export user "memberOf" for each user -> without ldifde/csvde 1

[kokser]

Hello. I am using this script.

Dim objFSO, WriteText, strText, strNewText, objFile, objConnection, objCommand, objRecordSet, objUser, strUserDN, strResult, arrProxyAddresses, objMemberOf

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection

objCommand.CommandText = _
"SELECT Name, sAMAccountName, mail, proxyAddresses, homeDirectory, homeDrive, memberOf, scriptPath, distinguishedName FROM 'LDAP://dc=company,dc=local' WHERE objectCategory='Person'" 
Set objRecordSet = objCommand.Execute

Set objFSO = CreateObject("Scripting.FileSystemObject")
Set WriteText = objFSO.OpenTextFile("test.txt", 8, true)

objRecordSet.MoveFirst

While Not objRecordSet.EOF
	strUserDN = objRecordSet.Fields("distinguishedName")
	set objUser = GetObject("LDAP://" & strUserDN)
		if objUser.AccountDisabled = FALSE Then
			Do Until objRecordSet.EOF
				WriteText.WriteLine("Name" & vbTab & vbTab & ":" & objRecordSet.Fields("Name").Value & vbCr)
				WriteText.WriteLine("Account" & vbTab & vbTab & ":"  & objRecordSet.Fields("sAMAccountName").Value & vbCr)
				WriteText.WriteLine("Mail Addresser" & vbTab & ":" & vbCrLf & vbTab & vbTab & objRecordSet.Fields("mail").Value & vbCr)
					arrProxyAddresses = objRecordSet.Fields("proxyAddresses")
					if isArray(objRecordSet.Fields("proxyAddresses")) Then
						strResult = "Proxy Addresses" & vbTab & ":"
						For Each ProxyAddress in arrProxyAddresses
							WriteText.WriteLine (vbTab & vbTab & ProxyAddress & vbCr) 
						Next
						objRecordSet.MoveNext
					End if
				WriteText.WriteLine("Memberships" & vbTab & vbTab & ":" & vbCr)
					
				WriteText.WriteLine("Homedir" & vbTab & vbTab & ":" & objRecordSet.Fields("homeDirectory").Value & vbCr)
				WriteText.WriteLine("Homedrive" & vbTab & ":" & objRecordSet.Fields("homeDrive").Value & vbCr)
				WriteText.WriteLine("Scriptpath" & vbTab & vbTab & ":" & objRecordSet.Fields("scriptPath").Value & vbCrLf)
			objRecordSet.MoveNext
			Loop
		Else
			objRecordSet.MoveNext
		End if
Wend

WriteText.Close
Set WriteText = NOTHING

Set objFile = objFSO.OpenTextFile("test.txt", 1, true)
strText = objFile.ReadAll
objFile.Close
strNewText = Replace(strText, "smtp", "")
strNewText = Replace(strNewText, "SMTP", "")
Set objFile = objFSO.OpenTextFile("test.txt", 2, true)
objFile.WriteLine strNewText
objFile.Close

Set objFSO= NOTHING

WScript.Echo "Done"

Under the line
WriteText.WriteLine("Memberships" & vbTab & vbTab & ":" & vbCr)
I want to enumerate all the groups that a user is member of. I think it is possible to do it the same way I did with proxyaddresses, but I can't find the correct value for each "groups" instead of "proxyaddress".

 

[mrmovie]

you do not need your second Do Loop at all, its serves no purpose only to mess up your iteration (the only service it is providing you with is that it prevents you from binding with Set objUser = etc for each user in the recordset, some might say this is of benefit, lol)
On the subject of the binding with Set objUser in order to determine Enabled status....i would guess this could be done by pulling this back as a property in the recordset and hence you wouldnt need to bind to the user anymore and this would speed things up no end

 

[kokser]

Something like?

Set objUser = objRecordSet.Fields(AccountDisabled)

Or what do you mean?

 

[mrmovie]

no, not that

you grab lots of propeties of each user back as a row (per user) in a recordset, what i am suggesting is that you could add an extra property to pull back, "AccountDisabled"
"SELECT Name, sAMAccountName, mail, proxyAddresses, homeDirectory, homeDrive, memberOf, scriptPath, distinguishedName FROM 'LDAP://dc=Company,dc=local' WHERE objectCategory='Person'"

you could then just pull back property from the recordset like you have with all the other properties

WriteText.WriteLine("Account Disabled " & vbTab & vbTab & ":" & objRecordSet.Fields("AccountDisabled").Value &


this is providing that AccountDisabled is a property you can return to the recordset

 

[kokser]

It is not, unless it is a subattribute, which I don't know how to get (like earlier with the memberOf situation).

 

[kokser]

I just found the value UserAccountControl, where it is possible to determine the state of an object.

I am now trying o figure out how I can make the script tell the difference between a User and a Contact (both get exported with ObjectCategory=Person).

This appears to not work

objCommand.CommandText = _
"SELECT Name, sAMAccountName, mail, proxyAddresses, homeDirectory, homeDrive, memberOf, scriptPath, ObjectClass, UserAccountControl FROM 'LDAP://dc=AdvizorIT,dc=local' WHERE objectCategory='Person'"
Set objRecordSet = objCommand.Execute

Set WriteText = objFSO.OpenTextFile("test.txt", 8, true)

objRecordSet.MoveFirst

While Not objRecordSet.EOF
	if UserAccountControl <> 514 Then
		Select Case objRecordSet.Fields("ObjectClass").Value
			Case "User"
				varclass = "Username"
			Case "Contact"
				varclass = "Contact name"
		End Select
		export lots of user information
	objRecordSet.MoveNext
	End if
wend