Active Directory

[tonyflora63]

Hi

I'm trying to get the attributes from the sub trees of an AD container. Is there a way that you could pass a CN from a txt file as a variable. Here is my code so far:

DIM fso, TxtFile

Set fso = CreateObject("Scripting.FileSystemObject")
Set TxtFile = fso.CreateTextFile("EA-Computers.txt", True)

'Enumerate Computer GUID's
Set objOU = GetObject("LDAP://mtb0120vledepii:389/ou=EncryptionAnywhereComputers,dc=ede,dc=irs,dc=gov")
For Each objUser in objOU

TxtFile.WriteLine (ObjUser.Name)
Next
TxtFile.Close

'open the file system object
Set oFSO = CreateObject("Scripting.FileSystemObject")
set WSHShell = wscript.createObject("wscript.shell")
'open the data file
Set oTextStream = oFSO.OpenTextFile("EA-Computers.txt")
'make an array from the data file
RemotePC = Split(oTextStream.ReadAll, vbNewLine)
'close the data file
oTextStream.Close



For Each strComputer In RemotePC
'Do something useful with strComputer here

Set obj = GetObject("LDAP://mtb0120vledepii:389/OU=EncryptionAnywhereComputers,DC=EDE,DC=irs,DC=gov")

Wscript.Echo obj.Get("ea-ComputerName")


Next

I need the variable to be plugged in before

OU=EncryptionAnywhereComputers,DC=EDE,DC=irs,DC=gov")

I've tried this but no luck:

dim CN
CN = strcomputer

 

[bslintx]

you could use ado to get the attributes....not sure which ones except the name but you may set pc object in the ado loop since you know where the path is (adspath)...let us know if this helps

 Dim oConn

 Function GetRootAdsPath
  Set oRoot = GetObject("LDAP://rootDSE")
  GetRootAdsPath = oRoot.Get("defaultNamingContext")
 End Function

 Function OpenAD
  Set oConnection = CreateObject("ADODB.Connection")
  oConnection.Provider = "ADsDSOObject"
  oConnection.Open "Active Directory Provider"
 End Function

 Function GetRemotePCs
  Set oFSO = CreateObject("Scripting.FileSystemObject")
  Set oTextStream = oFSO.OpenTextFile("EA-Computers.txt")
  GetRemotePCs = Split(oTextStream.ReadAll, vbcrlf)
  oTextStream.Close
 End Function

 Sub DisplayPCs(aRemotePC, sDomainPath)
  If isArray(aRemotePC) Then
   For Each pc in aRemotePC
    If Len(pc) > 0 Then
     Set oRs = oConn.Execute("SELECT name, adspath " & _
                             "FROM 'LDAP://" & sDomainPath & "'" & _
                             "WHERE objectCategory='computer' AND " & _
                             "Name='" & pc & "'")

     If Not oRs.EOF Then
      sPcName = oRs("name")
      sAdsPath = oRs("adspath")
      
      msgbox("Computer Name: " & sAdspath & vbcrlf & _
             "Computer Path: " & sAdspath)   
     End If  
    End If
   Next
  End If
 End Sub

 Call DisplayPCs(GetRemotePCs, GetRootAdsPath)

 

[bslintx]

sorry...i didn't test ...but did a quick lookover...you'll obviously need to use OpenAD in the sub...after

If isArray(aRemotePC) Then
OpenAD

 

[tonyflora63]

Hi

I'm still having a problem. I get the following error when I run the script:

"The directory property cannot be found in the cache"

I'm not sure it I plugged my info in correctly. Here is what I have sofar:

Dim oConn

Function GetRootAdsPath
Set oRoot = GetObject("LDAP://mtb0120vledepii:389/ou=EncryptionAnywhereComputers,dc=ede,dc=irs,dc=gov")
GetRootAdsPath = oRoot.Get("defaultNamingContext")
End Function

Function OpenAD
Set oConnection = CreateObject("ADODB.Connection")
oConnection.Provider = "ADsDSOObject"
oConnection.Open "Active Directory Provider"
End Function

Function GetRemotePCs
Set oFSO = CreateObject("Scripting.FileSystemObject")
Set oTextStream = oFSO.OpenTextFile("EA-Computers.txt")
GetRemotePCs = Split(oTextStream.ReadAll, vbcrlf)
oTextStream.Close
End Function

Sub DisplayPCs(aRemotePC, sDomainPath)
If isArray(aRemotePC) Then
OpenAD
For Each pc in aRemotePC
If Len(pc) > 0 Then
Set oRs = oConn.Execute("SELECT name, adspath " & _
"FROM 'LDAP://" & sDomainPath & "'" & _
"WHERE objectCategory='ea-ComputerName' AND " & _
"Name='" & pc & "'")

If Not oRs.EOF Then
sPcName = oRs("name")
sAdsPath = oRs("adspath")

msgbox("ea-ComputerName: " & sAdspath & vbcrlf & _
"Computer Path: " & sAdspath)
End If
End If
Next
End If
End Sub

Call DisplayPCs(GetRemotePCs, GetRootAdsPath)

 

[bslintx]

yes...you have set it up incorrectly...

it's unclear what your intentions are...i see user object code as well as computers and it seems you're trying to grab all computers in the ou...if so try this code AS IS....execute as it's own vbs....i don't understand why you need fso involved...please elaborate

the following script will get ALL computers in the OU EncryptionAnywhereComputers and print each in a message box..one by one...if a lot of computers then control alt delete and locate the script to terminate

i used message boxes to try to let you understand what's going on...let us know if this is what you do or do not need...also, this code was tested ...unlike the last one...so in theory it should be a copy and paste for you

 Function GetRootAdsPath
  Set oRoot = GetObject("LDAP://rootDSE")
  GetRootAdsPath = oRoot.Get("defaultNamingContext")
 End Function
 
 Function OpenAD  
  Set oConn = CreateObject("ADODB.Connection")
  oConn.Provider = "ADsDSOObject"
  oConn.Open "Active Directory Provider"
 End Function
 
 Sub DisplayComputers(sLdapPath)
  OpenAD
  msgbox("The SQL statement used to query active directory " & vbcrlf & vbcrlf & _
         "SELECT Name, adspath, Location, operatingSystemVersion " & _
         "FROM 'LDAP://" & sLdapPath & "' " & _
         "WHERE objectCategory='computer'" & vbcrlf & vbcrlf & _
         "What type of object category that has been statically searched for is computer " & vbcrlf & _
         "User and group are other common objects to search for; replace computer with user " & vbcrlf & _
         "or group to grab whichever" & vbcrlf & vbcrlf & _
         "The SQL statement has an optional where clause - you may narrow the search with this; ie, " & vbcrlf & _
         "To find the logon account name of all last names that have a last name equal to Harris: " & vbcrlf & vbcrlf & _
         "SELECT samaccountname FROM 'LDAP://" & sLdapPath & "' WHERE objectCategory='user' AND sn='Harris'")
 
  Set oRs = oConn.Execute("SELECT Name, adspath, Location, operatingSystemVersion " & _
                          "FROM 'LDAP://" & sLdapPath & "'" & _
                          "WHERE objectCategory='computer'")
  If Not oRs.EOF Then
   iCompTot = oRs.Recordcount
   msgbox("Number of computers located in " & vbcrlf & _
           sLdapPath & ": " & vbcrlf & vbcrlf & iCompTot)
 
   Do While Not oRs.EOF
    sComputer = oRs("name")
    sCompAdsPath = oRs("adspath")
    sLocation = oRs("Location")
    sOS = oRs("operatingSystemVersion")
     
    msgbox("Computer Name: " & sComputer & vbcrlf & _
           "Computer Path: " & sCompAdsPath & vbcrlf & _
           "Computer Location: " & sLocation & vbcrlf & _
           "Computer Operating System: " & sOS)   
   oRs.MoveNext
   Loop
  End If     
 End Sub
 
 Sub StartApp
  sRootPath = GetRootAdsPath
  msgbox("The dynamic root path: " & GetRootAdsPath)
 
  sObjPath = "OU=EncryptionAnywhereComputers," & sRootPath
  msgbox("Object path used in query:" & sObjPath)
  DisplayComputers sObjPath
  msgbox("Application has completed")
 End Sub
 Dim oConn
 StartApp

 

[tonyflora63]

Hi bslintx

Thanks for your help so far you've been very helpful. Unfortunately I'm still getting an error. Is this script meant to run on the actual server or can it be run remotely? The error that I'm now getting is:
Line 25 chr 3 "Table does not exist" Maybe I haven't given you enough info in the first place. From the OU=EncryptionAnywhereComputers I am able to extract the Computer attribute which is represented by a GUID and pipe them to a txt file. I need to loop throuh the txt txt file and extract the actual computer name from each GUID. That attribute is EA-Computer.

 

[tonyflora63]

Sorry I thought that I could upload an attachment from my computer.

 

[markdmac]

Can you please explain what it is that you are actually trying to accomplish?

I can see from your original post that you took a bit of code from one of my FAQs, but it is all out of context.

In my FAQ faq329-4871 I provide code that will list all computers in a domain and dump that list to a text file.

Another variation of the same kind of script is this:

[green]
'==========================================================================
'
' NAME: PCQueryAD.vbs
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL: [URL unfurl="true"]http://www.thespidersparlor.com[/URL]
' DATE  : 11/2/2007
' COPYRIGHT (c) 2007 All Rights Reserved
'
' COMMENT: Connects to AD and provides dynamic list of computer names
'          and distinguished names.
'
'    THIS CODE AND INFORMATION IS PROVIDED "AS IS" WITHOUT WARRANTY OF
'    ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED To
'    THE IMPLIED WARRANTIES OF MERCHANTABILITY AND/OR FITNESS FOR A
'    PARTICULAR PURPOSE.
'
'    IN NO EVENT SHALL THE SPIDER'S PARLOR AND/OR ITS RESPECTIVE SUPPLIERS 
'    BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY
'    DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
'    WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
'    ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE
'    OF THIS CODE OR INFORMATION.
'
'==========================================================================[/green]


On Error Resume Next

Dim PCQuery, objConnection, objCommand, objRecordSet
Dim oRootDSE, strDNC
[green]
'First get domain information[/green]
Set oRootDSE = GetObject("LDAP://rootDSE")
strDNC = oRootDSE.get("defaultNamingContext")[green]
' other categories = computer, user, printqueue, group[/green]
PCQuery = "<LDAP://" & strDNC & _
	 ">;(objectCategory=computer)" & _
       ";distinguishedName,name;subtree"

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Open "Provider=ADsDSOObject;"
objCommand.ActiveConnection = objConnection
objCommand.CommandText = PCQuery
Set objRecordSet = objCommand.Execute

Do Until objRecordSet.EOF
[green]
    'assign the computer name and distinguished path to variables[/green]
    strComputer = objRecordSet.Fields("name")
    strComputerDN = objRecordSet.Fields("distinguishedName")
[red]
    'Put the worker process of your code in here
    '*******************************************


    '*******************************************[/red]
    objrecordset.MoveNext
Loop

objConnection.Close

With the above example, if you wanted to specify a particular OU to look in you would simply need to alter this line:
[blue]
PCQuery = "<LDAP://" & strDNC & _
[/blue]

For example, to only look in the Computers container you would alter that line like this:
[blue]
PCQuery = "<LDAP://[red]CN=Computers,[/red]" & strDNC & _
[/blue]

In the above example you can see also that it is very simple to grab whatever properties of the object that are wanted, as I have grabbed the distinguishedName.

Give us a better understanding of what your END GOAL is.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[bslintx]

tony,


it looks like we're gonna have to take bay steps here...the table does dot exist error...from what i had have encountered simply neams the path is not right or there literally is not a table by that name...

DEFINE REMOTELY...if on the domain and you have permissions you can query the dc

so..

step 1

 Function OpenAD  
  Set oConn = CreateObject("ADODB.Connection")
  oConn.Provider = "ADsDSOObject"
  oConn.Open "Active Directory Provider"
 End Function

 Function GetRootAdsPath
  Set oRoot = GetObject("LDAP://rootDSE")
  GetRootAdsPath = oRoot.Get("defaultNamingContext")  
 End Function

 msgbox(GetRootAdsPath)

run this script and let us know if a.( you get an error and tell us the error) or b. it prompts a box with the root path to domain controller

...


do you get an error here?

 

[tonyflora63]

Hi bslintx

This script works no error.

 

[tonyflora63]

Hi Mark

Yes i did copy and paste teh remote pc part from your script. What I'm trying to accomplish is the following:

From the OU=EncryptionAnywhereComputers I am able to extract the Computer attribute which is represented by a GUID and pipe them to a txt file. I need to loop throuh the txt file and extract the actual computer name from each GUID. That attribute is EA-Computer.

Thanks

 

[markdmac]

Explain to me why you need to extract the computer name from the GUID when you can get it directly as demonstrated above.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[bslintx]

i agree mark....it makes no sense to me either....


it seems either code should work...i personally prefer sql but certainly either will provide the same results...so tony...if all you need are the computer names...why are you jumping through hoops to do so?

 

[tonyflora63]

Mark

I don't quite follow you. The attributes that I need to query are from an ADAM instance. The ou=EncryptionAnywhereComputers is the OU that I need to extract attributes from. On each of these computers in the EncryptionAnywhereComputers OU are EA-Users which I have to extract attributes from also. When you said "extract the computer name from the GUID when you can get it directly as demonstrated above." did you mean

PCQuery = "<LDAP://CN=Computers," & strDNC & _

In my cse would it be

PCQuery = "<LDAP://CN=EA-Computers," & strDNC & _ ?

What I need in a nutshell is a script that loops through all of the EA-Computers in the EncryptionAnywhereComputers OU and reports the desired attributes. Also I need this script to loop through all of the EA-Users on the EA-Computers and extract the EA-Users attributes.

Thanks

Tony

 

[markdmac]

That is exactly what my posted script does. just alter the OU information and specify which attributes you want.

In my example I am grabbing both the distinguishedName and name as shown here:

";distinguishedName,name;subtree"

To add another property such as company you would do so like this:

";distinguishedName,name,company;subtree"

And you would later reference it like this:

strCompany = objRecordSet.Fields("company")

You can add any valid property from AD. Just watch out for properties that are not a string. For example if you get something that can have multiple entries like 'proxyAddresses', for these you would need to loop through them like an array.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[SysEngNY]

Did you ever get this figured out? We just started using GuardianEdge, I am looking to export the computer data to post it so we can share it with no Admin users.