Solved

VB LDAP to get a users "member of" groups, within AD

Posted on 2008-09-29
1
5,614 Views
Last Modified: 2012-05-05
HI all,
im working on a script and part of it is to find out the total number of groups a user is a member of, what that group is and what the descript of that group is.

I can count the groups (foundPerm) and also write these groups to an array (arrNames), however i have the following 2 questions:
1) is there a quicker way to do this?
2) How do i get a list in another array (arrNames1), which shows the groups description?

Thanks
''    Const ADS_SCOPE_SUBTREE = 2

''        objConnection.Provider = "ADsDSOObject"

''        objConnection.Open "Active Directory Provider"

''    Set objCommand.ActiveConnection = objConnection

''        objCommand.Properties("Page Size") = 1000

''        objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

''    On Error Resume Next

''    Set oRoot = GetObject("LDAP://RootDSE")

''    strDomain = oRoot.Get("DefaultNamingContext")

    

''    objCommand.CommandText = _

''        "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='user' " & _

''        "AND cn='" & userGBID & "'"

''

''    Set objRecordset = objCommand.Execute

''

''    objRecordset.MoveFirst

''        Do Until objRecordset.EOF

''            result = (objRecordset.Fields("distinguishedName").Value)

''            objRecordset.MoveNext

''        Loop

''

''    Result4 = Right(result, (Len(result)) - (InStr(1, result, ",")))

''

''    strUserName = "Cn=" & userGBID & ", " & Result4 & ""

''    strUserPath = "LDAP://" & strUserName

''    Set objUser = GetObject(strUserPath)

''    intsize = 0

''    foundPerm = 0

''    For Each strGroup In objUser.memberof

''        foundPerm = foundPerm + 1 '<---- number of groups a user is member of

''        strGroupPath = "LDAP://" & strGroup

''        ReDim Preserve arrNames(intsize)

''        Set objGroup = GetObject(strGroupPath)

''        strGroup = Split(strGroup, ",OU=")

''        strGroup = Split(strGroup(0), "CN=")

''        arrNames(intsize) = Trim(strGroup(1)) '<--- array where these groups are saved

''        'arrDescription (intsize)

''        intsize = intsize + 1

''    Next

''    intRow = 1

Open in new window

0
Comment
Question by:jamiepryer
1 Comment
 
LVL 65

Accepted Solution

by:
RobSampson earned 500 total points
Comment Utility
Hi, here's a completely different approach.....

Regards,

Rob.
If LCase(Right(Wscript.FullName, 11)) = "wscript.exe" Then

    strPath = Wscript.ScriptFullName

    strCommand = "%comspec% /k cscript  """ & strPath & """"

    Set objShell = CreateObject("Wscript.Shell")

    objShell.Run(strCommand), 1, True

    Wscript.Quit

End If
 

Const ADS_SCOPE_SUBTREE = 2
 

Set objConnection = CreateObject("ADODB.Connection")

Set objCommand =   CreateObject("ADODB.Command")

objConnection.Provider = "ADsDSOObject"

objConnection.Open "Active Directory Provider"

Set objCommand.ActiveConnection = objConnection
 

objCommand.Properties("Page Size") = 1000

objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 
 

Set objRootDSE = GetObject("LDAP://RootDSE")

strDomain = objRootDSE.get("defaultNamingContext")
 

objCommand.CommandText = _

    "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='user' AND objectClass='person'"

Set objRecordSet = objCommand.Execute
 

strResults = """distinguishedName"",""Group name"",""Group Description"""
 

If Not objRecordSet.EOF Then

	objRecordSet.MoveFirst

	Do Until objRecordSet.EOF

		WScript.Echo "Enumerating " & objRecordSet.Fields("distinguishedName").Value

		Set objUser = GetObject("LDAP://" & objRecordSet.Fields("distinguishedName").Value)

		Set colGroups = objUser.Groups

		strResults = strResults & VbCrLf & """" & objUser.distinguishedName & """"

		For Each objGroup In colGroups

			strGroupName = objGroup.CN

			strDescription = objGroup.Description

			strResults = strResults & VbCrLf & """"",""" & strGroupName & """,""" & strDescription & """"

		Next

		objRecordSet.MoveNext

	Loop

End If
 

Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objOutputFile = objFSO.CreateTextFile("Results.csv", True)

objOutputFile.Write strResults

objOutputFile.Close

MsgBox "Done"

Open in new window

0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Introduction During my participation as a VBScript contributor at Experts Exchange, one of the most common questions I come across is this: "I have a script that runs against only one computer. How can I make it run against a list of computers in …
This script will sweep a range of IP addresses (class c only, 255.255.255.0) and report to a log the version of office installed. What it does: 1.)      Creates log file in the directory the script is run from (if it doesn't already exist) 2.)      Sweep…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now