L0stInSpace
IS-IT--Management
How can I find a users OU based on username?
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Find OU from username 3
- Thread starter L0stInSpace
- Start date
- Status
![[lol]](/data/assets/smilies/lol.gif "[lol] [lol]")
I hope one would know what an OU is
Ya, I hope one would know what a Organizational Unit is to!
OU could mean about fifty different things. I guess after replying to thousands of threads and running around in circles trying to figure out with the lack of details in a question are by readin gminds I like to ask first to clarify. be it nicely or not!
_____________________________________________________________________
[sub]
Hakuna matata!![/sub]
Ya, I hope one would know what a Organizational Unit is to!
OU could mean about fifty different things. I guess after replying to thousands of threads and running around in circles trying to figure out with the lack of details in a question are by readin gminds I like to ask first to clarify. be it nicely or not!
_____________________________________________________________________
Hakuna matata!![/sub]
- Thread starter
- #6
L0stInSpace
IS-IT--Management
OU = Organizational Unit in Active Directory.
I'm trying to write a VBscript login script that will make decisions based on a users OU. I understand that I could run different scripts for differnt OU's, but that is not what I am trying to do.
Sorry about the confussion. This is my first posting here
I'm trying to write a VBscript login script that will make decisions based on a users OU. I understand that I could run different scripts for differnt OU's, but that is not what I am trying to do.
Sorry about the confussion. This is my first posting here
L0stInSpace,
You could also implement a chained If--Then--ElseIf statement in your script. ie,
If OU=Marketing Then
LoginScript=Marketlogin.vbs
ElseIf OU=Sales Then
LoginScript=Saleslogin.vbs
End If
Don't know if it is what your after but it might help.
Z
You could also implement a chained If--Then--ElseIf statement in your script. ie,
If OU=Marketing Then
LoginScript=Marketlogin.vbs
ElseIf OU=Sales Then
LoginScript=Saleslogin.vbs
End If
Don't know if it is what your after but it might help.
Z
-
1
- #9
In a Nutshell, it is easier to use the WinNT to locate the user then get the LDAP info.
The script below uses the Login Name (i.e. kbwood to get the information - Namely ASD path. This script will ask for the name. If you do not give a name, it will write ALL ids to a file inthe C:\temp directory.
You must be an admin for it to work.
'gets AD users, checks e-mail Firstname and Last Name, OU location Puts results in a file
'requires Domain admin priviledges to run
' Check to see if there is a command-line argument
Set objArguments = WScript.Arguments
dim strSn
dim strGivenName
dim strNewEmail
dim strCurrentEMail
dim strAsk
dim strWhere
dim strToGet
dim oUser
dim fso
dim file1
Const ForReading = 1, ForWriting = 2, ForAppending = 8
set fso = CreateObject("Scripting.FileSystemObject"
set file1 = fspenTextFile("C:\Temp\usersandOU.txt", ForAppending, True)
If (objArguments.Count = 1) Then
' Treat the command-line argument as the name to filter on
strPerson = objArguments(0)
Else
' Check to see if script is running in console
strExecutable = LCase(WScript.Fullname)
If InStr(strExecutable, "cscript" > 0 Then
' Prompt user for name
WScript.StdOut.Write "Logon Name to lookup (enter * for all):"
' Use Standard in to get name
strPerson = WScript.StdIn.ReadLine
Else
' GUI mode, use InputBox to prompt user
strPerson = InputBox("Enter the logon name of the person to lookup" & vbCrLf & "(Use * to search for all people)", "Lookup Location in Active Directory"
End If
End If
If strPerson <> "" Then
' Input box is not empty and Cancel button was not clicked
' Build the query string
' Active Directory OLEDB Provider format has four parts separated by semi-colons:
' Root: which is the starting point for the search
' Filter: conditions to search on, using RFC 2254 format
' Attributes: attributes to return
' Scope: base, onelevel or subtree for entire directory partition
' Specify the search base.
' We'll use the global catalog for performance reasons since the
' Name and Telephone number attributes are available from the GC
' First, need to discover the local global catalog server
Set objADsRootDSE = GetObject("GC://RootDSE"
' Form an ADsPath string to the DN of the root of the Active Directory forest
strADsPath = "GC://" & objADsRootDSE.Get("rootDomainNamingContext"
' Wrap the ADsPath with angle brackets to form the base string
strBase = "<" & strADsPath & ">"
' Release the ADSI object, no longer needed
Set objADsRootDSE = Nothing
' Specify the LDAP filter
' First, indicate the category of objects to be searched (all people, not just users)
strObjects = "(objectCategory=person)"
' If user enters "*", then filter on all people
If (strPerson = "*" Then
strName = "(sAMAccountName=*)"
Else
strName = "(sAMAccountName=" & strPerson & "*)"
End If
' Add the two filters together
strFilter = "(&" & strObjects & strName & ""
' Set the attributes we want the recordset to contain
' We're interested in the common name and telephone number
'strAttributes = "cn,Mail,sn,givenName"
strAttributes = "sAMAccountName,Mail,sn,givenName,ADsPath"
strWhere="ADsPath"
strSn = "sn"
strGivenName = "givenName"
' Specify the scope (base, onelevel, subtree)
strScope = "subtree"
' Create ADO connection using the ADSI OLE DB provider
Set objADOConnection = CreateObject("ADODB.Connection"
objADOConnection.Open "Provider=ADsDSOObject;"
' Create ADO commmand object and associate it with the connection
Set objADOCommand = CreateObject("ADODB.Command"
objADOCommand.ActiveConnection = objADOConnection
' Create the command string using the four parts
objADOCommand.CommandText = strBase & ";" & strFilter & ";" & strAttributes & ";" & strScope
' Set the number of records in the recordset logical page
'objADOCommand.Properties("Page Size" = 20
' Set the maximum result size
objADOCommand.Properties("Size Limit" = 2000
' Sort the results based on the cn attribute
objADOCommand.Properties("Sort On" = "sAMAccountName"
' Execute the query for the user in the directory
Set objADORecordset = objADOCommand.Execute
If objADORecordset.EOF Then
WScript.Echo "No records were found."
Else
' Loop through all the returned records
While Not objADORecordset.EOF
' Display the row using the selected fields
strDisplayLine = objADORecordset.Fields("sAMAccountName" & vbTab & vbTab
strWho = objADORecordset.Fields("sAMAccountName"
strWhere = objADORecordset.Fields("ADsPath"
' Check to see if EMail field is null
If IsNull(objADORecordset.Fields("Mail") Then
strDisplayLine = strDisplayLine & "(No E-Mail Address Listed)"
strCurrentEMail = "(No E-Mail Address Listed)"
Else
' Retrieve EMail address and add to line
strDisplayLine = strDisplayLine & objADORecordset.Fields("Mail"
strCurrentEMail = objADORecordset.Fields("Mail"
End If
'end if
' Display the line
WScript.Echo strDisplayLine
'file1.writeline(strDisplayLine & " " & strWhere)
' Advance to the next record
objADORecordset.MoveNext
Wend
End If
file1.close
' Close the ADO connection
msgbox "The results are in C:\Temp\usersandOU.txt"
objADOConnection.Close
End If
The script below uses the Login Name (i.e. kbwood to get the information - Namely ASD path. This script will ask for the name. If you do not give a name, it will write ALL ids to a file inthe C:\temp directory.
You must be an admin for it to work.
'gets AD users, checks e-mail Firstname and Last Name, OU location Puts results in a file
'requires Domain admin priviledges to run
' Check to see if there is a command-line argument
Set objArguments = WScript.Arguments
dim strSn
dim strGivenName
dim strNewEmail
dim strCurrentEMail
dim strAsk
dim strWhere
dim strToGet
dim oUser
dim fso
dim file1
Const ForReading = 1, ForWriting = 2, ForAppending = 8
set fso = CreateObject("Scripting.FileSystemObject"
set file1 = fs
penTextFile("C:\Temp\usersandOU.txt", ForAppending, True)If (objArguments.Count = 1) Then
' Treat the command-line argument as the name to filter on
strPerson = objArguments(0)
Else
' Check to see if script is running in console
strExecutable = LCase(WScript.Fullname)
If InStr(strExecutable, "cscript"
> 0 Then' Prompt user for name
WScript.StdOut.Write "Logon Name to lookup (enter * for all):"
' Use Standard in to get name
strPerson = WScript.StdIn.ReadLine
Else
' GUI mode, use InputBox to prompt user
strPerson = InputBox("Enter the logon name of the person to lookup" & vbCrLf & "(Use * to search for all people)", "Lookup Location in Active Directory"
End If
End If
If strPerson <> "" Then
' Input box is not empty and Cancel button was not clicked
' Build the query string
' Active Directory OLEDB Provider format has four parts separated by semi-colons:
' Root: which is the starting point for the search
' Filter: conditions to search on, using RFC 2254 format
' Attributes: attributes to return
' Scope: base, onelevel or subtree for entire directory partition
' Specify the search base.
' We'll use the global catalog for performance reasons since the
' Name and Telephone number attributes are available from the GC
' First, need to discover the local global catalog server
Set objADsRootDSE = GetObject("GC://RootDSE"
' Form an ADsPath string to the DN of the root of the Active Directory forest
strADsPath = "GC://" & objADsRootDSE.Get("rootDomainNamingContext"
' Wrap the ADsPath with angle brackets to form the base string
strBase = "<" & strADsPath & ">"
' Release the ADSI object, no longer needed
Set objADsRootDSE = Nothing
' Specify the LDAP filter
' First, indicate the category of objects to be searched (all people, not just users)
strObjects = "(objectCategory=person)"
' If user enters "*", then filter on all people
If (strPerson = "*"
ThenstrName = "(sAMAccountName=*)"
Else
strName = "(sAMAccountName=" & strPerson & "*)"
End If
' Add the two filters together
strFilter = "(&" & strObjects & strName & "
"' Set the attributes we want the recordset to contain
' We're interested in the common name and telephone number
'strAttributes = "cn,Mail,sn,givenName"
strAttributes = "sAMAccountName,Mail,sn,givenName,ADsPath"
strWhere="ADsPath"
strSn = "sn"
strGivenName = "givenName"
' Specify the scope (base, onelevel, subtree)
strScope = "subtree"
' Create ADO connection using the ADSI OLE DB provider
Set objADOConnection = CreateObject("ADODB.Connection"
objADOConnection.Open "Provider=ADsDSOObject;"
' Create ADO commmand object and associate it with the connection
Set objADOCommand = CreateObject("ADODB.Command"
objADOCommand.ActiveConnection = objADOConnection
' Create the command string using the four parts
objADOCommand.CommandText = strBase & ";" & strFilter & ";" & strAttributes & ";" & strScope
' Set the number of records in the recordset logical page
'objADOCommand.Properties("Page Size"
= 20' Set the maximum result size
objADOCommand.Properties("Size Limit"
= 2000' Sort the results based on the cn attribute
objADOCommand.Properties("Sort On"
= "sAMAccountName"' Execute the query for the user in the directory
Set objADORecordset = objADOCommand.Execute
If objADORecordset.EOF Then
WScript.Echo "No records were found."
Else
' Loop through all the returned records
While Not objADORecordset.EOF
' Display the row using the selected fields
strDisplayLine = objADORecordset.Fields("sAMAccountName"
& vbTab & vbTab strWho = objADORecordset.Fields("sAMAccountName"
strWhere = objADORecordset.Fields("ADsPath"
' Check to see if EMail field is null
If IsNull(objADORecordset.Fields("Mail"
) ThenstrDisplayLine = strDisplayLine & "(No E-Mail Address Listed)"
strCurrentEMail = "(No E-Mail Address Listed)"
Else
' Retrieve EMail address and add to line
strDisplayLine = strDisplayLine & objADORecordset.Fields("Mail"
strCurrentEMail = objADORecordset.Fields("Mail"
End If
'end if
' Display the line
WScript.Echo strDisplayLine
'file1.writeline(strDisplayLine & " " & strWhere)
' Advance to the next record
objADORecordset.MoveNext
Wend
End If
file1.close
' Close the ADO connection
msgbox "The results are in C:\Temp\usersandOU.txt"
objADOConnection.Close
End If
-
2
- #10
MisterNiceGuy
MIS
I use Ldap binding for virtually everything. Assuming you are binding to the user object, then the immediate parent of the user can be determined fairly easily. i.e.
'Bind to Active Directory System Info
Set AdsSysteminfo = CreateObject("adsysteminfo"
'Bind to the currently logged on user.
Set UserObj= Getobject("LDAP://" & adsSysteminfo.UserName)
'display the Ldap Path of the OU the user is in. (it's parent)
Msgbox UserObj.Parent
'bind to the OU.
Set OUobj=GetObject(UserObj.Parent)
'display the name of the OU. after removing the "OU="
msgbox replace(OUobj.name,"OU=",""
'Bind to Active Directory System Info
Set AdsSysteminfo = CreateObject("adsysteminfo"
'Bind to the currently logged on user.
Set UserObj= Getobject("LDAP://" & adsSysteminfo.UserName)
'display the Ldap Path of the OU the user is in. (it's parent)
Msgbox UserObj.Parent
'bind to the OU.
Set OUobj=GetObject(UserObj.Parent)
'display the name of the OU. after removing the "OU="
msgbox replace(OUobj.name,"OU=",""
Woodhead,
I really like this script you posted. I had some questions about it though, i am only able to return the first 2000 users in my domain. i changed the 'size limit' variable from 2000 to 5000 (even 50000) and i still only returned the first 2000, i also changed the 'page size' in relation to what i change the first and i got the same results. is this some sort of limitation to what the global catalog can return or am i just missing something obvious?
oh, here is a star for you, thanks.
I really like this script you posted. I had some questions about it though, i am only able to return the first 2000 users in my domain. i changed the 'size limit' variable from 2000 to 5000 (even 50000) and i still only returned the first 2000, i also changed the 'page size' in relation to what i change the first and i got the same results. is this some sort of limitation to what the global catalog can return or am i just missing something obvious?
oh, here is a star for you, thanks.
I remembr running into the 2000 record limit - for most of my clients this was not an issue. Off hand I do not remember my solution.
Try commenting out both the line:
objADOCommand.Properties("Size Limit" = 2000
so it looks like: (notice the single quote)
'objADOCommand.Properties("Size Limit" = 2000
You may notice the Page size already was commented out.
I 'think' this is what I did. I pulled this script out of my script library when I read your question. I remembered 'Hey - I had to do this once
Try commenting out both the line:
objADOCommand.Properties("Size Limit"
= 2000so it looks like: (notice the single quote)
'objADOCommand.Properties("Size Limit"
= 2000You may notice the Page size already was commented out.
I 'think' this is what I did. I pulled this script out of my script library when I read your question. I remembered 'Hey - I had to do this once
- Status
Similar threads
- Locked
- Question
- Locked
- Question
- Locked
- Question