Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
If you want two AD groups with the same membership but are afraid of mis-sync, I have a sample script to find the delta:
On Error Resume Next
Dim strGroup1, strGroup2, iArgs, oArgs
iArgs = Wscript.arguments.count
Set oArgs = Wscript.arguments
strGroup1 = "cn=" & oArgs(0) & ",ou=ou_name,dc=child_domain_name,dc=parent_domain_name,dc=c0m"
strGroup2 = "cn=" & oArgs(1) & ",ou=ou_name,dc=child_domain_name,dc=parent_domain_name,dc=c0m"
Set objGroup1 = GetObject("LDAP://" & strGroup1)
objGroup1.GetInfo
arrMemberOf1 = objGroup1.GetEx("member")
Set objGroup2 = GetObject("LDAP://" & strGroup2)
objGroup2.GetInfo
arrMemberOf2 = objGroup2.GetEx("member")
WScript.Echo oArgs(0) & " Members not in " & oArgs(1)
For Each strMember in arrMemberOf1
strUser1 = split(strMember,",")
if (StrComp(InGroup2(strUser1(0)),"no") = 0) then
strUser = split(strUser1(0),"=")
WScript.echo strUser(1)
end if
Next
WScript.Echo " "
WScript.Echo oArgs(1) & " Members not in " & oArgs(0)
For Each strMember in arrMemberOf2
strUser2 = split(strMember,",")
if (StrComp(InGroup1(strUser2(0)),"no") = 0) then
strUser = split(strUser2(0),"=")
WScript.echo strUser(1)
end if
Next
WScript.Echo " "
Function InGroup1(strMember2)
InGroup1 = "no"
For Each strMember in arrMemberOf1
strUser1 = split(strMember,",")
if (StrComp(strMember2,strUser1(0)) = 0) then InGroup1 = "yes"
Next
' Wscript.Echo strMember2 & " " & InGroup1
End Function
Function InGroup2(strMember1)
InGroup2 = "no"
For Each strMember in arrMemberOf2
strUser2 = split(strMember,",")
if (StrComp(strMember1,strUser2(0)) = 0) then InGroup2 = "yes"
Next
' Wscript.Echo strMember1 & " " & InGroup2
End Function