有很多关于如何使用 memberOf 属性的示例,但我找不到任何我需要的工作脚本。所以我写了自己的,我希望在这里分享我的脚本可以帮助其他人。
下面的脚本有 2 个工作示例。第一个示例Set GroupsOfUser = GetMembership(oAD.UserName, null)检索当前登录用户的成员资格。第二个示例Set GroupsOfGroup = GetMembership("CN=SomeGroup,OU=MyGroupContainer,DC=MyDomain,DC=local", null)演示了特定组的成员资格。
下面的函数返回唯一值,并且不会像大多数示例那样进入无限循环。
'Get the recursive groups from the active user
Set oAD = CreateObject("ADSystemInfo")
Set GroupsOfUser = GetMembership(oAD.UserName, null)
MsgBox Join(GroupsOfUser.Items(), "," & vbCrLf)
'Get the recursive groups from a specific group
Set GroupsOfGroup = GetMembership("CN=SomeGroup,OU=MyGroupContainer,DC=MyDomain,DC=local", null)
MsgBox Join(GroupsOfGroup.Items(), "," & vbCrLf)
Function GetMembership(sChild, dMembership)
'Get AD info on the given Child
Set oChild = GetObject("LDAP://" & sChild)
If TypeName(oChild) = "Object" Then
'Add the Child's canonical name to the array IF it's a group
If TypeName(dMembership) = "Dictionary" Then
dMembership.Add oChild.distinguishedName, oChild.CN
Else
Set dMembership = CreateObject("Scripting.Dictionary")
End If
'If the Child has any parents (=groups), run the same loop for these parents.
If TypeName(oChild.memberOf) = "Variant()" Then
oParents = oChild.GetEx("memberOf")
For Each sParent in oParents
If Not dMembership.Exists(sParent) Then
Set dMembership = GetMembership(sParent, dMembership)
End If
Next
End If
End If
Set GetMembership = dMembership
End Function