Windows users and groups information

Being part of a Windows administrator group, responsible for a bunch of Windows server, where there is more than one administrator can be quite challenging!

We have a bunch of scripts that does some automatic documentation of:

• Server shares
• Server scheduled tasks
• Server services with sc.exe
• Ntfs permissions of selected directories.

Now I want add a script for documentation of the server users and groups!

Here is my first thoughts of what I would like:

1) given a username, script should return:
show group membership
show username details

2) given a groupname, script must give:
show members
show username details for each member

3) given a servername, return list of:
local users and run 1) for each username
local groupnames and run 2) for each groupname

I did some Google searches:

enumerate group memberslist of members in a local group, eg. who is member
of "administrators"
backup and recovery of windows users and groups
list of users and groups on windows server
enumerate local users and their membership
enumerate windows users with wmi

I ended up with a simple vbscript that combines a good userinfomation binary with some user and group info vbscript code. The output from the script is text, easily diffable, so changes can quickly be spottet.

Someone else surely should have cooked up something smart, as this task seems like something many administrators would appreciate. If you know of such script or application, please leave a comment :-)

A thing that puzzled me for a while was how to get output from the binary into the same STDOUT where I would be starting my script with cscript.exe listusersandgroups.wsf. This was needed as I want to pipe script output to a text file for version control commit and change management :-) So this was easily worked around like this:
set objWshShell = CreateObject("WScript.Shell")
set objWshShell = objWshShell.Exec(strCommand)
Do While objWshShell.StdOut.AtEndOfStream<>True
' running a file from inside vbscript and get output in same command window
strLine=objWshShell.StdOut.ReadLine
WScript.Echo strLine
Loop

The usual way I have started programs from inside VBscript, would be to have them hidden, similar to this:
set objWshShell = objWshShell.Exec(strCommand)
intRC = objWshShell.Run(StrCommand, 0, TRUE)
' parm 1 = command line
' parm 2 = window style (1 = normal, 0 = hidden)
' parm 3 = if true, waits for command
If intRC <> 0 Then ...
' and destroy it properly:
if isObject(objWshShell) then set objWshShell = nothing

Read more about the normal .Run method.