Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 634
  • Last Modified:

ldap query to see which OU the user is in

Hi !
im currently auditing "user set to never expire" on my active directory users.
the notification is created once an event 624 is created on the dc with the never expire audit.

if this happens on a "generic" user (on our corperation) - it is fine.
a generic user is created in a certain OU.
since event 624 does not log the OU , i want to trigger an ldap query once a "user set to never expire trigger" occures .

how is it possible to do such thing (on a command line command) , and get a log back (so i can parse it back to the system and check if the user is in that certain OU or not..)

thanks
0
m0tek
Asked:
m0tek
  • 3
  • 2
1 Solution
 
yehudahaCommented:
what basicly do you want ,

query that will return all users ou with password never expire ?

vbscript solution will help you ?
0
 
m0tekAuthor Commented:
i would like to run a script / command with a user (script.bat username) and the following will return in which OU'S does this user exist , i need it returned into a textfile which i can later on read (a security information event management system will read it)
0
 
yehudahaCommented:
run from command line

scriptname username

the output will be in a txt file in the location you run the script
Set objnet = CreateObject("wscript.network")
Set objHash = CreateObject("Scripting.Dictionary")
Set objfso = CreateObject("scripting.filesystemobject")
 
strDomain = "LDAP://" & objnet.UserDomain
 
If WScript.Arguments.Count = 0 Then
WScript.Echo "usage: " & WScript.ScriptName & " UserName"
WScript.Quit
End if
Set objlog = objfso.CreateTextFile(".\log.txt",true)
objHash.Add "Password never expires", &h10000
 
Set objUser = GetObject _
 ("LDAP://" & FindUserPath(WScript.Arguments(0)))
intUAC = objUser.Get("userAccountControl")
 
For Each Key In objHash.Keys
 If objHash(Key) And intUAC Then
 objlog.WriteLine Key & " is enabled" & vbnewline & FindUserPath(WScript.Arguments(0)) & vbcrlf
 Else
 objlog.WriteLine Key & " is disabled" & vbnewline & FindUserPath(WScript.Arguments(0)) & vbcrlf
 End If
Next
 
Function FindUserPath(User)
                                                
        selectedProperties = "Distinguishedname"
                                                
        Set oCn = CreateObject("ADODB.Connection")
        Set oCmd = CreateObject("ADODB.Command")
        oCn.Provider = "ADsDSOObject"
        oCn.Open "Active Directory Provider"
        Set oCmd.ActiveConnection = oCn
        oCmd.Properties("Page Size") = 1000
        oCmd.Properties("Searchscope") = 2 
        oCmd.CommandText = "SELECT " & selectedProperties & " FROM '" & strDomain & "' WHERE objectCategory='user' AND samAccountName = '" & User & "'"
                                                
        Set oRS = oCmd.Execute
        Do Until oRS.EOF
                FindUserPath = oRS.Fields(selectedProperties).Value
                oRS.MoveNext
        Loop
End Function

Open in new window

0
 
m0tekAuthor Commented:
Good stuff ^^
0
 
yehudahaCommented:
Thanks
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now