[Samba] AD group membership script

Aaron Kincer kincera at gmail.com
Sat Jul 28 01:37:49 GMT 2007 

Everyone,

Today I was trying to find a way to list the members of one or more 
groups in a domain. There may be a built-in way to do it, but I didn't 
find it. After a half hour or so of looking, I figured I could write a 
Perl script much quicker. So I did and thought I'd share it in case 
anyone else might need it or find a use for it. The script determines 
group membership by the following logic:

1) List all users with wbinfo -u
2) For each user, find their SID with wbinfo -n
3) For that SID, list all of the SIDs of the groups it is in with wbinfo 
--user-domgroups
4) For each SID except for the first (which seems to be the SID of the 
user), find the group name with wbinfo -s
5) For that name, append the user's name to a file named after that group

This script was created on an Ubuntu 7.04 Feisty server running Samba 
3.0.24 joined to a native 2003 AD domain. If someone knows of another or 
better way to do this, let me know.

For the curious, I'm providing this script under the terms of the GPLv3 
as defined by the Free Software Foundation on June 29, 2007.

Here's the script:

#Begin Script
open (USERLIST, 'wbinfo -u |');
while (<USERLIST>){
        #Get this from your smb.conf obviously
        $wbseparator = '+';
        $beginpoint = index($_, $wbseparator);
        $beginpoint += 1;
        $username = substr($_, $beginpoint);
        open(USERSIDS, 'wbinfo -n ' . $_ . ' |');
        while (<USERSIDS>){
                $space = ' ';
                $endpoint = index($_, $space);
                $usersid = substr($_, 0, $endpoint);
                open(GROUPSIDS, 'wbinfo --user-domgroups ' . $usersid . 
' |');
                $j = 0;
                while (<GROUPSIDS>){
                        if ($j != 0) {
                                open(GROUPNAME, 'wbinfo -s ' . $_ . ' |');
                                while (<GROUPNAME>){
                                        $beginpoint = index($_, 
$wbseparator);
                                        $beginpoint += 1;
                                        $endpoint = length($_);
                                        $endpoint -= 3;
                                        $endpoint -= $beginpoint;
                                        $groupname = substr($_, 
$beginpoint, $endpoint);
                                        open(GROUPFILE, ">> 
/root/$groupname.txt");
                                        print GROUPFILE "$username";
                                        close(GROUPFILE);
                                }
                        }
                        $j += 1;
                }
        }
}
#End Script

Let me know if you have any questions.

Aaron Kincer

More information about the samba mailing list