VBScript program to determine the primary group of a user. The WinNT provider is used to bind to the user object. This is because the WinNT provider includes the primary group in the Groups collection of the user object. This group collection is used to create a list of group names to search. The primary group is among the groups in this list. The PrimaryGroupID attribute of the user object represents the primary group. The program determines which group in the Groups collection has a PrimaryGroupToken attribute that matches this PrimaryGroupID. The group that matches is the primary group of the user.

Because the PrimaryGroupToken attribute is a operational (also called constructed), it is not stored in Active Directory. It is calculated as needed. The program uses ADO to search Active Directory for the groups in the user object Groups collection, and return each group's PrimaryGroupToken attribute. The RootDSE object is used to retrieve the DNS domain name. The group in the user object Groups collection whose PrimaryGroupToken attribute matches the user's PrimaryGroupID is the primary group.

This program should work on any 32 or 64-bit Windows client that can log onto the domain. Windows NT and Windows 98/95 clients should have DSClient installed. If DSClient is not installed, they need WSH and ADSI installed.

GetPrimaryGroup.txt <<-- Click here to view or download the program