An updated version of ADTD was just realased. Go get it if you like to have a graphical documentation of your domain. It requires MS Visio. The older version worked with the Visio trial version. I’ve not tested if this version do.
http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=13380
AD Group membership should be documented, but there are none good built-in MS tools that can do it for you (atleast that I’m aware of). You can use tools such as “dsget group” but you can’t pipe it to Excel and get it user/customer friendly 😐
Here is a script that will do the job for you. It requires that you have Excel installed.
If you don’t have Excel, it will work on a trial version that you’ll find here.
'------------------Save me as .vbs ----------------------------------------------
' The script searces for all AD groups (as you can specify) and writes ' the group name with the group manager and its members to an Excel spred sheet. ' One sheet per group. ' Privilages to run: "domain users" ' v.1.1 ' rsoe(a)hotmail.com ' www.adfordummiez.com '-------------------------------------------------------------------------------
On Error Resume Next
' -----CHANGE THIS CONSTANT SO IT REFLECTS YOUR DOMAIN NAME -------------
Const MyDomain = "dc=spurs,dc=local"
' If you don't want all built-in groups but only groups in a spesific OU: ' Const MyDomain = "ou=ChildOU,ou=ParentOU,dc=spurs,dc=local"
'------------------------------------------------------------------------
Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
' Open Excel for writing
Set objExcel = CreateObject("Excel.Application")
objExcel.Visible = True
objExcel.Workbooks.Add
' Find all groups objCommand.CommandText = _ "SELECT ADsPath, Name FROM 'LDAP://" & MyDomain & "' WHERE objectCategory='group'"
Set objRecordSet = objCommand.Execute objRecordSet.MoveFirst
Do Until objRecordSet.EOF
Set objGroup = GetObject(objRecordSet.Fields("ADsPath").Value)
strGroupName = objRecordSet.Fields("Name").Value
' Find if the group has a manager
strManagedBy = objGroup.Get("managedBy")
If IsEmpty(strManagedBy) = FALSE Then
strManager = strManagedBy
Else strManager = "-"
End If
' Give the sheet the Group name. One sheet per group.
objExcel.Sheets.Add.Name = strGroupName
Err.Clear
arrMemberOf = objGroup.GetEx("member")
objExcel.Cells(1, 1).Value = "Members of " & strGroupName & ":"
objExcel.Cells(2, 1).Value = "Managed by: " & strManager
i = 3
count = 0
' Check to see if the group contains users
If Err.Number <> E_ADS_PROPERTY_NOT_FOUND then
For Each strMemberOf in arrMemberOf
Set objMember = GetObject("LDAP://" & strMemberOf)
strMemberName = right(objMember.Name,len(objMember.Name)-3)
objExcel.Cells(i, 1).Value = strMemberName
set objMember = nothing
i = i + 1
count = count + 1
Next
objExcel.Cells(i, 1).Value = "Member count: " & count
Else
' The group don't have any members
objExcel.Cells(i, 1).Value = "Member count: " & count
End If
i = 0
count = 0
strManagedBy = ""
objRecordSet.MoveNext
Set objGroup = nothing
Loop
' EOF
The documentation is a vital part of the admin’s day. It’s time consuming and when there are changes to the system, it’s you who got to update the documentation. That can be boring!
Remember that outdated (or may I call it tombstoned?!) documentation can be worse than no documentation!
If you’re a System consultant that got the job setting up a domain, it’s always nice to hand over some documentation of the domain to the company that hired you.
Don’t worry, the help is out there just waiting for you! Microsoft have a great utility called “Active Directory Topology Diagrammer”. It reads the configuration of your domain/forest and generates/updates a Visio drawing of the hole domain/forest! Including all domain controllers, global catalogs, trusts, OU structure, sites, schema version, SP level, user count and so on.
Just tick the checkboxes you want and hit the “Discover” button. After a few seconds the discovery completes. Go get yourself a cup of nice warm coffee, press the “Draw” button and enjoy your coffee while ADTD populates the Visio drawing for you
This tool can also draw your Exchange organization.
Download a free copy of ADTD here
If you don’t have Visio available you can download a 60 days free trial from MS here.