Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

VBScript to interrogate AD

Status
Not open for further replies.

surfangel

Technical User
Feb 10, 2005
19
GB
Hi everyone

I am looking to find some VB code that will help me detail how many people have registered to out AD and single out certain variables from them.

Is there a tool that can do this, or would it be easyier to write a script?

Thanks in advance.

Regards
 
The simplest way is to use AD Users and Computers with a custom search. See this FAQ on setting up LDAP queries. faq774-5667

If you've started on some code and you are stuck, please post and state your problems with the code.


PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers
 
One more thing... Which attribute are you trying to query? The methods for querying have some variation based on how the data is stored in the attribute.

PSC

Governments and corporations need people like you and me. We are samurai. The keyboard cowboys. And all those other people out there who have no idea what's going on are the cattle. Mooo! --Mr. The Plague, from the movie "Hackers
 
Thanks for you replies Scott. I am not very experienced with doing scripts really.

Ok I'll start from scratch. We have recently setup a secure website that registers new users to our Secure.AD domain. They can register online and have an online account setup automatically.

So I basically need to find out who in our secure.ad tree which has about 10,000 registered users. Out of these are 200 people called LOMS which is a type of manager at a remote site. I need to find out who out of these 200 odd people have registered on our website.

I have a BIG problem tho, in that these individuals (LOMS) titles are not being popuated to the secure.ad so I have no data to compare them against.

I do however have a list of these LOMS and a list of all new registered users. So now I just need to write a couple of scripts that references both lists and outputs a result of all LOMS who have registered to the site.

This all may sound very convoluted and there is probably an easier way to do it.

Thanks in advance :)
 
Easy enough.

Read the list of LOMS into a dictionary object.
Read the list of registered users into an array and then compare the two.

Here is the hard parts for you:

Code:
Dim oLOMSList
Dim RegisteredList

Set oLOMSList = CreateObject("Scripting.Dictionary")

RegisteredList = Array("John","Jack","Sue","Michael")

oLOMSList.Add "Jack",1
oLOMSList.Add "Sue",1

For Each RegisteredUser In RegisteredList
	If oLOMSList.Exists(RegisteredUser) Then
		Report = Report & RegisteredUser & " is a registered LOMS & vbCrLf
	End If
Next

WScript.Echo Report

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Thanks for your help markdmac. Your script seems a hell of a lot less convoluted than mine. This is what I have so far.

right near the end is the area I am stuck at where you see the @@@@@@@@ bits. I have kind of written down what what is in my head rather than VB.Script language.

Can someone please point me down the right path please :)

' VB-Script Output LOM objects using LDAP and ADO

'Author: Robin Griessel
'Date:28-05-2007
'History:
'28-05-2007 - Initial version


set NABWS = wscript.createobject ("WScript.Shell")
set NABFSO = Wscript.createobject ("Scripting.FileSystemObject")
set ERRORWS = wscript.createobject ("WScript.Shell")
set ERRORFSO = Wscript.createobject ("Scripting.FileSystemObject")

'set NABFILE = NABFSO.CreateTextFile("c:\temp\loms.nab")
set ERRORFILE = ERRORFSO.CreateTextFile("c:\temp\lomerror.log")

'Header for NAB file


'NABFILE.Write defaultHeader

'################################
' Setup sercuread connection
'##################################
SQLStmt2 = "SELECT rnliisaregistered" & _
"FROM 'LDAP://10.1.xxx.xx:389/o=RNLI' " & _
"WHERE objectClass='*' AND cn = &Namevalue "

Set Conn2 = CreateObject("ADODB.Connection")
Conn2.Provider = "ADSDSOObject"

Conn2.Open "ADs Provider","cn=admin,o=RNLI","password!"

'###################################
' setup Novell Identity connection
'####################################

SQLStmt = "SELECT cn, title " & _
"FROM 'LDAP://10.1.XXX.XX:389/o=RNLI' " & _
"WHERE objectClass='*' AND title='Lifeboat Operations Manager' OR title='Thames Station Manager*' OR title='Superintendent Coxswain'"

Set Conn = CreateObject("ADODB.Connection")
Conn.Provider = "ADSDSOObject"

Conn.Open "ADs Provider","cn=admin,o=RNLI","password"


Set rs = Conn.Execute(SQLStmt)


Do While Not rs.EOF

For x = 0 to 1
If IsArray(rs.Fields(x)) Then
rsArray = rs.Fields(x)
For I = LBound(rsArray) to UBound(rsArray)
If x = 0 Then
TARRAY = rsarray(0)
'wscript.echo "Job title is : " & TARRAY
ElseIf x = 1 Then
NameValue = rsArray(0)
'wscript.echo "Name is :" & Namevalue
End If
Next

Else
'Report error
End If

counter = counter + 1

Next

Set rs2 = Conn2.Execute(SQLStmt2),3,3

if rs2.recordcount > 0 then

if rs2 @@@@@@@@@@@@@@@ the registerded setting is on
then
add one to registerd count
else
dont add
else
ERRORFILE.Write "Name " & Namevalue & "Not found in secure AD" & vbCrLf



NameValue = ""
MobileValue = ""

rs.MoveNext

Loop


wscript.echo counter & " LOMS found"
wscript.echo errorcounter & " errors found"

Thank you all once again for your help.

 
OK, first off there is no need to declare objects twice. You can use them over and over again. I also recommend going with names that are more "standard" to make using other people's code with yours easier.

So change the following
Code:
set NABWS = wscript.createobject ("WScript.Shell")
set NABFSO = Wscript.createobject ("Scripting.FileSystemObject")
set ERRORWS = wscript.createobject ("WScript.Shell")
set ERRORFSO = Wscript.createobject ("Scripting.FileSystemObject")

to the following
Code:
set WSHShell = wscript.createobject ("WScript.Shell")
set objFSO = Wscript.createobject ("Scripting.FileSystemObject")

Then globally replace all references to NABWS and ERRORWS to WSHShell. Likewise replace all references to NABFSO and ERRORFSO to objFSO.

You should really do a better job documenting what each section is supposed to be doing for those that follow you (or for people like me trying to help you).


I assume that the first SQL connection gets the registered users and the other SQL connection is to get the full list of people to see IF they have registered.

So here is what I believe you need. Since I don't know Novell's attribute names I am assuming that where you had NameValue the attribute name is Name. You may have to modify this to 'cn' so check it against your AD.

Code:
' VB-Script Output LOM objects using LDAP and ADO

'Author: Robin Griessel
'Date:28-05-2007
'History:
'28-05-2007 - Initial version
'Modifications and code completion by Mark D. MacLachlan
'The Spider's Parlor
'[URL unfurl="true"]http://www.thespidersparlor.com[/URL]

Dim oLOMList,oRegisteredLOMList
Set oRegisteredLOMList = CreateObject("Scripting.Dictionary")


Set WSHShell = wscript.createobject ("WScript.Shell")
Set objFSO = Wscript.createobject ("Scripting.FileSystemObject")
Set NABFILE = objFSO.CreateTextFile("c:\temp\loms.nab")
Set ERRORFILE = objFSO.CreateTextFile("c:\temp\lomerror.log")


'################################
' Use sercured connection to get
' list of registered users
'##################################
SQLStmt2 = "SELECT Name " & _
          "FROM 'LDAP://10.1.xxx.xx:389/o=RNLI' " & _
          "WHERE objectClass='*' AND rnliisaregistered='1'"
         
Set Conn2 = CreateObject("ADODB.Connection")
Conn2.Provider = "ADSDSOObject"
Conn2.Open "ADs Provider","cn=admin,o=RNLI","password!"
Set RegisteredRS  = Conn2.Execute(SQLStmt2),3,3    


'RegisteredRS should now have the list of registered users. 
'Add registered users to the dictionary object
For Each LOM In RegisteredRS
	oRegisteredLOMList.Add LOM,1
Next
RegisteredCount = oRegisteredLOMList.Count
Report = "There are " & RegisteredCount & " LOMS Registered in Secure AD" & vbCrLf

'###################################
' setup Novell Identity connection
' Now we query to get a list of all 
' the users that SHOULD be registered
'####################################

SQLStmt = "SELECT cn, title " & _
          "FROM 'LDAP://10.1.XXX.XX:389/o=RNLI' " & _
          "WHERE objectClass='*' AND title='Lifeboat Operations Manager' OR title='Thames Station Manager' OR title='Superintendent Coxswain'"
          
Set Conn = CreateObject("ADODB.Connection")
Conn.Provider = "ADSDSOObject"
Conn.Open "ADs Provider","cn=admin,o=RNLI","password"
Set LOMList = Conn.Execute(SQLStmt)
' So our full list of LOMS is now stored in LOMList

'Now we compare and create reports
For Each LOM In LOMList
	If oRegisteredLOHMList.Exists(LOM.cn) Then
		Report = Report & LOM.cn & " is registered in secure AD" & vbCrLf
	Else
		NonRegistered = NonRegistered & LOM.cn & ", " & LOM.title & " is not registered in secure AD" & vbCrLf
		ErrorCount = ErrorCount + 1
	End If
Next
'Now we write our data to the files
ERRORFILE.Write "There were " & ErrorCount & " non registered LOMS." & vbCrLf
ERRORFILE.Write NonRegistered
NABFILE.Write Report

WScript.Echo RegisteredCount & " LOMS found" & vbCrLf & errorcount & " errors found"

I hope you find this post helpful.

Regards,

Mark

Check out my scripting solutions at
Work SMARTER not HARDER. The Spider's Parlor's Admin Script Pack is a collection of Administrative scripts designed to make IT Administration easier! Save time, get more work done, get the Admin Script Pack.
 
Helpful marcdmac, you have gone beyond the call of duty and I am most greatfull for all your help :)

It's good to see such helpful people on this forum. I wish I could return the favour, but I am sure your wisdom in these subjects far surpasses mine.

Thanks Again
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top