Script or tool to enumerate windows users and groups

Question

I'm auditing an existing Windows 2000 server that's plagued with non-expiring passwords, stray users, and groups pointing to SharePoint and Interdev-created accounts.

What's the best way to enumerate each group, display the resource that the group points to (it's show in the description field of Local Users and Groups), and display all the users in each group?

I'd also like to do the same for users. For each Windows user, display all groups.

Is there a batch file, a tool, or a piece of script I can use to quickly get these results to begin my audit?

Answer 1

There are VBScript examples of group enumeration online. To enumerate the non-expiring passwords you could start by inverting this example.

The Microsoft Script Center has lots of examples, Hey, Scripting Guy! is a good column.

Answer 2

Script Center link is broken. The VBScript link isn't bad, but I was hoping to find a script that, given a computer or server name, would give a list of groups and members. I'm not really AD savvy; would that code work in Windows 2000 Server?

Answer 3

I think you could easily do this with Powershell and Quest's AD Powershell Commands

I've used it in the past for similar tasks.

I'm pretty sure you could run the command from your workstation against your W2K AD. I know it works for W2k3 based AD.