16 Feb 2018

List the members of an Active Directory group

From a Windows computer would you like to see a list of the members of a particular Active Directory (network) group? In this article we'll explore how to do this and how to extract and rearrange the usernames into a conventional vertical list.

List the members of a group
Open a command window - press Win-R, type CMD and press Enter
Enter the command: NET GROUP "your group name" /domain

You should replace "your group name" with the name of the group you wish to see the membership of. Remember that the double quotes " " are important, often Active Directory group names have spaces in them, using the quotes is essential for the group name to be recognised. 

Here's an example:


The result is OK. The users in the group are listed under the dotted line. The only thing that's not good is that they are listed in three columns. This makes it difficult to easily extract these usernames for other uses. For example, you may wish to send an e-mail to everyone in this group or display this list in a report. This problem is especially acute when there are many hundreds of group members.


Create a vertical list of usernames
The aim is to create a list as follows:
RIPLEY
DALLAS
ASH
LAMBERT
KANE
PARKER
BRETT
This is much easier to work with in Excel or Outlook.

I've written a small script using AutoIt. Before you go further, ensure you have AutoIt installed on your computer. It's an excellent scripting language because after you create your script you can compile it to an EXE and use it standalone, without having to install anything on the computer where you use it. More information on AutoIt can be found here:
https://mgxp.blogspot.ch/2013/05/autoit-scripting-language-for-windows.html

The script I've written is called Membership. It runs the above NET GROUP command, the output is written to a text file. That file is read by the script, the names are extracted and written to a new text file in order vertically. 


Source Code

#cs ----------------------------------------------------------------------------
 Membership.au3
 AutoIt Version: 3.3.14.2
 Author:        Michael Gerrard, mgxp.blogspot.ch, February 2018

 Script Function:
 List users who are the members of an AD group to a file.

#ce ----------------------------------------------------------------------------

$group      = "your group name"  ;change to a valid AD group name!
$title      = "Membership"
$inputFile  = @ScriptDir & "\membership.tmp"
$outputFile = @ScriptDir & "\membership.txt"
$n          = 8 ;line counter (starts at 8)
$u          = 1 ;user counter

; Run the NET GROUP command to list the users
RunWait(@ComSpec & ' /c NET GROUP "' & $group & '" /domain > ' & $inputFile, @ScriptDir, @SW_MINIMIZE)

; Open the input file and read the lines
$file  = FileOpen($inputFile, 0) ;open read only
$aFile  = FileReadToArray($file)
If @error Then  ;An error occurred reading the current script file
    MsgBox(16, $title, "There was an error reading the file.")
 Exit
EndIf
FileClose($file)

; Step through the lines and output the usernames to the output file
$file = FileOpen($outputFile, 2) ;create a new file
While $aFile[$n] <> "The command completed successfully." ;loop through the lines

 $aSplit = StringSplit($aFile[$n], " ") ;split the line into users
 For $u = 1 To $aSplit[0] ;step through the possible users

  $ws = StringIsSpace($aSplit[$u]) ;some users are white spaces
  If $ws = 0 Then ;if not white space
   FileWriteLine($file, $aSplit[$u]) ;write the user to the output file
  EndIf
 Next ;loop again to find another user

 $u = 1  ;reset to 1
 $n = $n + 1 ;increment the loop
Wend

FileClose($file)
FileDelete($inputFile) ;delete the temporary input file
Run("notepad " & $outputFile, @ScriptDir)
Exit

Copy and paste the above code into a text file.

Save the text file as Membership.au3

The first line in the code is where a variable is defined for the group name:
$group = "your group name"
Change the text in double quotes to the name of the your group.


Run the script
As long as you have AutoIt installed you can either run the Membership.au3 file or compile it to an EXE for standalone use.

Remember to change the variable $group to the group name of your choice before running or compiling the script.

NOTE: For the script to work it should be in a folder with a path structure without spaces. For example, if it's in D:\VeryImportant\Files that will work fine. If it's in D:\Very Important\Files then it will not work.

When you run the script it will open Notepad with the usernames in a vertical list like this:


From Notepad you can copy/paste the list to Excel, Word or where ever. Also, it is possible from Excel PowerView to query this text file, this can be useful if you wish to match it to other data you may have in a corporate database.


Conclusion
It's a real shame that the NET GROUP command doesn't have the ability to list the names vertically to start with. However, using AutoIt it's possible to get around this and make a simple but effective solution. I hope this is of help to you.






No comments: