Delen via


Sample Code (VBScript) - Compare Two AD Groups and Get Membership Difference

If you want two AD groups with the same membership but are afraid of mis-sync, I have a sample script to find the delta:

On Error Resume Next
Dim strGroup1, strGroup2, iArgs, oArgs

iArgs = Wscript.arguments.count
Set oArgs = Wscript.arguments

strGroup1 = "cn=" & oArgs(0) & ",ou=ou_name,dc=child_domain_name,dc=parent_domain_name,dc=c0m"
strGroup2 = "cn=" & oArgs(1) & ",ou=ou_name,dc=child_domain_name,dc=parent_domain_name,dc=c0m"

Set objGroup1 = GetObject("LDAP://" & strGroup1)
objGroup1.GetInfo
arrMemberOf1 = objGroup1.GetEx("member")

Set objGroup2 = GetObject("LDAP://" & strGroup2)
objGroup2.GetInfo
arrMemberOf2 = objGroup2.GetEx("member")

WScript.Echo oArgs(0) & " Members not in " & oArgs(1)
For Each strMember in arrMemberOf1
strUser1 = split(strMember,",")
if (StrComp(InGroup2(strUser1(0)),"no") = 0) then
strUser = split(strUser1(0),"=")
WScript.echo strUser(1)
end if
Next
WScript.Echo " "

WScript.Echo oArgs(1) & " Members not in " & oArgs(0)
For Each strMember in arrMemberOf2
strUser2 = split(strMember,",")
if (StrComp(InGroup1(strUser2(0)),"no") = 0) then
strUser = split(strUser2(0),"=")
WScript.echo strUser(1)
end if
Next
WScript.Echo " "

Function InGroup1(strMember2)
InGroup1 = "no"
For Each strMember in arrMemberOf1
strUser1 = split(strMember,",")
if (StrComp(strMember2,strUser1(0)) = 0) then InGroup1 = "yes"
Next
' Wscript.Echo strMember2 & " " & InGroup1
End Function

Function InGroup2(strMember1)
InGroup2 = "no"
For Each strMember in arrMemberOf2
strUser2 = split(strMember,",")
if (StrComp(strMember1,strUser2(0)) = 0) then InGroup2 = "yes"
Next
' Wscript.Echo strMember1 & " " & InGroup2
End Function