Re: Finding the lowest OU a user is in
- From: "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 11 Jun 2007 09:48:46 -0500
I don't see how "OU=Location1" is the "lowest". The example DN you gave is
for an object with Common Name "CN=RobertParker" (probably a user) in
Organizational Unit "OU=Users". Depending on how you define "lowest", I
would call "OU=Users" the lowest, since the domain (in this case
"DC=xxxxxx,DC=xxxxx") is usually referred to as the highest level container
in the Active Directory hierarchy.
The object "CN=RobertParker" is referred to as a child of "OU=Users", and
"OU=Users" is the Parent container of the object "CN=RobertParker".
Likewise, the Organizational Unit "OU=User" is a child of its' parent
container "OU=Location1". That is, "OU=Users" resides in "OU=Location1".
Again, "OU=Location1" is in "OU=Hub", and that in turn is in "OU=US".
Finally, "OU=US" is in the domain "DC=xxxxxx,DC=xxxxx".
In ADUC if you expand domain "DC=xxxxxx,DC=xxxxx" you see the child "OU=US".
If you expand "OU=US" you see "OU=HUB", etc., until you finally find object
"CN=RobertParker" when you expand "OU=Users".
In a logon script you can use the ADSystemInfo object to retrieve the
Distinguished Name of the user. With this you can bind to the user object,
then use the Parent method to retrieve the Distinguished Name of the parent
container/OU of the user. For example:
===========
' Retrieve current user Distinguished Name.
Set objSysInfo = CreateObject("ADSystemInfo")
strUserDN = objSysInfo.UserName
' Bind to user object.
Set objUser = GetObject("LDAP://"; & strUserDN)
' Retrieve DN of Parent container.
strParentDN= objUser.Parent
' Display DN of parent.
Wscript.Echo strParentDN
===========
If the user "CN=RobertParker" runs this snippet, the value of strParentDN
will be:
"OU=Users,OU=Location1,OU=HUB,OU=US,DC=xxxxxx,DC=xxxxx"
which is the Distinguished Name of the Parent container/OU. Many people
would say "CN=RoberParker" resides in the "OU=Users" container, but note
that the Relative Distinguished Name of the container/OU, which is "OU=User"
in this case, does not uniquely identify the container. There could be many
OU's called "OU=Users" in different parts of the AD hierarchy. The best way
to uniquely identify the container is with the Distinguished Name.
There seldom is a need to retrieve the name of the Parent OU/container in a
logon script. There would be even less reason to parse some other component
of the Distinguished Name. For example, if your purpose is to map a drive or
printer, perhaps you can test for group membership instead. Otherwise, you
need a clear definition of the DN component you desire in order to design a
code snipped to parse for it.
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
<RobertMParker@xxxxxxxxx> wrote in message
news:1181324932.023966.117760@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Hey I'm pretty new to VBScript. They gave me a book 1.5 weeks ago at
work, and told me I had to learn it. Anyway part of the script that
I'm working on right now is a login script. The part I'm having
trouble with is finding the User's OU. The scripting guys have a
script for doing this here. Use the first script on the page.
http://www.microsoft.com/technet/scriptcenter/resources/qanda/oct04/hey1021.mspx
But when I run the script instead of getting a distinguished name
like: CN=kenmyer,OU=Finance,DC=fabrikam,DC=com
mine looks more like:
CN=RobertParker,OU=Users,OU=Location1,OU=HUB,OU=US,DC=xxxxxx,DC=xxxxx
I think the OUs are set as follows: Location1 is a subgroup of HUB,
which is a subgroup of US, which is a subgroup of USERS
The only one I want is the one is the lowest level group: OU=Location1
I started writing some code to try and filter out the wrong OUs, but
as our OU setup is very complicated it would be very sloppy to
program, and likely not work on many machines. Any update to AD to
could cause the code to break. I stopped doing that and now I am
stuck. I'm also pretty new to AD btw.
How can I find the lowest OU that a user is in?
.
- References:
- Finding the lowest OU a user is in
- From: RobertMParker
- Finding the lowest OU a user is in
- Prev by Date: Re: problems comparing bytes
- Next by Date: Re: VBS to Create an NT4 User in an NT4 Domain
- Previous by thread: Finding the lowest OU a user is in
- Next by thread: sharing variables between scripts with dynawrap case study #3
- Index(es):
Relevant Pages
|
