String strAdGroup = "ADGroup1"
try {
//Read AD users by group name
StringBuffer sADAllUsers = new StringBuffer();
sADAllUsers.append("cmd /c dsget group \"CN="+strADGroup+",OU=Resource Access,OU=Groups,OU=Enterprise,DC=mstrblog,DC=co,DC=uk\" -members | dsget user -dn"); 
Process procReadADUsers=Runtime.getRuntime().exec(sADAllUsers.toString());
BufferedReader brInputReadADUsers = new BufferedReader(new InputStreamReader(procReadADUsers.getInputStream()));
BufferedReader brErrorReadADUsers = new BufferedReader(new InputStreamReader(procReadADUsers.getErrorStream()));
String sReadADUserErrors = null;
String sReadADUser = brInputReadADUsers.readLine();
String unprocessedUserDN = brInputReadADUsers.readLine();
while (unprocessedUserDN!= null) { 
if((! unprocessedUserDN.equals("dsget succeeded"))) {
sReadADUser =(unprocessedUserDN.substring((int)unprocessedUserDN.indexOf('=')+1,(int)unprocessedUserDN.indexOf(','))).trim().toLowerCase(); 
printOut("AD Group:"+strAdGroup+", User:"+sReadADUser;
} 
unprocessedUserDN = brInputReadADUsers.readLine();
}
while ((sReadADUserErrors = brErrorReadADUsers.readLine()) != null) {
printOut("Error reading members of AD group "+strAdGroup+": "+sReadADUserErrors); 
}
int exitValue = procReadADUsers.waitFor(); 
printOut("Exit Status: "+exitValue);
sADAllUsers.delete(0,sADAllUsers.length()); 
}
catch (Exception e) {
printErr("Error reading properties file: " + e.getLocalizedMessage());
}
DSGET Command
 Display user(s) from active directory.
 (installable option either via AD DS or adminpack.msi)

 Syntax
 DSGET user UserDN [-dn] [-samid] [-sid] [-upn] [-fn] [-mi] [-ln]
 [-display] [-empid] [-desc] [-office] [-tel] [-email] [-hometel] [-pager] [-mobile]
 [-fax] [-iptel] [-webpg] [-title] [-dept] [-company] [-mgr] [-hmdir] [-hmdrv] [-profile]
 [-loscr] [-mustchpwd] [-canchpwd] [-pwdneverexpires] [-disabled] [-acctexpires] [-reversiblepwd]
 [{-uc | -uco | -uci}] [-part PartitionDN [-qlimit] [-qused]]

 DSGET user UserDN [-memberof] [-expand][{-uc | -uco | -uci}]

 Key
 UserDN Distinguished Name of the user to view.
 -dn Display the distinguished names
 -samid Display the Security Account Manager (SAM) account names
 -sid Display the user security identifiers (SIDs).
 -upn Display the user principal names (UPNs)
 -fn Display the first names
 -mi Display the middle initials
 -ln Display the last names
 -display Display the display names
 -empid Display the employee IDs
 -desc Display the descriptions
 -full Display the full names
 -office Display the office locations
 -tel Display the telephone numbers
 -email Display the email addresses
 -hometel Display the home telephone numbers
 -pager Display the pager numbers
 -mobile Display the mobile phone numbers
 -fax Display the fax numbers
 -iptel Display the user IP phone numbers.
 -webpg Display the user Web page URLs.
 -title Display the titles
 -dept Display the departments
 -company Display the company information
 -mgr Display the managers
 -hmdir Display the users home directory
 -hmdrv Display the user's home drive letter
 -profile Display the user profile paths
 -loscr Display the user logon script paths
 -mustchpwd Display whether users must change their passwords at next logon (yes/no).
 -canchpwd Display whether users can change their password (yes/no).
 -pwdneverexpires Display whether passwords never expire (yes/no).
 -disabled Display whether user accounts are disabled (yes/no).
 -acctexpires Display the dates when user accounts expire. (date/never)
 -reversiblepwd Display whether user passwords will be stored with reversible encryption (yes/no).
 -memberof Display the immediate list of groups of which the user is a member.
 -expand Display the recursively expanded list of groups of which the user is a member. 
 -uc Unicode format
 -uco Unicode format for output only
 -uci Unicode format for input only
 -part Connect to the directory partition PartitionDN
 -qlimit Display the effective quota of the user within PartitionDN
 -qused Display how much quota the user has used within PartitionDN
 
Examples
 Find the list of groups, recursively expanded, to which the user Fred belongs:
 C:> dsget user "cn=fred,ou=Users,ou=AcmeCo,dc=ss64,dc=com" -memberof -expand
 
Display the distinguished name and description of domain controller Dom1:
 C:> dsget server CN=Dom1,CN=Servers,CN=AcmeCo,DC=ss64,DC=Com -dn -desc

Leave a Reply

Your email address will not be published. Required fields are marked *