Re: Read Active Directory
- From: "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 8 Nov 2007 16:38:00 -0600
Ed Wyche wrote:
Is there away to read AD and create a report of just the groups and also
if it is a security group or a distribution group? I would appreaciate
some sample code.
You can use ADO to retrieve information on all groups in AD. I have an
example VBScript program that documents all groups in the domain linked
here:
http://www.rlmueller.net/Document%20Domain%20Groups.htm
This program documents the group names, group type, and the direct members.
A simpler script to just document group NetBIOS names and group type could
be as follows:
=========
Option Explicit
Dim adoConnection, adoCommand, objRootDSE, strDNSDomain, strQuery
Dim adoRecordset, strNTName, strGroupType
' Use ADO to search Active Directory.
Set adoConnection = CreateObject("ADODB.Connection")
Set adoCommand = CreateObject("ADODB.Command")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection
' Determine the DNS domain from the RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE";)
strDNSDomain = objRootDSE.Get("defaultNamingContext")
' Search for all groups, return the NT name and type of each.
strQuery = "<LDAP://"; & strDNSDomain & ">;" _
& "(objectCategory=group);sAMAccountName,groupType;subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute
' Enumerate recordset.
Do Until adoRecordset.EOF
' Retrieve values and display.
strNTName = adoRecordset.Fields("sAMAccountName").Value
strGroupType = GetType(adoRecordset.Fields("groupType").Value)
Wscript.Echo strNTName & "(" & strGroupType & ")"
adoRecordset.MoveNext
Loop
adoRecordset.Close
adoConnection.Close
Function GetType(ByVal intType)
' Function to determine group type from the GroupType attribute.
If ((intType And &h01) <> 0) Then
GetType = "Built-in"
ElseIf ((intType And &h02) <> 0) Then
GetType = "Global"
ElseIf ((intType And &h04) <> 0) Then
GetType = "Local"
ElseIf ((intType And &h08) <> 0) Then
GetType = "Universal"
End If
If ((intType And &h80000000) <> 0) Then
GetType = GetType & "/Security"
Else
GetType = GetType & "/Distribution"
End If
End Function
============
More information on using ADO to retrieve information from AD here:
http://www.rlmueller.net/ADOSearchTips.htm
All of the above is VBScript, but the code works fine in VB. However, you
can use early binding for many of the objects. The ADO objects require a
reference to "Microsoft ActiveX Data Objects 2.x library". Then the objects
can be declared similar to:
Dim adoConnection As ADODB.Connection
Dim adoCommand As ADODB.Command
Dim adoRecordset As ADODB.Recordset
Set adoConnection = New ADODB.Connection
Set adoCommand = New ADODB.Command
If you bind directly to AD objects, like user, group, or computer objects,
add a reference to "Active DS Type Library", which is activeds.tlb. Then you
can declare objects similar to:
Dim objUser As IADsUser
Dim objGroup As IADsGroup
Dim objComputer As IADsComputer
and use the appropriate IADs interface.
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
.
- References:
- Read Active Directory
- From: Ed Wyche
- Read Active Directory
- Prev by Date: Re: InStr and striping NULs
- Next by Date: Re: alternative to gettickcount
- Previous by thread: Re: Read Active Directory
- Index(es):
Relevant Pages
|
