Search This Blog

Wednesday, June 05, 2013

NON-LVR groupmembers - how to find them

Today I was trying to find out which group members that still was LEGACY, meaning not using LVR. I was definately not going to manually look at the groups metadata since it was about 7000+ groups. So this is how I did it form the command prompt:

[the domain name is: demo.net and DC name is DC1 in this example, you need to replace that with your domain and DC]

1. Create a list of all groups in the domain:
Dsquery group dc=demo,dc=net /limit 0 > allGroups.txt

2. Remove all built-in groups and groups that are created by default during a fresh installation since I didn't want to "touch" them.

3. Get objMeta of all groups in the text file:
For /f “delims=” %f in (groups.txt) do repadmin /showobjmeta DC1 %f > metadata\%f

(metadata is the folder where I saved the output files to)

4. Now the only thing left is to search the files created in the metadata folder for LEGACY. And you will have a list of which groups contains non-LVR memberships.

When I have my complete list I will then remove/add the members to be able to utilize LVR. I haven't decided how I will do that yet, but most likely dsget group | dsmod group but I will post that after I've done it.

1 comment:

Jimmy Andersson [DS MVP] said...

Hi,
My friend Simon Wåhlin has created a function in Powershell that will do this in a much easier way. Check it out here: http://blog.simonw.se/list-active-directory-non-lvr-group-members/