Solved

Active Directory VBScript not returning role correctly

Posted on 2006-07-06
6
1,248 Views
Last Modified: 2012-05-05
In our test lab AD, we have three computers, two of them show "Machine Role" in the AD Find box as "Workstation or Server" and the other has role "Domain Controller". I wanted to extract this information into VB, but when I query machineRole it returns nothing in that field.

Heres the script

     SET con = CreateObject("ADODB.Connection")
     With con
          .Provider = "ADsDSOObject"
          .Properties("User ID") = "RESTRICTED\Administrator"
          .Properties("Password") = inputbox("enter admin pwd")
          .Properties("Encrypt Password") = True
          .Open "ADs Provider"
     End With
     Set adoRecordset = CreateObject("ADODB.Recordset")
     SQLText = " select  Name, canonicalName, distinguishedName, operatingSystem, operatingSystemVersion, OperatingSystemServicePack,  OperatingSystemHotfix, dnsHostName, Location, Description, UserAccountControl, whenCreated, whenChanged, machineRole, userAccountControl"

     SQLText = SQLText & " FROM 'LDAP://SERVERNAME/DC=RESTRICTED,DC=MYDOMAIN,DC=NET' "
     SQLText = SQLText & " WHERE objectClass='Computer' "
     adoRecordset.Open SQLText, con


Now adoRecordset.Fields("machineRole").value returns null. I wondered if it was an array so I ran it with cscript using .net 2005 debugger and although it may be an array it has no elements. I have checked this on every record.

Is there a different way of retrieving machineRole - or is it another field ?

thanks
0
Comment
Question by:plq
  • 3
  • 2
6 Comments
 
LVL 16

Expert Comment

by:mdiglio
ID: 17051170
Hello,

add this code to what you posted and it will return what you want

'5 represents domain controller fsmo holder and 4 represents backup domain controller
'Since you only have 1 DC in your test environment you won't need the 4 part

Do While Not adoRecordset.EOF
    strComputer = adoRecordset.Fields("name")
    Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
    Set colItems = objWMIService.ExecQuery("Select domainRole from Win32_ComputerSystem", , 48)
    For Each objItem In colItems
        If objItem.DomainRole = 5 Or objItem.DomainRole = 4 Then
            MsgBox "Domain Controller"
         Else
            MsgBox "Workstation Or Server"
        End If
    Next

Loop
0
 
LVL 16

Expert Comment

by:mdiglio
ID: 17051181
I know that wasn't a very efficient solution but I'm not sure what is wrong with that attribute.
As a test, not a solution, you might want to try changing the attribute so it is replicated to the GC and/or indexed

Open Active Directory SChema
start > run > mmc > add/remove snap-in > look for 'Active Directory SChema'

Under attributes look for machineRole and change it so it is replicated to the Global Catalog and/or it is indexed
Honestly, I can't see why that would work because I can query other attributes that aren't relpicated/indexed,
but since this is a test environment, and if you feel comfortable doing so, you might as well give it a shot.
0
 
LVL 8

Assisted Solution

by:Shakti109
Shakti109 earned 150 total points
ID: 17051184

While the Display name of the property is "MachineRole", the actual CN name is "Machine-Role", query on that and you should be ok.

An alternative is to use WMI to query the win32_computersystem class and extract the DomainRole parameter.

This will return one of the following values :
0 Standalone Workstation
1 Member Workstation
2 Standalone Server
3 Member Server
4 Backup Domain Controller
5 Primary Domain Controller


Here is a link to all of the default Active Directory Schema attributes :
http://msdn.microsoft.com/library/?url=/library/en-us/adschema/adschema/attributes_all.asp


0
Control application downtime with dependency maps

Visualize the interdependencies between application components better with Applications Manager's automated application discovery and dependency mapping feature. Resolve performance issues faster by quickly isolating problematic components.

 
LVL 8

Author Comment

by:plq
ID: 17052362
I think the correct name is machineRole - it errors if you give a field name that doesnt exist. And machine-role does raise an error.

In the AD Schema snap in, machineRole is there, Machine-Role is its display name/description. I added it to global catalog but script output is still the same

Perhaps there's some kind of bug in the ads provider. I haven't actually proved to myself that the Machine-Role or machineRole field actually contains the value - I've just seen "Machine Role" as a column header in search results and that was populated. Is there a way of inspecting all AD attributes using the MMC or other tools ?


thanks
0
 
LVL 16

Accepted Solution

by:
mdiglio earned 350 total points
ID: 17052539
I think it is the attribute and not the provider
I tried using the adsi .get method and it failed as well

The only uncommon characteristic about it is the syntax is 'enumerate', I would have thought it to be a string

The only tool I use to inspect all AD attributes is the schema snap-in
0
 
LVL 8

Author Comment

by:plq
ID: 17072728
I dont see any way forward with this. I will park it for now and update here if I find out a way of getting that data back.
0

Featured Post

U.S. Department of Agriculture and Acronis Access

With the new era of mobile computing, smartphones and tablets, wireless communications and cloud services, the USDA sought to take advantage of a mobilized workforce and the blurring lines between personal and corporate computing resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, I had the need to build a standalone system to run a point-of-sale system. I’m running this on a low-voltage Atom processor, so I wanted a light-weight operating system, but still needed Windows. I chose to use Microsoft Windows Server 200…
I've always wanted to allow a user to have a printer no matter where they login. The steps below will show you how to achieve just that. In this Article I'll show how to deploy printers automatically with group policy and then using security fil…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Delivering innovative fully-managed cloud services for mission-critical applications requires expertise in multiple areas plus vision and commitment. Meet a few of the people behind the quality services of Concerto.

943 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now