Re: ADSI Script to return all Active Directory users with Dialin-Enabl
- From: "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 7 Apr 2008 07:36:08 -0500
Chris wrote:
I've been searching around and trying to cobble together various scripts
but
I can't quite get my head round what I need to do to make it work
I want a list output to Excel or similar with the names (display name,
distinguished name, anything really not fussy as long as I can tell which
user it is from it!) of users who have msNPAllowDialin set to TRUE within
Active Directory.
Does anyone have an existing script I could modify or could help me
through
this? As a novice scripter I'm having some issues working out how to
display
the usernames I'm targeting - I'm a bit lost!
You can use ADO in a VBScript program to retrieve all users where
(msNPAllowDialin=TRUE). The "TRUE" must be all caps. For more on using ADO
see this link:
http://www.rlmueller.net/ADOSearchTips.htm
In this case, the code could be:
==============
Option Explicit
Dim adoCommand, adoConnection, strBase, strFilter, strAttributes
Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strDN
' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE";)
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://"; & strDNSDomain & ">"
' Filter on user objects with msNPAllowDialin set to True.
strFilter = "(&(objectCategory=person)(objectClass=user)" _
& "(msNPAllowDialin=TRUE))"
' Comma delimited list of attribute values to retrieve.
strAttributes = "distinguishedName"
' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
' Run the query.
Set adoRecordset = adoCommand.Execute
' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
' Retrieve values and display.
strDN = adoRecordset.Fields("distinguishedName").Value
Wscript.Echo strDN
' Move to the next record in the recordset.
adoRecordset.MoveNext
Loop
' Clean up.
adoRecordset.Close
adoConnection.Close
===========
The script should be run at a command prompt with the cscript host. The
output can be redirected to a text file.
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
.
- Follow-Ups:
- References:
- Prev by Date: ADSI Script to return all Active Directory users with Dialin-Enabl
- Next by Date: Re: Error Creating AD users
- Previous by thread: ADSI Script to return all Active Directory users with Dialin-Enabl
- Next by thread: Re: ADSI Script to return all Active Directory users with Dialin-E
- Index(es):
Relevant Pages
|
