Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

ADSI: Query two branches together. Citrix Password Manager

Status
Not open for further replies.

woter324

Technical User
Jan 26, 2007
179
GB
Hi,

I am trying to obtain by script both the DisplayName and values created for Citrix PasswordManager from ADSI.

Password manager creates values against the user as a new branch under the user, as opposed to a property for that user. For Example:

OU=MyOU --> CN=MyUserName --> CN=SSORegistry.

There are other records at the same level as CN=SSORegistry. Some of the names for these records change per user.

The script needs to retrieve all these records for each user that has an entry. FYI, these records are created when a user has set up their Citrix Password Manager self-service.

The code I have so far lists all the items, but I cannot get it to pull the DisplayName.

Code:
iterateAD

Sub iterateAD()
'On Error Resume Next

Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

Set objRootDSE = GetObject("LDAP://RootDSE")

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 

objCommand.CommandText = _
    "SELECT Name, distinguishedName FROM 'LDAP://" & objRootDSE.Get("defaultNamingContext") & "' WHERE objectClass='citrix-SSOSecret' " 
Set objRootDSE = Nothing

Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    Wscript.Echo objRecordSet.Fields("Name").Value & vbTab & objRecordSet.Fields("distinguishedName").Value
    objRecordSet.MoveNext
Loop

End Sub

The distinguishedName field for some of the records returned may include the dn for the user:
CN=QBA2EnrollReg,CN=FirstName Surname,OU=someOU,OU=Managers,OU=Users,DC=myDomain,DC=co,DC=uk
, so I could do some string manipulation to return just the DisplayName. But this is not foolproof as the records are not always the same.

Any pointers would be gratefully received.

Many thanks

W
 
As mentioned in the OP, the user's DN is retrieved. I did some string manipulation and now have a list of all users who have CN=QBA.

The weak point is that Citrix Password Manager might not always create the QBA record even when a user has configured their self-service settings.

If it helps anyone else, here is the code;

Code:
iterateAD

Sub iterateAD()
'On Error Resume Next

Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
Set objRootDSE = GetObject("LDAP://RootDSE")

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
objCommand.CommandText = _
    "SELECT Name, distinguishedName FROM 'LDAP://" & objRootDSE.Get("defaultNamingContext") & "' WHERE objectClass='citrix-SSOSecret' AND Name='QBA'" 
Set objRootDSE = Nothing

Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    If objRecordSet.Fields("Name").Value = "QBA" Then
   		WScript.Echo getADProperty("displayName",sTrim(objRecordSet.Fields("distinguishedName").Value))
   	End If
    objRecordSet.MoveNext
Loop

End Sub

Function sTrim(sString)
	rString = Replace(sString, "CN=QBA,","")
	sTrim = rString
End Function

Function getADProperty(sProperty, sUsername)
	On Error Resume Next
	Set oUser = GetObject("LDAP://" & sUsername)
	oUser.getInfo
	rProperty = oUser.get(sProperty)
	getADProperty = rProperty
	
	If Err.number = -2147463155 Then
		MsgLog "User's AD 'homeDirectory' property is blank."
	ElseIf Err.Number <> 0 Then
		MsgLog "Error in function getADProperty("&sUsername&"):"
		MsgLog vbTab & "Err Prpty:  " & sProperty
		MsgLog vbTab & "Err Number: " & Err.Number
		MsgLog vbTab & "Err Descri: " & Err.Description
		MsgLog vbTab & "Err Source: " & Err.Source
		MsgLog vbTab & "Err @ Line: " & Err.line
	End If
		
End Function

I'm sure there is a way of matching AD's displayName without manipulating the Citrix settings. If you have a better way please share. I always like to learn :).

Many thanks
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top