Ok let’s do another nested group script.
This script enumerates the lastlogon of all members of a nested group.
Attention: the lastlogontimestamp attribute has a treshold of 2 weeks, so recently added users might not occur in the output of the script.

Follow the next steps to run the script (no admin rights needed):

• copy and paste the script in your favorite text editor
• change the distinguished name of the nested group to your group distinguished name
• save the script (for example c:tempenumeratenestedgrouplastlogon.vbs)
• open a command prompt
• go to “c:temp”
• give “cscript enumeratenestedgrouplastlogon.vbs” (without quotes) and enter

The script:

' Name : enumeratenestedgrouplastlogon.vbs
' Description : script to enumerate the lastlogon of all users of a nested group
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 13-04-2010
' Level: intermediate

intBias = TimeZoneBias
strTargetGroupDN = "LDAP://CN=testgroup,OU=Groups,DC=test,DC=org"
EnumNestedgroup strTargetGroupDN
Sub EnumNestedgroup(strGroupDN)
	Set objGroup = GetObject(strGroupDN)
	For Each objMember in objGroup.Members
		If (LCase(objMember.Class) = "group") Then
			EnumNestedgroup objMember.AdsPath
		ElseIf TypeName(objMember.lastLogonTimeStamp) <> "Empty" Then
			Set objDate = objMember.lastLogonTimeStamp
			If (Err.Number <> 0) Then
				dtmDate = #1/1/1601#
			Else
				dtmDate = ((((objDate.Highpart * (2^32)) + objDate.LowPart)/(600000000 - intBias))/1440) + #1/1/1601#
			End If
			Set objDate = Nothing
			Wscript.Echo objMember.DisplayName & " ; " & objMember.Mail & " ; " & dtmDate
		End If
	Next
	Set objGroup = Nothing
End Sub

Function TimeZoneBias
	strComputer = "."
	Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\" & strComputer & "rootcimv2")
	Set colTimeZone = objWMIService.ExecQuery("Select * from Win32_TimeZone")
	For Each objTimeZone in colTimeZone
		TimeZoneBias = objTimeZone.Bias
	Next
	Set colTimeZone = Nothing
	Set objWMIService = Nothing
End Function

When you have problems/questions please post a reply or give a ‘star’ rating.

Happy scripting.

Best regards,

Dirk Adamsky – Deludi BV

Script for today is a mutation of my previous enumerate nested group script.
The script enumerates all nested group users with a citrix token.

Follow the next steps to run the script (no admin rights needed):

• copy and paste the script in your favorite text editor
• change the distinguished name of the nested group to your group distinguished name
• save the script (for example c:tempenumeratenestedgrouptokens.vbs)
• open a command prompt
• go to “c:temp”
• give “cscript enumeratenestedgrouptokens.vbs” (without quotes) and enter

The script:

' Name : enumeratenestedgrouptokens.vbs
' Description : script to enumerate the citrix tokens of a nested group
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 13-04-2010
' Level: intermediate
strTargetGroupDN = "LDAP://CN=testgroup,OU=groups,DC=test,DC=org"
EnumNestedgroup strTargetGroupDN
Sub EnumNestedgroup(strGroupDN)
	Set objGroup = GetObject(strGroupDN)
	For Each objMember in objGroup.Members
		If (LCase(objMember.Class) = "group") Then
			EnumNestedgroup objMember.AdsPath
		ElseIf objMember.[securecomputingCom2000-SafeWord-UserID] <> "" Then
			Wscript.Echo objMember.DisplayName & " ; " & objMember.Mail & " ; " & objMember.[securecomputingCom2000-SafeWord-UserID]
		End If
	Next
	Set objGroup = Nothing
End Sub

When you have problems/questions please post a reply or give a ‘star’ rating.

Happy scripting.

Best regards,

Dirk Adamsky – Deludi BV

Last friday I got a question from Marten on the number of users that a subgroup contains.
I have made a small mutation of the previous script to achieve this. The output of the script now contains the number of users in each subgroup.

Follow the next steps to run the script (no admin rights needed):

• open your favorite text editor
• copy and paste the script into the editor
• save the script (for example c:tempcountgroupmembershipnestedgroup.vbs)
• open a command prompt
• go to “c:temp”
• give “cscript countgroupmembershipnestedgroup.vbs” (without quotes) and enter

The script:

' Name : countgroupmembershipnestedgroup.vbs
' Description : script to count the number of users in subgroups of a nested distribution group
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 30-03-2010
' Level : intermediate

Set objDictionary = CreateObject("Scripting.Dictionary")
strTargetGroupDN = "LDAP://CN=SW (Alle Medewerkers),OU=DistributieGroepen,OU=Groepen,DC=domstad,DC=org"
Call EnumNestedgroup(strTargetGroupDN)

Sub EnumNestedgroup(strGroupDN)
	Set objGroup = GetObject(strGroupDN)
	For Each objMember in objGroup.Members
		If (LCase(objMember.Class) = "group") Then
			Call EnumNestedgroup(objMember.AdsPath)
		Else
			If objDictionary.Exists(objGroup.DisplayName) Then
				objDictionary.Item(objGroup.DisplayName) = objDictionary.Item(objGroup.DisplayName) + 1
			Else
				objDictionary.Add objGroup.DisplayName, 1
			End If
		End If
	Next
	Set objGroup = Nothing
End Sub

For Each strKey in objDictionary.Keys
	If objDictionary.Item(strKey) > 1 Then
		Wscript.Echo strKey & " contains ; " & objDictionary.Item(strKey) & " ; users"
	End If
Next

Set objDictionary = Nothing

When you have problems/questions please post a reply.

Happy scripting.

Best regards,

Dirk Adamsky – Deludi BV
[adrotate group="1"]

Today I had to find out the lastlogon of the members of a nested group.
Extra request was the users who’s lastlogon was longer than 90 days ago.
I solved the problem by creating a script that was a combination of earlier scripts.
The lastlogon code came from my lastlogon script, the enumeration of the group members code was taken from my enumeratenestedgroup script. The users with a lastlogon of 1-1-1601 did never log on.

Follow the next steps to run the script (no admin rights needed):

• open your favorite text editor
• copy and paste the script into the editor
• change the distinguished name of strTargetGroupDN to the distinguished name of your nested group
• optionally: change the treshold value in line 17 to the desired value (example treshold value is 90 days)
• save the script (for example c:tempenumerate-lastlogon-nestedgroup-with-treshold.vbs)
• open a command prompt
• go to “c:temp”
• give “cscript enumerate-lastlogon-nestedgroup-with-treshold.vbs” (without quotes) and enter

The script:

' Name : enumerate-lastlogon-nestedgroup-with-treshold.vbs
' Description : script to enumerate the last logon of the members of a nested group with treshold
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 23-03-2010
' Level : advanced

intBias = TimeZoneBias
strTargetGroupDN = "LDAP://CN=Testgroup,OU=Groups,DC=Test,DC=org"
EnumNestedgroup strTargetGroupDN
Sub EnumNestedgroup(strGroupDN)
	Set objGroup = GetObject(strGroupDN)
	For Each objMember in objGroup.Members
		If (LCase(objMember.Class) = "group") Then
			EnumNestedgroup objMember.AdsPath
		Else
			CheckLastLoginWithTreshold objMember.AdsPath, 90
		End If
	Next
	Set objGroup = Nothing
End Sub

Sub CheckLastLoginWithTreshold(strDN,intTreshold)
	Set objUser = GetObject(strDN)
	On Error resume next
	Set objDate = objUser.Get("lastLogonTimestamp")
	If (Err.Number <> 0) Then
        dtmDate = #1/1/1601#
    Else
		dtmDate = ((((objDate.Highpart * (2^32)) + objDate.LowPart)/(600000000 - intBias))/1440) + #1/1/1601#
	End If
	Set objDate = Nothing
	If DateDiff("d",dtmDate,Date) > intTreshold Then
		Wscript.Echo objUser.Displayname & " ; " & objUser.Mail & " ; " & dtmDate
	End If
	Set objUser = Nothing
End Sub

Function TimeZoneBias
	strComputer = "."
	Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\" & strComputer & "rootcimv2")
	Set colTimeZone = objWMIService.ExecQuery("Select * from Win32_TimeZone")
	For Each objTimeZone in colTimeZone
		TimeZoneBias = objTimeZone.Bias
	Next
	Set colTimeZone = Nothing
	Set objWMIService = Nothing
End Function

When you have problems/questions please post a reply.

Happy scripting.

Best regards,

Dirk Adamsky – Deludi BV