I have a script that will produce a listing of the DL's with members names including the nested members. works great. But it doesn't output the DL's that are Security Enabled. I added the group type= 2147483648 but I gives more that I want or need. I had to kill the file at 11 gigs. I want the Sec Enabled groups as well. Any help is always greatly appreciated. here is the original script, i add the group type = 2147483648 in the same lin as the other group types. just remove it if you want to test it out. If this is easier via powershell, thats fine too. Thanks. '========================================================================== ' ' DATE : 04/10/08 ' COMMENT: This VBScript code prints the nested membership and managers of ' all the DLs ' in the Active Directory. '========================================================================== Option Explicit On Error Resume Next Const ForReading = 1 Const ForWriting = 2 Const ForAppend = 8 Const strSpaces = " " Dim objRootDSE, strDNSDomain, objCommand, objConnection, objFSO, objOutFile Dim strBase, strFilter, strAttributes, strQuery, objRecordSet Dim strNTName, strDN, strOutFile, strManagedBy Dim strGroupADsPath, objGroup, objMember, dicSeenGroupMember 'Open Output File for Writing strOutFile = Inputbox( "Name of file to write to", "Output filename" ) Set objFSO = CreateObject( "Scripting.FileSystemObject" ) Set objOutFile = objFSO.OpenTextFile( strOutFile, ForWriting, True ) ' Determine DNS domain name. Set objRootDSE = GetObject("LDAP://RootDSE") strDNSDomain = objRootDSE.Get("defaultNamingContext") ' Use ADO to search Active Directory. Set objCommand = CreateObject("ADODB.Command") Set objConnection = CreateObject("ADODB.Connection") objConnection.Provider = "ADsDSOObject" objConnection.Open "Active Directory Provider" objCommand.ActiveConnection = objConnection ' Search entire domain. strBase = "<LDAP://" & strDNSDomain & ">" ' Filter on distribution groups with no members. strFilter = "(&(objectCategory=group)(|(groupType=2)(groupType=8)))" 'strFilter = "(objectCategory=group)" ' Comma delimited list of attribute values to retrieve. strAttributes = "sAMAccountName,distinguishedName,ManagedBy" ' Construct the ADO query, using LDAP syntax. strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree" ' Run the query. objCommand.CommandText = strQuery objCommand.Properties("Page Size") = 100 objCommand.Properties("Timeout") = 30 objCommand.Properties("Cache Results") = False Set objRecordSet = objCommand.Execute ' Enumerate the recordset and output the values retrieved in ' comma delimited format. Do Until objRecordSet.EOF strNTName = objRecordSet.Fields("sAMAccountName").Value strDN = objRecordSet.Fields("distinguishedName").Value strManagedBy = objRecordSet.Fields("ManagedBy").Value Set dicSeenGroupMember = CreateObject("Scripting.Dictionary") objOutFile.WriteLine "" objOutFile.WriteLine "Members of " & strDN & ":" & "(Managed by " & strManagedBy &")" DisplayMembers "LDAP://" & strDN, strSpaces, dicSeenGroupMember objRecordSet.MoveNext Loop objRecordSet.Close On Error GoTo 0 ' Clean up. objOutFile.Close objConnection.Close Set objRootDSE = Nothing Set objCommand = Nothing Set objConnection = Nothing Set objRecordSet = Nothing Set objGroup = Nothing Set objMember = Nothing Set objFSO = Nothing Set objOutFile = Nothing MsgBox "Done!" Function DisplayMembers ( strGroupADsPath, strSpaces, dicSeenGroupMember) Set objGroup = GetObject(strGroupADsPath) for each objMember In objGroup.Members objOutFile.WriteLine strSpaces & objMember.Name If objMember.Class = "group" Then If dicSeenGroupMember.Exists(objMember.ADsPath) Then objOutFile.WriteLine strSpaces & strSpaces & " ^ already seen group member " & _ "(stopping to avoid loop)" Else dicSeenGroupMember.Add objMember.ADsPath, 1 DisplayMembers objMember.ADsPath, strSpaces & " ", _ dicSeenGroupMember end If end If Next End Function

i added this strFilter = "(&(objectCategory=group)(mail=*))" in place of strFilter = "(&(objectCategory=group)(|(groupType=2)(groupType=8)))" in the script and i worked like a charm. thanks though

Hi I wrote a script in powershell that list all the Groups which are security enable and gave each of them a number, below the group name, I listed all the members of this group and its path, if their is no member in the group, it will display "No member", Remember to change the DC to your domain ---------------------------------------------------------------------------------------------------------------------------------------------------------- $strFilter = "(&(objectcategory=Group"))" $objDomain = New-Object System.DirectoryServices.DirectoryEntry("LDAP://dc=fa,dc=com") $objSearcher = New-Object System.DirectoryServices.DirectorySearcher("LDAP://dc=fa,dc=com") $objSearcher.SearchRoot = $objDomain $objSearcher.PageSize = 10000 $objSearcher.SizeLimit = 10000 $objSearcher.Filter = $strFilter $objSearcher.SearchScope = "Subtree" $searchResults = $objSearher.FindAll() | where{$_.Properties.grouptype -eq "-2147483646"} $i = 1 Foreach($member in $searchResults){ $i $i++ "Group Name: " $member.Properties.name if($member.Properties.member -ne $null){ "Group Members: " $member.Properties.member } else{ "Group Members: " "No member in this group" } "----------------------------------------------------" } ---------------------------------------------------------------------------------------------------------------------------------------------- Cheers Zi Feng