February 22nd, 2007

How Can I Return Information For Each Member in a Group?

Hey, Scripting Guy! Question

Hey, Scripting Guy! How can I write a script that, for each member in a group, returns the member’s name, department, address, title, and description?

— TL-V

SpacerHey, Scripting Guy! AnswerScript Center

Hey, TL-V. You would have to mention the word “script,” wouldn’t you? Usually that wouldn’t bother us too much, but in the past 9 days or so the Scripting Guy who writes this column has looked at, tested, and recorded scores for 2,000 or so scripts, all as part of the 2007 Winter Scripting Games. Likewise, the Scripting Guy who doesn’t write this column has looked at, tested, and recorded scores for 2,000 or so scripts herself. Plus we still have several hundred more scripts that haven’t been looked at, tested, or had their scores recorded. To tell you the truth, we’re all scripted out, TL-V; if we ever see another script again it’ll be too soon.

But don’t worry. After all, there are plenty of places you can turn to for help; it’s not like we’re the only daily scripting column here on TechNet. Why there’s … and there’s … um ….

Hmmm ….

OK, fine, we’ll help you out, just this once. But if anyone asks where you got this script, whatever you do don’t tell them. The last thing we Scripting Guys need is a bunch of people asking us questions about scripting.

Note. OK, forget that last part. The Scripting Editor, who recently bought a new car, just reminded us that we do need a bunch of people asking us questions about scripting. We think she said something about job security, but, if you want to know the truth, we weren’t paying that much attention; she does ramble on and on, you know. And if you’ve ever read Hey, Scripting Guy! then you know how much we dislike people who ramble on and on without ever getting to the point.

Which reminds us of a funny story involving the Scripting Son and a baseball game ….

At any rate, here’s a script that can return information about all the members of a group:

Set objGroup = GetObject(“LDAP://CN=Managers,OU=Finance,DC=fabrikam,DC=com”)

For Each objUser in objGroup.Members Wscript.Echo “Name: ” & objUser.DisplayName Wscript.Echo “Department: ” & objUser.department Wscript.Echo “Street address: ” & objUser.streetAddress Wscript.Echo “Title: ” & objUser.title Wscript.Echo “Description: ” & objUser.description Wscript.Echo Next

As you can see, there’s not much to this script. We start out by binding to the desired group in Active Directory; in our sample script, that’s the Managers group, which resides in the Finance OU of fabrikam.com:

Set objGroup = GetObject(“LDAP://CN=Managers,OU=Finance,DC=fabrikam,DC=com”)

As long as we’re on the subject, one question we get asked over and over again is this: how can I bind to a group that resides in a child OU of another OU?. In other words, how can I bind to a group that resides in the Accounting OU, which, in turn, resides in the Finance OU? We’ve addressed that question before, but it’s worth repeating here: you simply include both OUs in your binding string. Something like this:

Set objGroup = GetObject(“LDAP://CN=Managers,OU=Accounting,OU=Finance,DC=fabrikam,DC=com”)

The trick here is to always work from back to front when creating your binding string. The object’s CN always comes first, followed by the child OU, the parent OU, and then the domain information. Suppose the account lived in the Payables OU, which was a child OU of Accounting, which, of course, is a child of the Finance OU. That’s fine: start with Payables, tack on Accounting, then continue on through Finance:

Set objGroup = GetObject(“LDAP://CN=Managers,OU=Payables,OU=Accounting,OU=Finance,DC=fabrikam,DC=com”)

OK, now back to our regularly-scheduled program. As it turns out, one of the properties of an Active Directory group is the Members attribute; as the name implies, this attribute contains information about all the members in the group. Whoa, wait a second: don’t just try echoing the value of the Members attribute. Why not? Because Members happens to be a multi-valued attribute, an attribute that can contain more than one value. (Which makes sense; after all, groups typically contain more than one member.) Any time you’re dealing with a multi-valued attribute you need to set up a For Each loop in order to walk through all the values in that attribute (in this case, all the members of the group). That’s why we have this line of code:

For Each objUser in objGroup.Members

And then, once we’re inside the loop, we can echo back the desired information for each group member:

Wscript.Echo “Name: ” & objUser.DisplayName
Wscript.Echo “Department: ” & objUser.department
Wscript.Echo “Street address: ” & objUser.streetAddress
Wscript.Echo “Title: ” & objUser.title
Wscript.Echo “Description: ” & objUser.description

And that should do it, TL-V. When all is said and done you’ll get back information similar to this for each user listed as a group member:

Name: Ken Myer
Department: Accounts Receivable
Street address: Building 8, Room 435 
Title: Senior Account Manager
Description: Accounts Receivable manager

You know, that’s a good point: if the Scripting Guys already have several hundred unscored Scripting Games entries lying around, well, what difference would a few more make? In other words, if you haven’t entered the Scripting Games yet there’s still time to complete events 9 and/or 10. Submit a script for at least one of those events and you’ll be eligible to win a Dr. Scripto Bobblehead doll or a copy of the book Windows PowerShell in Action. More important, you’ll be giving the Scripting Guys an opportunity to do what they love best.

Oh, wait, never mind. Instead, you’ll be giving us a chance to look at, test, and record scores for scripts, won’t you?

Author

0 comments

Discussion are closed.