Forum Search:
Forum.Brain-Cluster.com: Brain Cluster Technical Forum
Ultimate forum for Technical Discussions

Home » Microsoft » Windows Server » Active Directory » Active Directory VBScript to get user's OU information
Active Directory VBScript to get user's OU information [message #157607] Thu, 09 July 2009 16:34 Go to next message
Daniel  is currently offline Daniel
Messages: 76
Registered: July 2009
Member
I am trying to create a vbscript that go through the list of AD2003 users and
finds their primary SMTP email addresses and their department value in their
accounts. The problem I'm facing is LDAP ADSI provider needs the exact OU
container of each account before it can list email address and department but
the users in this list are scattered across different OUs. Does anybody know
a way to pull exact OU location of where a AD account is residing, for
example "cn=user,OU=Users,OU=xxx,DC=yyy,DC=local"? There is ADsPath attribute
in ADSI but this attribute needs the exact OU container first to find this
info. It would be greatly appreciated if anybody out there can point me in
the right direction.
Re: Active Directory VBScript to get user's OU information [message #157612 is a reply to message #157607] Thu, 09 July 2009 17:39 Go to previous messageGo to next message
rlmueller-nospam  is currently offline rlmueller-nospam  United States
Messages: 292
Registered: July 2009
Senior Member
"Daniel" <Daniel@discussions.microsoft.com> wrote in message
news:A026D739-5D33-489E-A666-AFC998075B36@microsoft.com...
>I am trying to create a vbscript that go through the list of AD2003 users
>and
> finds their primary SMTP email addresses and their department value in
> their
> accounts. The problem I'm facing is LDAP ADSI provider needs the exact OU
> container of each account before it can list email address and department
> but
> the users in this list are scattered across different OUs. Does anybody
> know
> a way to pull exact OU location of where a AD account is residing, for
> example "cn=user,OU=Users,OU=xxx,DC=yyy,DC=local"? There is ADsPath
> attribute
> in ADSI but this attribute needs the exact OU container first to find this
> info. It would be greatly appreciated if anybody out there can point me in
> the right direction.

If your list of users has Common Names, it cannot easily be done. Common
Names do not uniquely identify the users. More likely, you list is of
"pre-Windows 2000 logon" names, also called NT names (or sometimes UserID).
Technically, this is the value of the sAMAccountName attribute and uniquely
identifies the object in the domain. You can use the NameTranslate object to
convert the sAMAccountName (in conjunction with the NetBIOS name of the
domain) into the Distinguished Name. This works not matter which OU the
object resides in. See this link for details:

http://www.rlmueller.net/NameTranslateFAQ.htm

An example might be:
========
Const ForReading = 1
' Constants for the NameTranslate object.
Const ADS_NAME_INITTYPE_GC = 3
Const ADS_NAME_TYPE_NT4 = 3
Const ADS_NAME_TYPE_1779 = 1

' Determine DNS name of domain from RootDSE.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")

' Use the NameTranslate object to find the NetBIOS domain name from the
' DNS domain name.
Set objTrans = CreateObject("NameTranslate")
objTrans.Init ADS_NAME_INITTYPE_GC, ""
objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain
strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)
' Remove trailing backslash.
strNetBIOSDomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1)

' Specify file of user names.
strFile = "c:\Scripts\Users.txt"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.OpenTextFile(strFile, ForReading)

Do Until objFile.AtEndOfStream
strNTName = Trim(objFile.ReadLine)
' Skip blank lines.
If (strNTName <> "") Then
' Use the Set method to specify the NT format of the object name.
' Trap error if user does not exist.
On Error Resume Next
objTrans.Set ADS_NAME_TYPE_NT4, strNTName
If (Err.Number = 0) Then
On Error GoTo 0
' Use the Get method to retrieve the RPC 1779 Distinguished
Name.
strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)

' Bind to the user object (if desired).
Set objUser = GetObject("LDAP://" & strUserDN)
' Do whatever you want...
Else
On Error GoTo 0
' Alert user about bad user name.
Wscript.Echo "User " & strNTName & " does not exist"
End If
End If
Loop

objFile.Close
========
Some code is required, but the NameTranslate interface is very efficient.

If your file has user Common Names, you can use ADO to query AD for the user
object with that value assigned to the cn attribute. If there is no result,
echo an error message. If there is one result, retrieve distinguishedName
and proceed. And, if there is more than one result echo a message
explaining. Reply if you need this. Obviously, the repeated searches of AD
would be slower, but can be done.

--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
Re: Active Directory VBScript to get user's OU information [message #157621 is a reply to message #157607] Fri, 10 July 2009 01:49 Go to previous messageGo to next message
markdmac  is currently offline markdmac  United States
Messages: 139
Registered: July 2009
Senior Member
Give this a try, it shoudl enumerate all users in the domain and
produce a report for you. The report is tab separated, so you can open
it in Excel.

Dim qQuery, objConnection, objCommand, objRecordSet, obj
Dim oRootDSE, strDomain

Set oRootDSE = GetObject("LDAP://rootDSE")
strDomain = oRootDSE.get("defaultNamingContext")

' other categories = computer, user, printqueue, group
qQuery = "<LDAP://" & strDomain &">;" & _
		"(objectCategory=person)" & _
       ";name,proxyAddresses,department;subtree"

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Open "Provider=ADsDSOObject;"
objCommand.ActiveConnection = objConnection
objCommand.CommandText = qQuery
Set objRecordSet = objCommand.Execute

While Not objRecordSet.EOF
    Report = Report & objRecordSet.Fields("name")
    For Each address In proxyAddresses
    	If Left(address,4) = "SMTP" Then
    		Report = Report & vbTab & address & vbTab
    	End If
    Next
    Report = Report & objRecordSet.Fields("department") & vbCrLf
    objrecordset.MoveNext
Wend

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set ts = objFSO.CreateTextFile("SMTPDepartmentReport.txt",True)
ts.Write Report
ts.Close
objConnection.Close


Hope that helps,

Mark D. MacLachlan
Re: Active Directory VBScript to get user's OU information [message #157642 is a reply to message #157607] Fri, 10 July 2009 08:36 Go to previous messageGo to next message
pbbergs  is currently offline pbbergs  United States
Messages: 1024
Registered: July 2009
Senior Member
Check out a script I have that will list out user attributes, you can modify
it to dump whatever you like.

It is at:
http://www.pbbergs.com/windows/downloads.htm

--
Paul Bergson
MVP - Directory Services
MCTS, MCT, MCSE, MCSA, Security+, BS CSci
2008, 2003, 2000 (Early Achiever), NT4
Microsoft's Thrive IT Pro of the Month - June 2009

http://www.pbbergs.com

Please no e-mails, any questions should be posted in the NewsGroup This
posting is provided "AS IS" with no warranties, and confers no rights.

"Daniel" <Daniel@discussions.microsoft.com> wrote in message
news:A026D739-5D33-489E-A666-AFC998075B36@microsoft.com...
>I am trying to create a vbscript that go through the list of AD2003 users
>and
> finds their primary SMTP email addresses and their department value in
> their
> accounts. The problem I'm facing is LDAP ADSI provider needs the exact OU
> container of each account before it can list email address and department
> but
> the users in this list are scattered across different OUs. Does anybody
> know
> a way to pull exact OU location of where a AD account is residing, for
> example "cn=user,OU=Users,OU=xxx,DC=yyy,DC=local"? There is ADsPath
> attribute
> in ADSI but this attribute needs the exact OU container first to find this
> info. It would be greatly appreciated if anybody out there can point me in
> the right direction.
Re: Active Directory VBScript to get user's OU information [message #157660 is a reply to message #157612] Fri, 10 July 2009 17:39 Go to previous messageGo to next message
Daniel  is currently offline Daniel
Messages: 76
Registered: July 2009
Member
I was able to pull the information I wanted using your script. Thanks for
your help Richard.

"Richard Mueller [MVP]" wrote:

>
> "Daniel" <Daniel@discussions.microsoft.com> wrote in message
> news:A026D739-5D33-489E-A666-AFC998075B36@microsoft.com...
> >I am trying to create a vbscript that go through the list of AD2003 users
> >and
> > finds their primary SMTP email addresses and their department value in
> > their
> > accounts. The problem I'm facing is LDAP ADSI provider needs the exact OU
> > container of each account before it can list email address and department
> > but
> > the users in this list are scattered across different OUs. Does anybody
> > know
> > a way to pull exact OU location of where a AD account is residing, for
> > example "cn=user,OU=Users,OU=xxx,DC=yyy,DC=local"? There is ADsPath
> > attribute
> > in ADSI but this attribute needs the exact OU container first to find this
> > info. It would be greatly appreciated if anybody out there can point me in
> > the right direction.
>
> If your list of users has Common Names, it cannot easily be done. Common
> Names do not uniquely identify the users. More likely, you list is of
> "pre-Windows 2000 logon" names, also called NT names (or sometimes UserID).
> Technically, this is the value of the sAMAccountName attribute and uniquely
> identifies the object in the domain. You can use the NameTranslate object to
> convert the sAMAccountName (in conjunction with the NetBIOS name of the
> domain) into the Distinguished Name. This works not matter which OU the
> object resides in. See this link for details:
>
> http://www.rlmueller.net/NameTranslateFAQ.htm
>
> An example might be:
> ========
> Const ForReading = 1
> ' Constants for the NameTranslate object.
> Const ADS_NAME_INITTYPE_GC = 3
> Const ADS_NAME_TYPE_NT4 = 3
> Const ADS_NAME_TYPE_1779 = 1
>
> ' Determine DNS name of domain from RootDSE.
> Set objRootDSE = GetObject("LDAP://RootDSE")
> strDNSDomain = objRootDSE.Get("defaultNamingContext")
>
> ' Use the NameTranslate object to find the NetBIOS domain name from the
> ' DNS domain name.
> Set objTrans = CreateObject("NameTranslate")
> objTrans.Init ADS_NAME_INITTYPE_GC, ""
> objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain
> strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)
> ' Remove trailing backslash.
> strNetBIOSDomain = Left(strNetBIOSDomain, Len(strNetBIOSDomain) - 1)
>
> ' Specify file of user names.
> strFile = "c:\Scripts\Users.txt"
> Set objFSO = CreateObject("Scripting.FileSystemObject")
> Set objFile = objFSO.OpenTextFile(strFile, ForReading)
>
> Do Until objFile.AtEndOfStream
> strNTName = Trim(objFile.ReadLine)
> ' Skip blank lines.
> If (strNTName <> "") Then
> ' Use the Set method to specify the NT format of the object name.
> ' Trap error if user does not exist.
> On Error Resume Next
> objTrans.Set ADS_NAME_TYPE_NT4, strNTName
> If (Err.Number = 0) Then
> On Error GoTo 0
> ' Use the Get method to retrieve the RPC 1779 Distinguished
> Name.
> strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)
>
> ' Bind to the user object (if desired).
> Set objUser = GetObject("LDAP://" & strUserDN)
> ' Do whatever you want...
> Else
> On Error GoTo 0
> ' Alert user about bad user name.
> Wscript.Echo "User " & strNTName & " does not exist"
> End If
> End If
> Loop
>
> objFile.Close
> ========
> Some code is required, but the NameTranslate interface is very efficient.
>
> If your file has user Common Names, you can use ADO to query AD for the user
> object with that value assigned to the cn attribute. If there is no result,
> echo an error message. If there is one result, retrieve distinguishedName
> and proceed. And, if there is more than one result echo a message
> explaining. Reply if you need this. Obviously, the repeated searches of AD
> would be slower, but can be done.
>
> --
> Richard Mueller
> MVP Directory Services
> Hilltop Lab - http://www.rlmueller.net
> --
>
>
>
Re: Active Directory VBScript to get user's OU information [message #157661 is a reply to message #157642] Fri, 10 July 2009 17:41 Go to previous message
Daniel  is currently offline Daniel
Messages: 76
Registered: July 2009
Member
I was able to accomplish what I wanted using Richard Mueller's sample script.
Thanks all for your help.

"Paul Bergson [MVP-DS]" wrote:

> Check out a script I have that will list out user attributes, you can modify
> it to dump whatever you like.
>
> It is at:
> http://www.pbbergs.com/windows/downloads.htm
>
> --
> Paul Bergson
> MVP - Directory Services
> MCTS, MCT, MCSE, MCSA, Security+, BS CSci
> 2008, 2003, 2000 (Early Achiever), NT4
> Microsoft's Thrive IT Pro of the Month - June 2009
>
> http://www.pbbergs.com
>
> Please no e-mails, any questions should be posted in the NewsGroup This
> posting is provided "AS IS" with no warranties, and confers no rights.
>
> "Daniel" <Daniel@discussions.microsoft.com> wrote in message
> news:A026D739-5D33-489E-A666-AFC998075B36@microsoft.com...
> >I am trying to create a vbscript that go through the list of AD2003 users
> >and
> > finds their primary SMTP email addresses and their department value in
> > their
> > accounts. The problem I'm facing is LDAP ADSI provider needs the exact OU
> > container of each account before it can list email address and department
> > but
> > the users in this list are scattered across different OUs. Does anybody
> > know
> > a way to pull exact OU location of where a AD account is residing, for
> > example "cn=user,OU=Users,OU=xxx,DC=yyy,DC=local"? There is ADsPath
> > attribute
> > in ADSI but this attribute needs the exact OU container first to find this
> > info. It would be greatly appreciated if anybody out there can point me in
> > the right direction.
>
>
>
Previous Topic:PC joining domain
Next Topic:seksi djevojka
Goto Forum:
  


Current Time: Wed Oct 18 01:36:38 EDT 2017

Total time taken to generate the page: 0.04932 seconds
.:: Contact :: Home ::Sitemap::.

Powered by: FUDforum 3.0.0RC2.
Copyright ©2001-2009 FUDforum Bulletin Board Software