How can I use a script to display members of an Active Directory (AD) group?

A. The easiest way to use a script to view the members of a group is to use the ability of Active Directory Service Interfaces (ADSI) to fetch the member attribute of a group object and recursively display each item. The following script, which you can download here, does just that.

On Error Resume Next' Check all arguments required have been passedIf Wscript.Arguments.Count I executed the script by running the following command:

D:projectsVBScripts>cscript displaygroup.vbs "cn=members,ou=justice league,dc=savilltech,dc=com"

To produce this output:

Members:CN=Barry Allen,OU=Justice League,DC=savilltech,DC=comCN=Kara Zor-El,OU=Justice League,DC=savilltech,DC=comCN=Helena Bertinelli,OU=Justice League,DC=savilltech,DC=comCN=Ted Kord,OU=Justice League,DC=savilltech,DC=comCN=Jason Todd,OU=Justice League,DC=savilltech,DC=comCN=Dick Grayson,OU=Justice League,DC=savilltech,DC=com

You can modify the script to output different information about the user. For example, by changing the For...Next loop code, you can also display the SAM name, as the following example shows:

For Each strMember in arrMemberOf    Set objUser = GetObject("LDAP://" & strMember)    WScript.echo objUser.sn & " - " & strMemberNext