Active Directory VBScript not returning role correctly
In our test lab AD, we have three computers, two of them show "Machine Role" in the AD Find box as "Workstation or Server" and the other has role "Domain Controller". I wanted to extract this information into VB, but when I query machineRole it returns nothing in that field.
Heres the script
SET con = CreateObject("ADODB.Connec
With con
.Provider = "ADsDSOObject"
.Properties("User ID") = "RESTRICTED\Administrator"
.Properties("Password") = inputbox("enter admin pwd")
.Properties("Encrypt Password") = True
.Open "ADs Provider"
End With
Set adoRecordset = CreateObject("ADODB.Record
SQLText = " select Name, canonicalName, distinguishedName, operatingSystem, operatingSystemVersion, OperatingSystemServicePack
SQLText = SQLText & " FROM 'LDAP://SERVERNAME/DC=REST
SQLText = SQLText & " WHERE objectClass='Computer' "
adoRecordset.Open SQLText, con
Now adoRecordset.Fields("machi
Is there a different way of retrieving machineRole - or is it another field ?
thanks
Heres the script
SET con = CreateObject("ADODB.Connec
With con
.Provider = "ADsDSOObject"
.Properties("User ID") = "RESTRICTED\Administrator"
.Properties("Password") = inputbox("enter admin pwd")
.Properties("Encrypt Password") = True
.Open "ADs Provider"
End With
Set adoRecordset = CreateObject("ADODB.Record
SQLText = " select Name, canonicalName, distinguishedName, operatingSystem, operatingSystemVersion, OperatingSystemServicePack
SQLText = SQLText & " FROM 'LDAP://SERVERNAME/DC=REST
SQLText = SQLText & " WHERE objectClass='Computer' "
adoRecordset.Open SQLText, con
Now adoRecordset.Fields("machi
Is there a different way of retrieving machineRole - or is it another field ?
thanks
I know that wasn't a very efficient solution but I'm not sure what is wrong with that attribute.
As a test, not a solution, you might want to try changing the attribute so it is replicated to the GC and/or indexed
Open Active Directory SChema
start > run > mmc > add/remove snap-in > look for 'Active Directory SChema'
Under attributes look for machineRole and change it so it is replicated to the Global Catalog and/or it is indexed
Honestly, I can't see why that would work because I can query other attributes that aren't relpicated/indexed,
but since this is a test environment, and if you feel comfortable doing so, you might as well give it a shot.
As a test, not a solution, you might want to try changing the attribute so it is replicated to the GC and/or indexed
Open Active Directory SChema
start > run > mmc > add/remove snap-in > look for 'Active Directory SChema'
Under attributes look for machineRole and change it so it is replicated to the Global Catalog and/or it is indexed
Honestly, I can't see why that would work because I can query other attributes that aren't relpicated/indexed,
but since this is a test environment, and if you feel comfortable doing so, you might as well give it a shot.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I think the correct name is machineRole - it errors if you give a field name that doesnt exist. And machine-role does raise an error.
In the AD Schema snap in, machineRole is there, Machine-Role is its display name/description. I added it to global catalog but script output is still the same
Perhaps there's some kind of bug in the ads provider. I haven't actually proved to myself that the Machine-Role or machineRole field actually contains the value - I've just seen "Machine Role" as a column header in search results and that was populated. Is there a way of inspecting all AD attributes using the MMC or other tools ?
thanks
In the AD Schema snap in, machineRole is there, Machine-Role is its display name/description. I added it to global catalog but script output is still the same
Perhaps there's some kind of bug in the ads provider. I haven't actually proved to myself that the Machine-Role or machineRole field actually contains the value - I've just seen "Machine Role" as a column header in search results and that was populated. Is there a way of inspecting all AD attributes using the MMC or other tools ?
thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I dont see any way forward with this. I will park it for now and update here if I find out a way of getting that data back.
add this code to what you posted and it will return what you want
'5 represents domain controller fsmo holder and 4 represents backup domain controller
'Since you only have 1 DC in your test environment you won't need the 4 part
Do While Not adoRecordset.EOF
strComputer = adoRecordset.Fields("name"
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("S
For Each objItem In colItems
If objItem.DomainRole = 5 Or objItem.DomainRole = 4 Then
MsgBox "Domain Controller"
Else
MsgBox "Workstation Or Server"
End If
Next
Loop