will get a file that has one entry per member. You can clean up the line in Word using the Replace function (to replace the semicolon with a return, use the ^p value).

Scripting

If you like scripting, you can extract using LDIFDE and VBS to clean it up, or you can script against the LDAP services on your domain controller. Microsoft has a good explanation of the LDIFDE method and clean-up here.

Here is a quick example of using VBScript against LDAP:

Set ObjGroup = GetObject("LDAP://cn=TargetGroup,ou=Groups,dc=company,dc=com")
For Each objMember in objGroup.Members
  WScript.Echo objMember.Name
Next

You will need to know where your object is located and alter the LDAP query to match. A good free tool for figuring this out is made by Softerra and is called LDAP Browser 2.6. This type of tool is invaluable for letting your script access into the data held for your employees in Active Directory and Softerra's implementation is easy to use and works well.

 

Comments: 0

Apr 03, 2010

Setting home directories on Windows 7

by Rob Engler — last modified Apr 03, 2010 09:23 PM
Filed Under:

Running Windows7 clients in a Windows 2003 Active Directory domain has a few gotchas.

A client today needed us to set a home drive mapping from several Windows 7 clients to a share on a Windows 2003 DC. I learned a few things to look out for next time.

 

Home Directories

If you didn't know this already, you need to set home directory shares so that they allow full offline access. Specifically, this allows the H: drive mapping to occur. This should be the end of the discussion for pre-Win7 clients. User logs in, drive is mapped.

 

Windows 7 home directory mappings

Windows 7 does not appear to observe home directory mappings when joined to a Windows 2003 AD domain. You can set the home directory mapping in the user account, but the drive will not appear. Some others suggested disabling UAC, but I found this to be true even with UAC disabled.

If you need to map a home directory in this scenario, just do it in a login script.

 

Comments: 0
Next 2 items » [1] 2 3 4 ... 7
Weblog Authors

Rob Engler

Location: San Diego, CA, USA
Rob Engler