Solved

How to get GUID using LDAP & VB Script with ADS

Posted on 2003-11-10
10
11,114 Views
Last Modified: 2008-05-30
Dear Experts,
  How to get All GUID of my network using LDAP and VB Script  with Active Directory Services.
This is very urgent requirement.
Thanks in advance
Venkat
0
Comment
Question by:N_K_venkat
  • 3
  • 2
  • 2
10 Comments
 
LVL 6

Expert Comment

by:pillbug22
ID: 9723597
Here's a .vb file I use - You can just ru it and it will return the results in a text file, but you can change it to for writing to a web page or whatever you need (it's in VBScript/WScript).

As it is, it returns all users in a specified OU, but you can also change that to return a specific user or all users in your AD.:


The parseFirstName() and parseLastName() functions are only needed if your AD is not filled in completely (the first and last names of each person aren't filled in) - it just splits up the display name into pieces.



' *****************************************
' AD_query.vbs
' Selects AD info for all users (specified by criteria)
' Can be changed to select one user, members of specific OU, or
' all members in AD.

Function ParseOU(strDN)
      dim DNarray
      DNarray = Split(strDN, "=", -1, 1)
      ParseOU = Left(DNarray(3), 5)
End Function


Function ParseSubOU(strDN)
      dim DNarray
      DNarray = Split(strDN, "=", -1, 1)
      ParseSubOU = Left(DNarray(2), 6)
End Function


Function ParseFirstName(strCN)
      dim nameArray
      nameArray = Split(strCN, " ", -1, 1)
      ParseFirstName = nameArray(1)
End Function



Function ParseLastName(strCN)
      dim nameArray
      nameArray = Split(strCN, " ", -1, 1)
      ParseLastName = nameArray(0)
End Function






Sub queryAD
      
      Set ADOConn = CreateObject("ADODB.Connection")
      ADOConn.Provider = "ADSDSOObject"
      ADOConn.Open "Active Directory Provider"

      Set objCmd = CreateObject("ADODB.Command")
      Set objCmd.ActiveConnection = ADOConn

      objCmd.CommandText = "SELECT cn, sAMAccountName, mail, givenName, sn, displayName, distinguishedName FROM " & _
            "'LDAP://OU=000555,dc=subDomain,dc=domain,dc=com' WHERE objectClass='user'"

                  ' AND sAMAccountName='userName'"

      set rs = objCmd.Execute


      dim fso, myFile
      set fso = createObject("Scripting.FileSystemObject")
      set myFile = fso.CreateTextFile("c:\ldap.txt", true)


      on error resume next


      do while not rs.eof
            
            myFile.WriteLine("CN: " & rs.fields("cn"))
            myFile.WriteLine("SAMAccountName: " & rs.fields("sAMAccountName"))
            myFile.WriteLine("Email Address: " & rs.fields("mail"))
            myFile.WriteLine("Firstname: " & rs.fields("givenName"))
            myFile.WriteLine("Surname: " & rs.fields("sn"))
            myFile.WriteLine("Display Name: " & rs.Fields("displayName"))
            myFile.WriteLine("DN: " & rs.fields("distinguishedName"))
            Set ou = GetObject("LDAP://OU=" & ParseSubOU(rs.Fields("distinguishedName")) & ",OU=" & ParseOU(rs.Fields("distinguishedName")) & ",DC=hca,DC=corpad,DC=net")
            myFile.WriteLine("OU: " & ParseOU(rs.Fields("distinguishedName")))
            myFile.WriteLine("Sub OU: " & ParseSubOU(rs.Fields("distinguishedName")))
            myFile.WriteLine("Description: " & ou.description)
            myFile.WriteLine("Display Name: " & ou.displayName)
            myFile.WriteLine("----------------------------------------------")


            rs.movenext
      loop





      myFile.Close
      rs.Close
      ADOConn.Close

      Set RS = Nothing
      Set objCmd = Nothing
      Set ADOConn = Nothing

End Sub

wscript.echo("running...")
queryAd
wscript.echo("File has ben saved to c:\ldap.txt")

' *****************************************
0
 

Author Comment

by:N_K_venkat
ID: 9728111
Hi pillbug22,
  Its working fine but it is returning the GUID.i want that only

Thanks
Venkat
0
 

Expert Comment

by:gfergus
ID: 9728406
Using pillbug's scripting above, you can reference the SID using:

myFile.WriteLine("SID: " & rs.fields("SID"))

Result:
 SID: S-1-5-21-2025429265-1417001333-682003330-3613

Is that what you're after?

Greg
0
What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

 

Author Comment

by:N_K_venkat
ID: 9728777
Dear gfergus,
 is SID and GUID are same?
0
 

Author Comment

by:N_K_venkat
ID: 9728805
Hi gfergus,
 I changed the code "'LDAP://dc=domain Name' WHERE objectClass='user'"

Insead of 'LDAP://OU=000555,dc=subDomain,dc=domain,dc=com' WHERE objectClass='user'"
(Refer code given by pillbug22). As u said SID returns GUID i have a doubt whether SID and GUID are same.
 Moreover i couldnt get the SID also using the recordset.i want to know whether this is because of the code i changed or not??

Thanks and Regards,
Venkat
0
 
LVL 6

Accepted Solution

by:
pillbug22 earned 500 total points
ID: 9731978
Does the code work as given if all you change is the domain names?


If so, try changing the beginning of the loop:

                      do while not rs.eof
            Set prov = GetObject("LDAP:")
            Set user = prov.OpenDSObject("LDAP://CN=" & rs.Fields("cn") & ",CN=Users,OU=<OU here>,dc=<subDomain>,dc=<domain>,dc=<com/net/whatever>")
            myFile.WriteLine("GUID: " & user.GUID)
                                ...
                                ...
                      loop


I found some code in a book that talks about having to bind to an object in order to get some properties (including GUID) that aren't available when you do a recordset-style query.      
0
 

Expert Comment

by:gfergus
ID: 9736066
Hi N_K_venkat,

Looks like pillbug22 is on the right track. 'user.GUID' would appear to be the correct syntax.

Let us know how it works for you.

PS. Just to rehash a little, why do you need all GUID's in such a hurry anyway? Maybe there's another way of solving the original problem.

Greg
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Computer science students often experience many of the same frustrations when going through their engineering courses. This article presents seven tips I found useful when completing a bachelors and masters degree in computing which I believe may he…
This article outlines the process to identify and resolve account lockout in an Active Directory environment.
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question