VBScript program to document all members of a local group. Local groups can have local user and group objects as members. This program recursively enumerates the nested local groups to reveal all local members. The WinNT provider must be used for all local objects. The local group can also have domain user and group objects as members. The LDAP provider must be used to reveal nested domain groups. The program uses the NameTranslate object to convert the NetBIOS name of any domain groups to the distinguished name required for the LDAP provider. Members of domain groups that are members of the local group are recursively enumerated.

This example enumerates the local Administrators group. It can be revised to document membership in any local group. The output can be redirected to a text file.

If any local group members are domain groups, the local computer must be authenticated to the domain so the program can bind to the domain group object.

This program should work on any 32 or 64-bit Windows client that can log onto the domain. Windows NT and Windows 98/95 clients should have DSClient installed. If DSClient is not installed, they need WSH and ADSI installed.

EnumLocalGroup.txt <<-- Click here to view or download the program

A PowerShell script with the same functionality is linked below:

PSEnumLocalGroup.txt <<-- Click here to view or download the program