![\"Script](\"http:\/\/img.microsoft.com\/library\/media\/1033\/technet\/images\/scriptcenter\/ad.jpg\" "\\"Script")
<\/A> \nHey, AW. As a matter of fact, there is; this script will tell you what type of group you\u2019re dealing with:<\/P>
Set objGroup = GetObject _\n (“LDAP:\/\/cn=Finance Managers, ou=Finance, dc=Fabrikam, dc=com”)\nWscript.Echo objGroup.groupType\n<\/PRE>\nPretty easy, huh?<\/P>\n
Well, OK, maybe not. The preceding script works just fine, but it reports back a group type like -2147483640 or -2147483646 or maybe even 4. What the heck is going on?<\/P>\n
As it turns out, the group type is not stored in Active Directory as a string value; that is, if you echo the value of the groupType attribute you\u2019re not going to get back something like Global distribution group<\/B>. Instead, you\u2019re going to back one of the following numbers:<\/P>\n\n<\/THEAD>\n\n\n| \n Value<\/B><\/P><\/TD>\n | \n GroupType<\/B><\/P><\/TD><\/TR>\n\n| \n 2<\/P><\/TD>\n | \n Global distribution group<\/P><\/TD><\/TR>\n | \n| \n 4<\/P><\/TD>\n | \n Domain local distribution group<\/P><\/TD><\/TR>\n | \n| \n 8<\/P><\/TD>\n | \n Universal distribution group<\/P><\/TD><\/TR>\n | \n| \n -2147483646<\/P><\/TD>\n | \n Global security group<\/P><\/TD><\/TR>\n | \n| \n -2147483644<\/P><\/TD>\n | \n Domain local security group<\/P><\/TD><\/TR>\n | \n| \n -2147483640<\/P><\/TD>\n | \n Universal security group<\/P><\/TD><\/TR><\/TBODY><\/TABLE>\n <\/DIV>\n In case you\u2019re interested, the values 2, 4, and 8 identify – respectively – global, domain local, and universal groups. The value -2147483648 identifies security groups. To determine the group type you add the first number (2, 4, or 8) to the second number (-2147483648 if the group is a security group, 0 if it\u2019s a distribution group). A domain local distribution group has a value of 4 (4 + 0); a domain local security group has a value of -2147483644 (4 + -2147483648).<\/P>\n But you don\u2019t need to worry about where these numbers come from; all you need to know is which number matches up with which groupType. With that information, you can add a Select Case statement to your script and precisely identify the group type:<\/P> Set objGroup = GetObject _\n (“LDAP:\/\/cn=Finance Managers, ou=Finance, dc=Fabrikam, dc=com”)\nSelect Case objGroup.GroupType\n Case 2\n Wscript.Echo “This is a global distribution group.”\n Case 4\n Wscript.Echo “This is a domain local distribution group.”\n Case 8\n Wscript.Echo “This is a universal distribution group.”\n Case -2147483646\n Wscript.Echo “This is a global security group.”\n Case -2147483644\n Wscript.Echo “This is a domain local security group.”\n Case -2147483640\n Wscript.Echo “This is a universal security group.”\nEnd Select\n<\/PRE>\nIf all you care about is whether the group is a security group or a distribution group, then you could simply check to see if the groupType value is less than 0. If it is, then the group has to be a security group. Here\u2019s a script that does that very thing:<\/P> Set objGroup = GetObject _\n (“LDAP:\/\/cn=Finance Managers, ou=Finance, dc=Fabrikam, dc=com”)\nIf objGroup.groupType < 0 Then\n Wscript.Echo “This is a security group.”\nElse\n Wscript.Echo “This is a distribution group.”\nEnd If\n<\/PRE><\/p>\n","protected":false},"excerpt":{"rendered":"Hey, Scripting Guy! Is there any way to tell whether an Active Directory group is a security group or a distribution group?— AW Hey, AW. As a matter of fact, there is; this script will tell you what type of group you\u2019re dealing with:Set objGroup = GetObject _ (“LDAP:\/\/cn=Finance Managers, ou=Finance, dc=Fabrikam, dc=com”) Wscript.Echo objGroup.groupType […]<\/p>\n","protected":false},"author":595,"featured_media":87096,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1],"tags":[7,44,3,5],"class_list":["post-70763","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-scripting","tag-active-directory","tag-groups","tag-scripting-guy","tag-vbscript"],"acf":[],"blog_post_summary":" Hey, Scripting Guy! Is there any way to tell whether an Active Directory group is a security group or a distribution group?— AW Hey, AW. As a matter of fact, there is; this script will tell you what type of group you\u2019re dealing with:Set objGroup = GetObject _ (“LDAP:\/\/cn=Finance Managers, ou=Finance, dc=Fabrikam, dc=com”) Wscript.Echo objGroup.groupType […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/70763","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/users\/595"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/comments?post=70763"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/posts\/70763\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media\/87096"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/media?parent=70763"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/categories?post=70763"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/scripting\/wp-json\/wp\/v2\/tags?post=70763"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}} | |
![\"Hey,](\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/q-for-powertip.jpg\" "\\"Hey,")
\n![\"Spacer\"](\"https:\/\/devblogs.microsoft.com\/scripting\/wp-content\/uploads\/sites\/29\/2019\/05\/spacer.gif\")
![\"Hey,](\"https:\/\/devblogs.microsoft.com\/wp-content\/uploads\/sites\/29\/2019\/02\/a-for-powertip.jpg\" "\\"Hey,")