How to compare group members to OU

Does anyone know how to compare all the members of an OU to that of a dist group? I want to make sure all members of an OU are part of a group.

Find more posts tagged with

Comments

royal

Well, if you are using Exchange 2003, you can use Query-Based distribution groups. If you are using Exchange 2007, you can use Dynamic Distribution Groups. If you are not using Exchange, you can use a script to automatically look at all user's in an OU and if they are not in a specific group, to add them. If you want the script to run periodically, you can add it to scheduled tasks.

sprkymrk

Use the export functions in ADUC and import them both to a spreadsheet to compare them side-by-side?

dmw

Helpful thanks. Will use the export function. Using exchance 2003 in mixed mode so no query based list available.

royal

Here's the script I was talking about that will add all user's in the OU specified to the specified group. I don't remember where I got this from but it was on my laptop when I originally made this post. If you use this to run in scheduled tasks, make sure you take out the wscript.echo at the end. If you need, I can modify the script so it'll prompt you for the OU and/or group and use those inputs instead of having to modify the script. Enjoy!

Option Explicit
Dim objRootLDAP, objGroup, objUser, objOU
Dim strOU, strGroup, strDNSDomain
Dim intCounter

strOU = "OU=Sales,"
strGroup = "CN=Sales,"

Set objRootLDAP = GetObject("LDAP://RootDSE")
strDNSDomain = objRootLDAP.Get("DefaultNamingContext")

Set objGroup = GetObject("LDAP://"& strGroup _
& strOU & strDNSDomain)
Set objOU = GetObject("LDAP://" & strOU & strDNSDomain)

intCounter = 1
For Each objUser In objOU
If objUser.Class = lcase("User") then
objGroup.add(objUser.ADsPath)
intCounter = intcounter +1
End If
Next
WScript.Echo strGroup & " has " & intCounter -1 & " new members"

Wscript.Quit

dmw

Thanks for the script. I found the way to do using the AD saved queries feature. I was having an issue getting the list of the group exported. There is no way I can see to export directly from a group like you can by right clicking on an OU. I was able to generate a query under saved queries in ADUC. The part that was confusing me is you can't select to search for a user and use the "member of" attribute. You must use the distinguished name in the query.

I used the approach here and was able to export to excel and compare the 2 lists. In this case this was ok since the list was under 100.

http://www.blkmtn.org/Queries-with-ADUC

Thanks again