Re: Scripting newbie - Active Directory reporting of users/description
- From: "Richard Mueller [MVP]" <rlmueller-nospam@xxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 29 Jun 2007 13:53:05 -0500
Mack wrote:
I am a newbie to scripting as well as to supporting Windows.
I have been asked to produce a report of all the user ids and their
associate description (that you see on the "General" tab when
displaying the user profile. This is for Active Directory.
The problem is I don't now where to start. I have domain admin rights
but I have not been able to locate a script that would produce the
report.
Does any one have a sample script that looks at an Active Directory
domain and writes out the users login name and description?
Are scripts cpu intensive?
You can use ADO in a VBScript program to retrieve information about objects
in AD. This is not cpu intensive, most of the work is done efficiently on
the Domain Controller. For more on using ADO, see this link:
http://www.rlmueller.net/ADOSearchTips.htm
An example to retrieve Distinguished Name, NT Name (pre-Windows 2000 logon
name), and description for all users would be:
==================
Option Explicit
Dim adoCommand, adoConnection, strBase, strFilter, strAttributes
Dim objRootDSE, strDNSDomain, strQuery, adoRecordset
Dim strDN, strNTName, arrDesc, strDesc, strItem
' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE";)
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://"; & strDNSDomain & ">"
' Filter on user objects.
strFilter = "(&(objectCategory=person)(objectClass=user))"
' Comma delimited list of attribute values to retrieve.
strAttributes = "distinguishedName,sAMAccountName,description"
' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
' Run the query.
Set adoRecordset = adoCommand.Execute
' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
' Retrieve values and display.
strDN = adoRecordset.Fields("distinguishedName").Value
strNTName = adoRecordset.Fields("sAMAccountName").Value
arrDesc = adoRecordset.Fields("description").Value
If IsNull(arrDesc) Then
strDesc = ""
Else
For Each strItem In arrGroups
strDesc = strItem
Next
End If
' Output values semicolon delimited.
Wscript.Echo strDN & ";" & strNTName & ";" & strDesc
' Move to the next record in the recordset.
adoRecordset.MoveNext
Loop
' Clean up.
adoRecordset.Close
adoConnection.Close
==========
The description attribute is a bit strange because AD saves it as a
multi-valued attribute, even though there is never more than one value. ADO
retrieves multi-valued attributes as arrays. You need to test if the array
is Null, and if not enumerate the array.
--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
.
- Follow-Ups:
- References:
- Prev by Date: Scripting newbie - Active Directory reporting of users/description
- Next by Date: Re: Scripting newbie - Active Directory reporting of users/description
- Previous by thread: Scripting newbie - Active Directory reporting of users/description
- Next by thread: Re: Scripting newbie - Active Directory reporting of users/description
- Index(es):
Relevant Pages
|
