VBScript program to document all groups in the domain. The program outputs each group name, the type of group, all the members, and whether each member is a user or group.

The program is designed to be run at a command prompt using the cscript host. The output can be redirected to a text file. For example:

cscript //nologo DocumentGroups.vbs > DomainGroups.txt

The program uses the RootDSE object to retrieve the DNS domain name. The program uses ADO to search Active Directory for all group objects. The DistinguishedName attribute of each group is used to bind with the LDAP provider. The groupType attribute of each group object is used to determine the type of group.

The members of each group are listed. Each member is indicated as being either a user or a group. The nested group members are not listed directly, but can be determined from the output. "Primary Group" membership is not revealed.

This program should work on any 32 or 64-bit Windows client that can log onto the domain. Windows NT and Windows 98/95 clients should have DSClient installed. If DSClient is not installed, they need WSH and ADSI installed.

DocumentGroups.txt <<-- Click here to view or download the program