A few of my recent Mr. Roboto columns have been about group auditing. I first published an HTA that would report on group membership last December. Astute reader Matt V. found a bug with the way nested group memberships were being reported. Or in this case, not being reported. It turns out that if a group was a member of one other group, that membership was not reported. But if the group was nested in 2 or more groups then you’d see all the nested groups. After a little debugging I found my goof. I used ADSI to get a reference to the specified group:
Set objGroup=GetObject("LDAP://" & strDN)
strDN would have a value like CN=Sales,OU=Groups,DC=Mycompany,DC=local. My mistake was in assuming that the MemberOf property would always be a collection so I was using a ForEach construct. But it is only a collection if there is more than one group. So I modified the code:
If IsArray(objGroup.MemberOf) Then Trace "MemberOf is a collection" For Each member In objGroup.MemberOf Trace "found member of " & member strMemberOf=strMemberof & " " & member & VbCrLf NextElse Trace "found member of " & objGroup.MemberOf strMemberOf=strMemberof & " " & objGroup.MemberOf & vbcrlfEnd If
Because I used the same code in a followup article where I released a command line version of the tool, I had to modify that tool as well. The above code snippet is actually from the WSF version.
Anyway, both versions have now been updated and are available for download from the Mr. Roboto section of my script library. Thank you Matt for keeping me on my toes.
