LDAP User Info Pull 1

[BKearan]

The Goal: Pull in user logon Ids from a text file and then pull information about them from Active Directory.

The Script:

' Find information from Active Directory using the logon name

'----- Customize the following constants for your needs -----
Const HostList = "targets.txt"
Const ResultsFile = "Logon_Info.csv"
Const ScriptVersion = 1.0
Const JobSleep = 15000 'Time to sleep between jobs, in milliseconds


'----- Constant Declarations -----
Const ForReading = 1
Const ForWriting = 2

Dim objFSO, strFileEntry
Dim ListFile, LogFile, strUser


'----- Script Banner -----
WScript.Echo
WScript.Echo ("********************************************************")
WScript.Echo
WScript.Echo "Start Acitve Directory Information script version " & ScriptVersion
WScript.Echo "Starting Timestamp: " & Now
WScript.Echo

Set objFSO = CreateObject("Scripting.FileSystemObject")

If (objFSO.FileExists(HostList)) Then
Set ListFile = objFSO.OpenTextFile(HostList, ForReading)
Else
wscript.echo ("ERROR: Unable to find input file " & HostList & ".")
wscript.echo (" Please make sure that the file exists and your user")
wscript.echo (" account has rights to access it.")
Set objFSO = Nothing
wscript.quit(2)

End If ' (objFSO.FileExists(HostList))

Set LogFile = objFSO.OpenTextFile(ResultsFile, ForWriting, True)

If Err.Number <> 0 Then
wscript.echo ("ERROR: Unable to initialize requested log file, " & ResultsFile & ".")
wscript.echo (" Please make sure that the path is valid.")
WScript.Echo
WScript.Echo (" Error Code was " & Err.Number & " with description: " & Err.Description & ".")
ListFile.Close
Set objFSO = Nothing
wscript.quit(2)
End If 'Err.Number <> 0

' Write header line to Results File
LogFile.Writeline "Name,login,workstations,First Name, Last Name,Display Name,Telephone,Email,Description"
'
Do while ListFile.AtEndOfStream <> True
strFileEntry = ListFile.ReadLine
strUser = Trim(strFileEntry)
If strUser <> "" Then
GetUserInfo strUser
End If 'strUser <> ""
Loop 'while ListFile.AtEndOfStream <> True



LogFile.Close
ListFile.Close

set LogFile = Nothing
Set ListFile = Nothing
Set objFSO = Nothing

WScript.Echo
WScript.Echo "Ending Timestamp: " & Now
WScript.Echo ("********************************************************")
WScript.Echo
WScript.Quit

'*******************************************************************

'
'***********************************************************
' SUBROUTINES and FUNCTION
'***********************************************************
'
Function GetUserInfo(strUser)
On Error Resume Next
logfile.writeline "Working on " & strUser
Set objUser = GetObject("LDAP://CN=" & strUser & "CN=Domain%20Users,CN=Users,dc=MYDOMAIN,dc=local")
logfile.writeline objUser.username
logfile.writeline err & " " & err.description
Wscript.Echo err.description
WScript.Echo "User Principal Name: " & objUser.userPrincipalName
WScript.Echo "SAM Account Name: " & objUser.sAMAccountName
WScript.Echo "User Workstations: " & objUser.userWorkstations
WScript.Echo "First Name: " & objUser.givenName
WScript.Echo "Last Name: " & objUser.sn
WScript.Echo "Display Name: " & objUser.displayName
WScript.Echo "Telephone Number: " & objUser.telephoneNumber
WScript.Echo "Email: " & objUser.mail
logfile.writeline strUser & "," & objUser.userPrincipalName & "," & objUser.sAMAccountName & "," & objUser.userWorkstations & "," & objUser.givenName & "," & objUser.sn & "," & objUser.displayName & "," & objUser.telephoneNumber & "," & objUser.mail
end function

The Problem: Getting a "Object Required" error on all the objUser.**** items. Like there is nothing coming from LDAP at all. Is there an "Impersonate" type thing for LDAP? I haven't had to use one before now to pull items. Very new to VBScript, no real training.

 

[BKearan]

Well, discovered one BIG thing... That CN=Domain Users,CN=Users is NOT a searchable LDAP folder. Can't get to it.

So, not an issue with the script so much as idiots in that department not thinking of putting in an "All Users" OU where its accessable.

So, now I either have to traverse wild amounts of red tape OR find a way to search ALL Groups until I find the LOGIN - which is often different than the CN used in our Active Directory setup. No strict standard was used. *sigh*

IE - some CNs are L123abc - standard, and some are Joe Smith - not standard.

Any ideas?

 

[markdmac]

Use K0b3's function for getting the distinguished name.

faq329-5688

Read in your user name and pass it to the function to get the distinguished name of the user. You can then use that to bind to the user object and return whatever info you need.

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at

http://www.thespidersparlor.com/vbscript

Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.

 

[BKearan]

Thank you! That was what I needed! This script works great for pulling a user's logon ID from a text file, searching AD and putting the ID's information into a .csv file.

Here is the working script

' Find information from Active Directory using the logon ID or the accountname

'----- Customize the following constants for your needs -----
Const HostList = "targets.txt"
Const ResultsFile = "Logon_Info.csv"
Const ScriptVersion = 1.8
Const JobSleep = 15000				'Time to sleep between jobs, in milliseconds


'----- Constant Declarations -----
Const ForReading = 1
Const ForWriting = 2

Dim objFSO, strFileEntry
Dim ListFile, LogFile, strUser


'----- Script Banner -----
WScript.Echo
WScript.Echo ("********************************************************")
WScript.Echo
WScript.Echo "Start Acitve Directory Information script version " & ScriptVersion
WScript.Echo "Starting Timestamp: " & Now
WScript.Echo

Set objFSO = CreateObject("Scripting.FileSystemObject")  

If (objFSO.FileExists(HostList)) Then 
    Set ListFile = objFSO.OpenTextFile(HostList, ForReading)
Else 
    wscript.echo ("ERROR:  Unable to find input file " & HostList & ".")
    wscript.echo ("        Please make sure that the file exists and your user")
    wscript.echo ("        account has rights to access it.")
    Set objFSO = Nothing
    wscript.quit(2)
    
End If '  (objFSO.FileExists(HostList))

Set LogFile = objFSO.OpenTextFile(ResultsFile, ForWriting, True)

If Err.Number <> 0 Then
    wscript.echo ("ERROR:  Unable to initialize requested log file, " & ResultsFile & ".")
    wscript.echo ("        Please make sure that the path is valid.")
    WScript.Echo
    WScript.Echo ("        Error Code was " & Err.Number & " with description: " & Err.Description & ".")
    ListFile.Close
    Set objFSO = Nothing
    wscript.quit(2)
End If 'Err.Number <> 0


LogFile.Writeline "User Info,login,Display Name,Telephone,Email"
Do while ListFile.AtEndOfStream <> True
	strFileEntry = ListFile.ReadLine
	strUser = Trim(strFileEntry)
	If strUser <> "" Then
		GetUserInfo strUser
	End If  'strUser <> "" 
Loop  'while ListFile.AtEndOfStream <> True	                        



LogFile.Close
ListFile.Close

set LogFile = Nothing
Set ListFile = Nothing
Set objFSO = Nothing

WScript.Echo 
WScript.Echo "Ending Timestamp: " & Now
WScript.Echo ("********************************************************")
WScript.Echo
WScript.Quit

'*******************************************************************

'
'***********************************************************
'                        SUBROUTINES and FUNCTION
'***********************************************************
'
Function GetUserInfo(strUser)
WScript.Echo "Working on " & strUser

vSAN = strUser
' ************************************************
' Pulled from Tek-Tips forum, [URL unfurl="true"]http://www.tek-tips.com/faqs.cfm?fid=5688[/URL]
' ************************************************

    ' Function:     SearchDistinguishedName
    ' Description:  Searches the DistinguishedName for a given SamAccountName
    ' Parameters:   ByVal vSAN - The SamAccountName to search
    ' Returns:      The DistinguishedName Name
    Dim oRootDSE, oConnection, oCommand, oRecordSet
	
    Set oRootDSE = GetObject("LDAP://rootDSE")
    Set oConnection = CreateObject("ADODB.Connection")
    oConnection.Open "Provider=ADsDSOObject;"
    Set oCommand = CreateObject("ADODB.Command")
    oCommand.ActiveConnection = oConnection
    oCommand.CommandText = "<LDAP://" & oRootDSE.get("defaultNamingContext") & _
        ">;(&(objectCategory=User)(samAccountName=" & vSAN & "));distinguishedName;subtree"
    Set oRecordSet = oCommand.Execute
'    On Error Resume Next
    SearchDistinguishedName = oRecordSet.Fields("DistinguishedName")
    On Error GoTo 0
    oConnection.Close
    Set oRecordSet = Nothing
    Set oCommand = Nothing
    Set oConnection = Nothing
    Set oRootDSE = Nothing

' **************************************************
' End Pulled from Tek-Tips
' **************************************************

' put long name into shorter variable
strDN = SearchDistinguishedName
'

Set objUser = GetObject("LDAP://" & strDN)
Wscript.Echo err.description
	WScript.Echo "User Principal Name: " & objUser.userPrincipalName
	WScript.Echo "SAM Account Name: " & objUser.sAMAccountName
	WScript.Echo "First Name: " & objUser.givenName
	WScript.Echo "Last Name: " & objUser.sn
	WScript.Echo "Display Name: " & objUser.displayName
	WScript.Echo "Telephone Number: " & objUser.telephoneNumber
	WScript.Echo "Email: " & objUser.mail
	logfile.writeline strUser & "," & objUser.sAMAccountName & "," & objUser.displayName & "," & objUser.telephoneNumber & "," & objUser.mail
End Function

I had a list of 25 login IDs to search for who they actually were and the script finished so quick, the wscript.echo statements were a blur. Very nice. There is a bit of superflous code, but we kind of have a 'standard' codeset for "pull from text file" and other types of vbscripts and its easier to cut-n-paste a lot of time, so that is why its still in there but maybe not used.

 

[BKearan]

Wound up having to un-comment the On Error Resume Next and add one just above the Set ObjUser
NOW it works even if it does not find the 'account name' in AD.