So….you have a huge list of groups that you want to check the memberships of….what is the easiest way to do that? Keeping in mind that you may need some fancy pants SNAP-INS for powershell. Well..the answer is quite easy…a flat text file with the names of the groups you want to query in separate lines and the CLI’s iterator the FOR command.
The FOR command can iterate through directories and files, in this case I wanted to go through a file line by line, the for command ignores blank lines, so when I received a list in an email, I copied and pasted it to notepad.
I saved that to my current working directory in the Command shell….then I ran this
The FOR command can iterate through directories and files, in this case I wanted to go through a file line by line, the for command ignores blank lines, so when I received a list in an email, I copied and pasted it to notepad.
I saved that to my current working directory in the Command shell….then I ran this
for /f %g in (group.txt) do dsquery group -name %g | dsget group -members
To break this down we are saying we are going to iterate or loop through a file and give the VARIABLE %g a different value that equates to a group name in the active directory,with each loop, and then we are going to DO a dsquery and a dsget to find the members of each group.
Note that this is interactive from the CLI Shell and the variable %g is pertinent in interactive mode, however if you want that scripted then %g becomes %%g as it is now in inactive mode…. a gotchya to look out for!!!
As ever the output can be redirected to a text file….
for /f %g in (group.txt) do dsquery group -name %g | dsget group -members > whateverfilepathyouwant.txt
And if you want to do this as a single shot then it’s as easy as……
dsquery group -name groupname | dsget group -members
and with output redirection…..
dsquery group -name groupname | dsget group -members > whateverfilepathyouwant.txt
No comments:
Post a Comment