troubleshooting Question

VBS Script to extract users login script in Ad by AD group Membership

Avatar of The_Waltzing_Shark
The_Waltzing_Shark asked on
Windows Server 2003Active DirectoryVB Script
4 Comments1 Solution2020 ViewsLast Modified:

I have the following VBS script that someone posted on here a while back and would like to add a field that tell me what the login script is for each user of a certain group.
The script first asks for the AD group name then outputs their display name and Logon name to C:\  
I would like to add the users profile path and login script to this as the each user has their own login script for some reason.

The script is as below

'Script begins here
Dim objGroup, objUser, objFSO, objFile, strDomain, strGroup, Domain, Group
'Change DomainName to the name of the domain the group is In
'strDomain = Inputbox ("Enter the Domain name", "Data needed", "Default domain name")
'Change GroupName to the name of the group whose members you want to export
strGroup = InputBox ("Enter the Group name", "Data needed", "Default group name")
Set objFSO = CreateObject("Scripting.FileSystemObject")
'On the next line change the name and path of the file that export data will be written to.
Set objFile = objFSO.CreateTextFile("C:\" & strGroup & " - Members.txt")
strGroupDN = Get_LDAP_User_Properties("group", "name", strGroup, "distinguishedName")
If InStr(UCase(strGroupDN), "CN=") > 0 Then
      'Set objGroup = GetObject("WinNT://" & strDomain & "/" & strGroup & ",group")
      Set objGroup = GetObject("LDAP://" & strGroupDN)
      For Each objUser In objGroup.Members
'          objFile.WriteLine objUser.Name & " - " & objUser.Class
          objFile.WriteLine "Display Name: " & objUser.DisplayName
            objFile.WriteLine "Logon Name: " & objUser.sAMAccountname
'            objFile.WriteLine "Title: " & objUser.Title
'            objFile.WriteLine "Department: " & objUser.Department
'            objFile.WriteLine "Company: " & objUser.Company
'            objFile.WriteLine "Telephone: " & objUser.TelephoneNumber
'            objFile.WriteLine "Office " & objUser.physicalDeliveryOfficeName
'            objFile.WriteLine "EMail: " & objUser.mail
            objFile.WriteLine ""
      Set objFile = Nothing
      Set objFSO = Nothing
      Set objUser = Nothing
      Set objGroup = Nothing
      WScript.Echo "Could not find distinguished name for " & strGroup
End If
Wscript.Echo "Done"
Wscript.Echo "Please check the c: for your output file"
Function Get_LDAP_User_Properties(strObjectType, strSearchField, strObjectToGet, strCommaDelimProps)
      ' This is a custom function that connects to the Active Directory, and returns the specific
      ' Active Directory attribute value, of a specific Object.
      ' strObjectType: usually "User" or "Computer"
      ' strSearchField: the field by which to seach the AD by. This acts like an SQL Query's WHERE clause.
      '                        It filters the results by the value of strObjectToGet
      ' strObjectToGet: the value by which the results are filtered by, according the strSearchField.
      '                        For example, if you are searching based on the user account name, strSearchField
      '                        would be "samAccountName", and strObjectToGet would be that speicific account name,
      '                        such as "jsmith".  This equates to "WHERE 'samAccountName' = 'jsmith'"
      '      strCommaDelimProps: the field from the object to actually return.  For example, if you wanted
      '                        the home folder path, as defined by the AD, for a specific user, this would be
      '                        "homeDirectory".  If you want to return the ADsPath so that you can bind to that
      '                        user and get your own parameters from them, then use "ADsPath" as a return string,
      '                        then bind to the user: Set objUser = GetObject("LDAP://" & strReturnADsPath)
      ' Now we're checking if the user account passed may have a domain already specified,
      ' in which case we connect to that domain in AD, instead of the default one.
      If InStr(strObjectToGet, "\") > 0 Then
            arrGroupBits = Split(strObjectToGet, "\")
            strDC = arrGroupBits(0)
            strDNSDomain = strDC & "/" & "DC=" & Replace(Mid(strDC, InStr(strDC, ".") + 1), ".", ",DC=")
            strObjectToGet = arrGroupBits(1)
      ' Otherwise we just connect to the default domain
            Set objRootDSE = GetObject("LDAP://RootDSE")
            strDNSDomain = objRootDSE.Get("defaultNamingContext")
      End If
      strBase = "<LDAP://" & strDNSDomain & ">"
      ' Setup ADO objects.
      Set adoCommand = CreateObject("ADODB.Command")
      Set adoConnection = CreateObject("ADODB.Connection")
      adoConnection.Provider = "ADsDSOObject"
      adoConnection.Open "Active Directory Provider"
      adoCommand.ActiveConnection = adoConnection
      ' Filter on user objects.
      'strFilter = "(&(objectCategory=person)(objectClass=user))"
      strFilter = "(&(objectClass=" & strObjectType & ")(" & strSearchField & "=" & strObjectToGet & "))"
      ' Comma delimited list of attribute values to retrieve.
      strAttributes = strCommaDelimProps
      arrProperties = Split(strCommaDelimProps, ",")
      ' Construct the LDAP syntax query.
      strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
      'InputBox "Prompt", "Title", strQuery
      adoCommand.CommandText = strQuery
      ' Define the maximum records to return
      adoCommand.Properties("Page Size") = 100
      adoCommand.Properties("Timeout") = 30
      adoCommand.Properties("Cache Results") = False
      ' Run the query.
      Set adoRecordset = adoCommand.Execute
      ' Enumerate the resulting recordset.
      strReturnVal = ""
      Do Until adoRecordset.EOF
          ' Retrieve values and display.    
          For intCount = LBound(arrProperties) To UBound(arrProperties)
                If strReturnVal = "" Then
                      strReturnVal = adoRecordset.Fields(intCount).Value
                      strReturnVal = strReturnVal & VbCrLf & adoRecordset.Fields(intCount).Value
                End If
          ' Move to the next record in the recordset.
      ' Clean up.
      Get_LDAP_User_Properties = strReturnVal
End Function

Thanks in advance
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 4 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 4 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros