|
|
Hello Group,
I am a newbie to scripting as well as to supporting Windows.
I have been asked to produce a report of all the user ids and their
associate description (that you see on the "General" tab when
displaying the user profile. This is for Active Directory.
The problem is I don't now where to start. I have domain admin rights
but I have not been able to locate a script that would produce the
report.
Does any one have a sample script that looks at an Active Directory
domain and writes out the users login name and description?
Are scripts cpu intensive?
Mack
|
|
Mack wrote:
[Quoted Text] > I am a newbie to scripting as well as to supporting Windows.
>
> I have been asked to produce a report of all the user ids and their
> associate description (that you see on the "General" tab when
> displaying the user profile. This is for Active Directory.
>
> The problem is I don't now where to start. I have domain admin rights
> but I have not been able to locate a script that would produce the
> report.
>
> Does any one have a sample script that looks at an Active Directory
> domain and writes out the users login name and description?
>
> Are scripts cpu intensive?
You can use ADO in a VBScript program to retrieve information about objects
in AD. This is not cpu intensive, most of the work is done efficiently on
the Domain Controller. For more on using ADO, see this link:
http://www.rlmueller.net/ADOSearchTips.htm
An example to retrieve Distinguished Name, NT Name (pre-Windows 2000 logon
name), and description for all users would be:
==================
Option Explicit
Dim adoCommand, adoConnection, strBase, strFilter, strAttributes
Dim objRootDSE, strDNSDomain, strQuery, adoRecordset
Dim strDN, strNTName, arrDesc, strDesc, strItem
' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
' Filter on user objects.
strFilter = "(&(objectCategory=person)(objectClass=user))"
' Comma delimited list of attribute values to retrieve.
strAttributes = "distinguishedName,sAMAccountName,description"
' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
' Run the query.
Set adoRecordset = adoCommand.Execute
' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
' Retrieve values and display.
strDN = adoRecordset.Fields("distinguishedName").Value
strNTName = adoRecordset.Fields("sAMAccountName").Value
arrDesc = adoRecordset.Fields("description").Value
If IsNull(arrDesc) Then
strDesc = ""
Else
For Each strItem In arrGroups
strDesc = strItem
Next
End If
' Output values semicolon delimited.
Wscript.Echo strDN & ";" & strNTName & ";" & strDesc
' Move to the next record in the recordset.
adoRecordset.MoveNext
Loop
' Clean up.
adoRecordset.Close
adoConnection.Close
==========
The description attribute is a bit strange because AD saves it as a
multi-valued attribute, even though there is never more than one value. ADO
retrieves multi-valued attributes as arrays. You need to test if the array
is Null, and if not enumerate the array.
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
|
|
On Jun 29, 1:53 pm, "Richard Mueller [MVP]" <rlmueller-
nos...[ at ]ameritech.nospam.net> wrote:
[Quoted Text] > > You can use ADO in a VBScript program to retrieve information about objects > in AD. This is not cpu intensive, most of the work is done efficiently on > the Domain Controller. For more on using ADO, see this link: > > http://www.rlmueller.net/ADOSearchTips.htm> > An example to retrieve Distinguished Name, NT Name (pre-Windows 2000 logon > name), and description for all users would be: > ==================
Thank you for such a quick reply Richard.
I am playing with the script that you graciously provided. The script
is failing on a "undefined variable" error.
The error is as follows:
ListUsers.vbs(76, 9) Microsoft VBScript runtime error: Variable
is undefined: 'arrGroups'
arrDesc = adoRecordset.Fields("description").Value
If IsNull(arrDesc) Then
strDesc = ""
Else
For Each strItem In arrGroups
^^^^^^^^^^^ ---> should this be
"arrDesc"?
strDesc = strItem
Next
End If
As indicated above, should the line be "For Each strItem In arrDesc"
instead of arrGroups?
Malcolm
|
|
"Mack" <mbarss[ at ]shaw.ca> wrote in message
news:1183145789.396766.283580[ at ]u2g2000hsc.googlegroups.com...
[Quoted Text] > On Jun 29, 1:53 pm, "Richard Mueller [MVP]" <rlmueller- > nos...[ at ]ameritech.nospam.net> wrote: >> >> You can use ADO in a VBScript program to retrieve information about >> objects >> in AD. This is not cpu intensive, most of the work is done efficiently on >> the Domain Controller. For more on using ADO, see this link: >> >> http://www.rlmueller.net/ADOSearchTips.htm>> >> An example to retrieve Distinguished Name, NT Name (pre-Windows 2000 >> logon >> name), and description for all users would be: >> ================== > > Thank you for such a quick reply Richard. > > I am playing with the script that you graciously provided. The script > is failing on a "undefined variable" error. > > The error is as follows: > > ListUsers.vbs(76, 9) Microsoft VBScript runtime error: Variable > is undefined: 'arrGroups' > > > arrDesc = adoRecordset.Fields("description").Value > > If IsNull(arrDesc) Then > strDesc = "" > Else > For Each strItem In arrGroups > ^^^^^^^^^^^ ---> should this be > "arrDesc"? > > strDesc = strItem > Next > End If > > > As indicated above, should the line be "For Each strItem In arrDesc" > instead of arrGroups? > > Malcolm >
Yes, my mistake. I copied the code from my web site and modified for your
situation, but did not test. Replace arrGroups with arrDesc.
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
|
|
On Jun 29, 4:44 pm, "Richard Mueller [MVP]" <rlmueller-
nos...[ at ]ameritech.nospam.net> wrote:
[Quoted Text] > "Mack" <mba...[ at ]shaw.ca> wrote in message > > news:1183145789.396766.283580[ at ]u2g2000hsc.googlegroups.com... > > > > > > > On Jun 29, 1:53 pm, "Richard Mueller [MVP]" <rlmueller- > > nos...[ at ]ameritech.nospam.net> wrote: > > >> You can use ADO in a VBScript program to retrieve information about > >> objects > >> in AD. This is not cpu intensive, most of the work is done efficiently on > >> the Domain Controller. For more on using ADO, see this link: > > >> http://www.rlmueller.net/ADOSearchTips.htm> > >> An example to retrieve Distinguished Name, NT Name (pre-Windows 2000 > >> logon > >> name), and description for all users would be: > >> ================== > > > Thank you for such a quick reply Richard. > > > I am playing with the script that you graciously provided. The script > > is failing on a "undefined variable" error. > > > The error is as follows: > > > ListUsers.vbs(76, 9) Microsoft VBScript runtime error: Variable > > is undefined: 'arrGroups' > > > arrDesc = adoRecordset.Fields("description").Value > > > If IsNull(arrDesc) Then > > strDesc = "" > > Else > > For Each strItem In arrGroups > > ^^^^^^^^^^^ ---> should this be > > "arrDesc"? > > > strDesc = strItem > > Next > > End If > > > As indicated above, should the line be "For Each strItem In arrDesc" > > instead of arrGroups? > > > Malcolm > > Yes, my mistake. I copied the code from my web site and modified for your > situation, but did not test. Replace arrGroups with arrDesc. > > -- > Richard Mueller > Microsoft MVP Scripting and ADSI > Hilltop Lab - http://www.rlmueller.net> --- Hide quoted text - > > - Show quoted text -
Thanks Richard. Your script was very useful and I was able to create
the report that was required. Was a lot easier massaging the report
created than the previous ones they used to create (what a nightmare
they were).
Malcolm
|
|
Hi Richard,
I read your link and find a useful criteria of showing disabled users using
below code:
To return all users with disabled accounts:
"(&(objectCategory=person)(objectClass=user)" _
& "(userAccountControl:1.2.840.113556.1.4.803:=2))"
May I know what should I change the parameter if I need to show all active
users with their full names and logon ID?
Best regards,
Mendel
"Richard Mueller [MVP]" wrote:
[Quoted Text] > > "Mack" <mbarss[ at ]shaw.ca> wrote in message > news:1183145789.396766.283580[ at ]u2g2000hsc.googlegroups.com... > > On Jun 29, 1:53 pm, "Richard Mueller [MVP]" <rlmueller- > > nos...[ at ]ameritech.nospam.net> wrote: > >> > >> You can use ADO in a VBScript program to retrieve information about > >> objects > >> in AD. This is not cpu intensive, most of the work is done efficiently on > >> the Domain Controller. For more on using ADO, see this link: > >> > >> http://www.rlmueller.net/ADOSearchTips.htm> >> > >> An example to retrieve Distinguished Name, NT Name (pre-Windows 2000 > >> logon > >> name), and description for all users would be: > >> ================== > > > > Thank you for such a quick reply Richard. > > > > I am playing with the script that you graciously provided. The script > > is failing on a "undefined variable" error. > > > > The error is as follows: > > > > ListUsers.vbs(76, 9) Microsoft VBScript runtime error: Variable > > is undefined: 'arrGroups' > > > > > > arrDesc = adoRecordset.Fields("description").Value > > > > If IsNull(arrDesc) Then > > strDesc = "" > > Else > > For Each strItem In arrGroups > > ^^^^^^^^^^^ ---> should this be > > "arrDesc"? > > > > strDesc = strItem > > Next > > End If > > > > > > As indicated above, should the line be "For Each strItem In arrDesc" > > instead of arrGroups? > > > > Malcolm > > > > Yes, my mistake. I copied the code from my web site and modified for your > situation, but did not test. Replace arrGroups with arrDesc. > > -- > Richard Mueller > Microsoft MVP Scripting and ADSI > Hilltop Lab - http://www.rlmueller.net> -- > > > |
|
If you mean, how to retrieve all users that are not disabled, and retrieve
full name and logon ID, the filter would be:
"(&(objectCategory=person)(objectClass=user)" _
& "(!userAccountControl:1.2.840.113556.1.4.803:=2))"
where "!" is the NOT operator. What was called FullName in NT domains is now
the displayName attribute. It corresponds to the field labeled "Display
name" in ADUC. However, some people refer to the value of the cn attribute
(Common Name) as the full name. What people call the Logon ID usually refers
to the value of the sAMAccountName attribute.
Modifying the code in the link (ADO Search Tips), a program to display the
values of sAMAccountName and displayName for all enabled users would be:
================
Option Explicit
Dim adoCommand, adoConnection, strBase, strFilter, strAttributes
Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strName, strFull
' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
' Filter on enabled user objects.
strFilter = "(&(objectCategory=person)(objectClass=user)" _
& "(!userAccountControl:1.2.840.113556.1.4.803:=2))"
' Comma delimited list of attribute values to retrieve.
strAttributes = "sAMAccountName,displayName"
' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
' Run the query.
Set adoRecordset = adoCommand.Execute
' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
' Retrieve values and display.
strName = adoRecordset.Fields("sAMAccountName").Value
strFull = adoRecordset.Fields("displayName").value
Wscript.Echo "Logon ID: " & strName & ", Full Name: " & strFull
' Move to the next record in the recordset.
adoRecordset.MoveNext
Loop
' Clean up.
adoRecordset.Close
adoConnection.Close
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
"Mendel" <Mendel[ at ]discussions.microsoft.com> wrote in message
news:9D551462-1DED-4E4E-A9F2-B9DE1B568F9D[ at ]microsoft.com...
[Quoted Text] > Hi Richard, > > I read your link and find a useful criteria of showing disabled users > using > below code: > To return all users with disabled accounts: > "(&(objectCategory=person)(objectClass=user)" _ > & "(userAccountControl:1.2.840.113556.1.4.803:=2))" > > May I know what should I change the parameter if I need to show all active > users with their full names and logon ID? > > Best regards, > Mendel > > "Richard Mueller [MVP]" wrote: > >> >> "Mack" <mbarss[ at ]shaw.ca> wrote in message >> news:1183145789.396766.283580[ at ]u2g2000hsc.googlegroups.com... >> > On Jun 29, 1:53 pm, "Richard Mueller [MVP]" <rlmueller- >> > nos...[ at ]ameritech.nospam.net> wrote: >> >> >> >> You can use ADO in a VBScript program to retrieve information about >> >> objects >> >> in AD. This is not cpu intensive, most of the work is done efficiently >> >> on >> >> the Domain Controller. For more on using ADO, see this link: >> >> >> >> http://www.rlmueller.net/ADOSearchTips.htm>> >> >> >> An example to retrieve Distinguished Name, NT Name (pre-Windows 2000 >> >> logon >> >> name), and description for all users would be: >> >> ================== >> > >> > Thank you for such a quick reply Richard. >> > >> > I am playing with the script that you graciously provided. The script >> > is failing on a "undefined variable" error. >> > >> > The error is as follows: >> > >> > ListUsers.vbs(76, 9) Microsoft VBScript runtime error: Variable >> > is undefined: 'arrGroups' >> > >> > >> > arrDesc = adoRecordset.Fields("description").Value >> > >> > If IsNull(arrDesc) Then >> > strDesc = "" >> > Else >> > For Each strItem In arrGroups >> > ^^^^^^^^^^^ ---> should this be >> > "arrDesc"? >> > >> > strDesc = strItem >> > Next >> > End If >> > >> > >> > As indicated above, should the line be "For Each strItem In arrDesc" >> > instead of arrGroups? >> > >> > Malcolm >> > >> >> Yes, my mistake. I copied the code from my web site and modified for your >> situation, but did not test. Replace arrGroups with arrDesc. >> >> -- >> Richard Mueller >> Microsoft MVP Scripting and ADSI >> Hilltop Lab - http://www.rlmueller.net>> -- >> >> >>
|
|
|