How to compare group members to OU

dmwdmw Member Posts: 81 ■■□□□□□□□□
in AD Infra 70-294
Does anyone know how to compare all the members of an OU to that of a dist group? I want to make sure all members of an OU are part of a group.
Rebooting computers since 1999
· Share on FacebookShare on Twitter

Comments

  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    Well, if you are using Exchange 2003, you can use Query-Based distribution groups. If you are using Exchange 2007, you can use Dynamic Distribution Groups. If you are not using Exchange, you can use a script to automatically look at all user's in an OU and if they are not in a specific group, to add them. If you want the script to run periodically, you can add it to scheduled tasks.
    “For success, attitude is equally as important as ability.” - Harry F. Banks
    · Share on FacebookShare on Twitter
  • sprkymrksprkymrk Member Posts: 4,884 ■■■□□□□□□□
    Use the export functions in ADUC and import them both to a spreadsheet to compare them side-by-side?
    All things are possible, only believe.
    · Share on FacebookShare on Twitter
  • dmwdmw Member Posts: 81 ■■□□□□□□□□
    Helpful thanks. Will use the export function. Using exchance 2003 in mixed mode so no query based list available.
    Rebooting computers since 1999
    · Share on FacebookShare on Twitter
  • royalroyal Member Posts: 3,352 ■■■■□□□□□□
    Here's the script I was talking about that will add all user's in the OU specified to the specified group. I don't remember where I got this from but it was on my laptop when I originally made this post. If you use this to run in scheduled tasks, make sure you take out the wscript.echo at the end. If you need, I can modify the script so it'll prompt you for the OU and/or group and use those inputs instead of having to modify the script. Enjoy!
    Option Explicit
    Dim objRootLDAP, objGroup, objUser, objOU
    Dim strOU, strGroup, strDNSDomain
    Dim intCounter

    strOU = "OU=Sales,"
    strGroup = "CN=Sales,"

    Set objRootLDAP = GetObject("LDAP://RootDSE")
    strDNSDomain = objRootLDAP.Get("DefaultNamingContext")

    Set objGroup = GetObject("LDAP://"& strGroup _
    & strOU & strDNSDomain)
    Set objOU = GetObject("LDAP://" & strOU & strDNSDomain)

    intCounter = 1
    For Each objUser In objOU
    If objUser.Class = lcase("User") then
    objGroup.add(objUser.ADsPath)
    intCounter = intcounter +1
    End If
    Next
    WScript.Echo strGroup & " has " & intCounter -1 & " new members"

    Wscript.Quit
    “For success, attitude is equally as important as ability.” - Harry F. Banks
    · Share on FacebookShare on Twitter
  • dmwdmw Member Posts: 81 ■■□□□□□□□□
    Thanks for the script. I found the way to do using the AD saved queries feature. I was having an issue getting the list of the group exported. There is no way I can see to export directly from a group like you can by right clicking on an OU. I was able to generate a query under saved queries in ADUC. The part that was confusing me is you can't select to search for a user and use the "member of" attribute. You must use the distinguished name in the query.

    I used the approach here and was able to export to excel and compare the 2 lists. In this case this was ok since the list was under 100.

    http://www.blkmtn.org/Queries-with-ADUC

    Thanks again
    Rebooting computers since 1999
    · Share on FacebookShare on Twitter
Sign In or Register to comment.