Author: NetworkAdminKB.com
Created: 2010-02-21
Modified: 2011-06-11
Version: 1.3.17
The AddMembers2Group utility can be used to add, remove, list or export members of groups from any Active Directory domain or Windows computer..
1) The group(s) being processed can reside anywhere in the domain or on a Windows computer.
2) Members of groups can be any of the following types
a. Users, Computers, Contacts, Foreign Security Principals, or BuiltIn Groups.
3) Multiple groups can be processed at a single time.
4) Two standard formats are used to identify the group members in multiple domains.
a. NT4 Style
i. Domain\Object[,type]
ii. Computer\Object[,type]
iii. Object
iv. Does not support contact objects
b. NT4 Examples
i. Domain\Computer$
ii. Computer\User,user
iii. Domain\Group1,group
c. UPN Style
i. object@domain.fqdn
ii. Object
d. UPN Exmaples
i. User1@domain1.com
ii. Group1@domain2.com
iii. Computer1@domain1.com
iv. Contact@domain1.com
e. Unqualified Object
i. Both formats support the unqualified or generic object. If this is done the /d or /c option is used to determine the associated domain or computer the object should reside in.
ii. This format is useful to connect to multiple computers to manipulate the same group. For example, adding the same group to Administrators or Remote Desktop Users groups on many different computers.
Requirements and Limitations
1) Permissions required
a. To run AddMembers2Group the user account must be have the appropriate permissions in the target domain or on the target computer.
b. Account Operator or Domain Admin permissions are generally recommended for use against a domain. Local Administrator permissions are required for use against computers.
2) All objects types should work with this utility. However, only the following objects were tested during development.
a. Users
b. Computers
c. Builtin Groups (Everyone, Authenticated Users, Network Service, etc)
d. Contacts
e. Groups
3) Tested and developed against Windows 2003/2008 domain controllers.
4) VB6 Runtime may be required on Windows 2000 or earlier OS.
Syntax:
Author: NetworkAdminKB.com
Version: 1.3.17
Copyright (c) 2008-2011 NetworkAdminKB.com, All rights reserved.
Bug Report: bugs@networkadminkb.com
Purpose: Add, Remove, List or Export members of any group located on a domain,
server, or workstation.
Syntax:
AddMembers2Group
{/tg=targetgroup (/l | /e[=file.txt]) |
(/i=InputFile [/r]) | (/add=AddName [/r])} |
{/mg=MultipleGroupInputFile (/r | /l | /e[=file.txt])}
[/d=DomainName] [/nt4]) | [/c=computer]
Purpose: Add users or groups to the specified target group(s).
Select between: Individual Group /tg syntax or Multiple Group /mg Syntax.
Individual Group Syntax:
/tg=TargetGroup Specify the Target Group to add/remove/list/export the objects
to/from.
Select between: (/i and /add) or (/l or /e)
/i=InputFile Specify an inputfile of Object names (1 per line) in the format
NT4 Format
Domain\ObjectID[,type] *[] optional type = user, group or
computer
Computer\ObjectID[,type] *Only valid with the /c switch
Active Directory Format
userid@domain.com
groupname@domain.com
computer@domain.com
contact@domain.com
/add=AddName Specify an individual object to add to the Target Group.
Use the same format as the InputFile.
/l List the members of the group to the screen.
/e[=file.txt] Export the members of the group in the import format.
Optional: save the export to the specified file.
/r Remove the specified objects from the group.
Multiple Group Syntax:
/mg=InputFile Specify an inputfile of group and objects names in the format
NT4 Format
GroupName;Domain\UserID[,type];...;Domain\UserID[,type]
*[] optional type = user or group
Active Directory Format
GroupName;userid@domain.com;...;groupname@domain.com
/l List the members of the group to the screen.
/e[=file.txt] Export the members of the group in the import format.
Optionally save the export to the specified file.
/r Remove the specified objects from the group.
Optionally, specify the domain name and type (NT4) OR a local computer name.
These values are used when the object names do not contain a domain/computer
name
/d=domain Specify the Domain containing the Target Group.
If omitted the Current (RootDSE) domain is used.
/nt4 Attach to the domain using the WinNT provider.
Warning: WinNT does not support Contact Objects.
/c=Computer Specify the Computer name containing the Target Group.
Single Group Exmamples:
AddMembers2Group /tg=group1 /i=input.txt /nt4
AddMembers2Group /tg=group1 /add=domain1\user1 /nt4
AddMembers2Group /tg=group2 /add=servername\group1 /c=servername
Input.txt
domain1\user1
domain1\user2,user
domain1\group1
domain1\group2,group
domain1\computer1$
domain1\computer2$,computer
Multiple Group Exmamples:
AddMembers2Group /mg=MgNT4input.txt /nt4
AddMembers2Group /mg=MgADinput.txt /d=my.domain.com
MgNT4input.txt
Group1;domain1\user1;domain1\user4,user;domain1\group1,group
Domain2\Group2;domain1\user2;domain1\user5,user;domain1\group2,group
Group3;domain1\computer1$;domain1\computer2$,computer
MgADinput.txt
Group1;user1@my.domain.com;user4@my.domain.com;group1@my.domain.com
Group2@my.domain.com;user2@my.domain.com;user5@my.domain.com
Group3;computer1@my.domain.com;computer2@my.domain.com
Example Output of AddMembers2Group
List Members
Addmembers2group /tg=administrators /c=computer1 /l
Processing Group: WinNT://DOMAIN1/COMPUTER1/Administrators
Members: WinNT://DOMAIN1/COMPUTER1/Administrator (User)
WinNT://DOMAIN1/COMPUTER1/User1 (User)
WinNT://DOMAIN2/WKSAdmins (Group)
Total Members: 3
Export Members
Addmembers2group /tg=administrators /c=computer1 /e=out.txt
Processing Group: WinNT://DOMAIN1/COMPUTER1/Administrators
Out.txt
COMPUTER1\Administrators;COMPUTER1\Administrator;COMPUTER1\User1;DOMAIN1\WKSAdmins
Common Uses
1) Adding users to the same group on multiple computers
2) Removing users from the same group on multiple computers
3) Maintaining a consistent set of users in the same group(s)
a. Export the current users list
b. Use the exported list to remove all users from the group
c. Add the approved list of users to the group.
4) Copy group membership from one group to another
a. Export the source group membership
b. Add the exported list to the target group.
5) Reporting on group membership
a. Use the list or export options to report group membership on one or more groups in a Domain or on a Computer.
Download AddMembers2Group
Article ID: 270, Created On: 9/18/2011, Modified: 9/25/2011