Solved

VB LDAP to get a users "member of" groups, within AD

Posted on 2008-09-29
1
5,642 Views
Last Modified: 2012-05-05
HI all,
im working on a script and part of it is to find out the total number of groups a user is a member of, what that group is and what the descript of that group is.

I can count the groups (foundPerm) and also write these groups to an array (arrNames), however i have the following 2 questions:
1) is there a quicker way to do this?
2) How do i get a list in another array (arrNames1), which shows the groups description?

Thanks
''    Const ADS_SCOPE_SUBTREE = 2
''        objConnection.Provider = "ADsDSOObject"
''        objConnection.Open "Active Directory Provider"
''    Set objCommand.ActiveConnection = objConnection
''        objCommand.Properties("Page Size") = 1000
''        objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
''    On Error Resume Next
''    Set oRoot = GetObject("LDAP://RootDSE")
''    strDomain = oRoot.Get("DefaultNamingContext")
    
''    objCommand.CommandText = _
''        "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='user' " & _
''        "AND cn='" & userGBID & "'"
''
''    Set objRecordset = objCommand.Execute
''
''    objRecordset.MoveFirst
''        Do Until objRecordset.EOF
''            result = (objRecordset.Fields("distinguishedName").Value)
''            objRecordset.MoveNext
''        Loop
''
''    Result4 = Right(result, (Len(result)) - (InStr(1, result, ",")))
''
''    strUserName = "Cn=" & userGBID & ", " & Result4 & ""
''    strUserPath = "LDAP://" & strUserName
''    Set objUser = GetObject(strUserPath)
''    intsize = 0
''    foundPerm = 0
''    For Each strGroup In objUser.memberof
''        foundPerm = foundPerm + 1 '<---- number of groups a user is member of
''        strGroupPath = "LDAP://" & strGroup
''        ReDim Preserve arrNames(intsize)
''        Set objGroup = GetObject(strGroupPath)
''        strGroup = Split(strGroup, ",OU=")
''        strGroup = Split(strGroup(0), "CN=")
''        arrNames(intsize) = Trim(strGroup(1)) '<--- array where these groups are saved
''        'arrDescription (intsize)
''        intsize = intsize + 1
''    Next
''    intRow = 1

Open in new window

0
Comment
Question by:jamiepryer
1 Comment
 
LVL 65

Accepted Solution

by:
RobSampson earned 500 total points
ID: 22602971
Hi, here's a completely different approach.....

Regards,

Rob.
If LCase(Right(Wscript.FullName, 11)) = "wscript.exe" Then
    strPath = Wscript.ScriptFullName
    strCommand = "%comspec% /k cscript  """ & strPath & """"
    Set objShell = CreateObject("Wscript.Shell")
    objShell.Run(strCommand), 1, True
    Wscript.Quit
End If
 
Const ADS_SCOPE_SUBTREE = 2
 
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
 
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
 
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.get("defaultNamingContext")
 
objCommand.CommandText = _
    "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='user' AND objectClass='person'"
Set objRecordSet = objCommand.Execute
 
strResults = """distinguishedName"",""Group name"",""Group Description"""
 
If Not objRecordSet.EOF Then
	objRecordSet.MoveFirst
	Do Until objRecordSet.EOF
		WScript.Echo "Enumerating " & objRecordSet.Fields("distinguishedName").Value
		Set objUser = GetObject("LDAP://" & objRecordSet.Fields("distinguishedName").Value)
		Set colGroups = objUser.Groups
		strResults = strResults & VbCrLf & """" & objUser.distinguishedName & """"
		For Each objGroup In colGroups
			strGroupName = objGroup.CN
			strDescription = objGroup.Description
			strResults = strResults & VbCrLf & """"",""" & strGroupName & """,""" & strDescription & """"
		Next
		objRecordSet.MoveNext
	Loop
End If
 
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objOutputFile = objFSO.CreateTextFile("Results.csv", True)
objOutputFile.Write strResults
objOutputFile.Close
MsgBox "Done"

Open in new window

0

Featured Post

Courses: Start Training Online With Pros, Today

Brush up on the basics or master the advanced techniques required to earn essential industry certifications, with Courses. Enroll in a course and start learning today. Training topics range from Android App Dev to the Xen Virtualization Platform.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this article we want to have a look at the directory attributes which are used by Microsoft to store the so called Security Identifiers (SID). These SIDs plays an important role in delegating and granting permissions and in authentication of trus…
Welcome back!  My apologies for taking so long to write part two of this series; it's been a long time coming!  As I promised in Part 1, this article will focus on how to locate those elusive AD properties that you are searching for.  Why is this us…
Along with being a a promotional video for my three-day Annielytics Dashboard Seminor, this Micro Tutorial is an intro to Google Analytics API data.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

815 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now