Query AD for TerminalServicesProfilePath

Posted on 2009-05-07
Last Modified: 2013-12-24

I found a script that will allow me to delete the terminal services profile path for a user and replace it with a path that is located in an excel spreadsheet. (SCRIPT 1 below)

What I want to do first is get a list of users and their current terminal services profile path.  I found a script that works for profile path, home directory, etc, but not terminalservicesprofilepath. (SCRIPT 2 below)

I just figure that if I can delete and replace the attribute, I should be able to query it too and export the results to a file.  I tried csvde and ldifde and neither of those gather that attribute.

Thanks for any help,
(SCRIPT 1)***********************************************

' UpdateUserProfile2.vbs

' VBScript program to update the terminalServicesprofilePath attribute of user objects

' according to the information in a spreadsheet.


' ----------------------------------------------------------------------

' Copyright (c) 2004 Richard L. Mueller

' Hilltop Lab web site -

' Version 1.0 - January 13, 2004

' Version 1.1 - January 25, 2004 - Modify error trapping.

' Version 1.2 - March 18, 2004 - Modify NameTranslate constants.

' Version 1.3 - July 30, 2007 - Escape any "/" characters in User DN's.


' The input spreadsheet is a list of the NT logon name of each user

' whose terminalServicesprofilePath attribute will be updated, one name per row. The

' user names are in the first column. The value to be assigned to the

' terminalServicesprofilePath attribute is in the second column. The first row is

' skipped. The program processes each row until a blank entry is

' encountered in the first column. If the entry in the second column is

' the special value ".delete", the program will clear the terminalServicesprofilePath

' attribute for that user. The program uses the NameTranslate object to

' convert the  NT name of the user (the sAMAccountName attribute) to the

' Distinguished Name required to bind to the user object with the LDAP

' provider.


' You have a royalty-free right to use, modify, reproduce, and

' distribute this script file in any way you find useful, provided that

' you agree that the copyright owner above has no warranty, obligations,

' or liability for such use.

Option Explicit




Const ADS_NAME_TYPE_1779 = 1

Dim strExcelPath, objExcel, objSheet, intRow, strUserDN, strterminalServicesprofilePath

Dim objUser, strUserNTName

Dim objRootDSE, strDNSDomain, objTrans, strNetBIOSDomain

' Check for required arguments.

If (Wscript.Arguments.Count < 1) Then

    Wscript.Echo "Argument <SpreadsheetName> required. For example:" _

        & vbCrLf _

        & "cscript UpdateUserProfile2.vbs c:\UserList.xls"


End If

' Spreadsheet file.

strExcelPath = Wscript.Arguments(0)

' Bind to Excel object.

On Error Resume Next

Set objExcel = CreateObject("Excel.Application")

If (Err.Number <> 0) Then

    On Error GoTo 0

    Wscript.Echo "Excel application not found."


End If

On Error GoTo 0

' Open spreadsheet.

On Error Resume Next

objExcel.Workbooks.Open strExcelPath

If (Err.Number <> 0) Then

    On Error GoTo 0

    Wscript.Echo "Spreadsheet cannot be opened: " & strExcelPath


End If

On Error GoTo 0

' Bind to worksheet.

Set objSheet = objExcel.ActiveWorkbook.Worksheets(1)

' Determine DNS domain name from RootDSE object.

Set objRootDSE = GetObject("LDAP://RootDSE")

strDNSDomain = objRootDSE.Get("defaultNamingContext")

' Use the NameTranslate object to find the NetBIOS domain name

' from the DNS domain name.

Set objTrans = CreateObject("NameTranslate")

objTrans.Init ADS_NAME_INITTYPE_GC, ""

objTrans.Set ADS_NAME_TYPE_1779, strDNSDomain

strNetBIOSDomain = objTrans.Get(ADS_NAME_TYPE_NT4)

' Remove trailing backslash.

strNetBIOSDomain = Left(strNetBIOSDomain, _

    Len(strNetBIOSDomain) - 1)

' The first row of the spreadsheet is skipped (column headings). Each

' row after the first is processed until the first blank entry in the

' first column is encountered. The first column is the NT user name of

' the user, the second column is the new terminalServicesprofilePath. The loop binds to

' each user object and assigns the new value for the attribute. intRow

' is the row number of the spreadsheet.

' Use the NameTranslate object to convert the NT user names

' to the Distinguished Name required for the LDAP provider.

intRow = 2

Do While objSheet.Cells(intRow, 1).Value <> ""

    strUserNTName = Trim(objSheet.Cells(intRow, 1).Value)

    ' Use NameTranslate to convert NT name to Distinguished Name.

    On Error Resume Next

    objTrans.Set ADS_NAME_TYPE_NT4, strNetBIOSDomain & "\" & strUserNTName

    If (Err.Number <> 0) Then

        On Error GoTo 0

        Wscript.Echo "User " & strUserNTName _

            & " not found in Active Directory"

    End If

    On Error GoTo 0

    strUserDN = objTrans.Get(ADS_NAME_TYPE_1779)

    ' Escape any forward slash characters, "/", with the backslash

    ' escape character. All other characters that should be escaped are.

    strUserDN = Replace(strUserDN, "/", "\/")

    strterminalServicesprofilePath = Trim(objSheet.Cells(intRow, 2).Value)

    If (strterminalServicesprofilePath <> "") Then

        On Error Resume Next

        Set objUser = GetObject("LDAP://" & strUserDN)

        If (Err.Number <> 0) Then

            On Error GoTo 0

            Wscript.Echo "User NOT found " & strUserDN


            On Error GoTo 0

            If (LCase(strterminalServicesprofilePath) = ".delete") Then

                On Error Resume Next

                objUser.PutEx ADS_PROPERTY_CLEAR, "terminalServicesprofilePath", 0


                If (Err.Number <> 0) Then

                    On Error GoTo 0

                    Wscript.Echo "Unable to clear terminalServicesprofilePath for user " _

                        & strUserDN

                End If

                On Error GoTo 0


                objUser.terminalServicesprofilePath = strterminalServicesprofilePath

                On Error Resume Next


                If (Err.Number <> 0) Then

                    On Error GoTo 0

                    Wscript.Echo "Unable to set terminalServicesprofilePath for user " _

                        & strUserDN

                End If

                On Error GoTo 0

            End If

        End If

    End If

    intRow = intRow + 1


' Close the workbook.


' Quit Excel.


' Clean up.

Set objUser = Nothing

Set objExcel = Nothing

Set objSheet = Nothing

Set objRootDSE = Nothing

Set objTrans = Nothing

Wscript.Echo "Done"

(SCRIPT 2)***********************************************

On Error Resume Next




Set objConnection = CreateObject("ADODB.Connection")

Set objCommand =   CreateObject("ADODB.Command")

objConnection.Provider = "ADsDSOObject"

objConnection.Open "Active Directory Provider"

Set objCommand.ActiveConnection = objConnection


Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objTextFile = objFSO.OpenTextFile("c:\OUUserlist.txt", 8, True)


objCommand.Properties("Page Size") = 1000

objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 


objCommand.CommandText = _

    "SELECT Name,homedirectory,ProfilePath FROM 'LDAP://OU=ABCD Users,DC=abcd,DC=org' WHERE objectCategory='user'"  

Set objRecordSet = objCommand.Execute





Do Until objRecordSet.EOF

	ObjTextFile.writeline  objRecordSet.Fields("Name").Value & vbTab & objRecordSet.Fields("profilePath").Value 





ObjTextfile.WriteLine("Total Records found:" & objRecordset.RecordCount)



Open in new window

Question by:Bonnie_K
  • 2
LVL 12

Accepted Solution

zoofan earned 500 total points
ID: 24328739
The below script will return the terminal services profile path for each user.

I too had trouble returning the value in a query but found this one and it worked.

edit line 10 for ou path


source from

Option Explicit

Dim objCommand, objConnection, strBase, strFilter, strAttributes, objUser

Dim strQuery, objRecordset, strdistinguishedName, strTSPath, strCN

Set objCommand = CreateObject("ADODB.Command")

Set objConnection = CreateObject("ADODB.Connection")

objConnection.Provider = "ADsDSOObject"

objConnection.Open "Active Directory Provider"

objCommand.ActiveConnection = objConnection

'...set the base DN

strBase = "<LDAP://OU=users,DC=domain,DC=com>"

strFilter = "(&(objectCategory=person)(objectClass=user))"

strAttributes = "sAMAccountName,cn,distinguishedName"

strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"

objCommand.CommandText = strQuery

objCommand.Properties("Page Size") = 1000

objCommand.Properties("Timeout") = 30

objCommand.Properties("Cache Results") = False

Set objRecordSet = objCommand.Execute


Do Until objRecordSet.EOF

  strdistinguishedName = objRecordSet.Fields("distinguishedName").Value

  Set objUser = GetObject("LDAP://" & strdistinguishedName)

  On error resume next

  Wscript.Echo & "," & objUser.sAMAccountName _

  & "," & objUser.TerminalServicesProfilePath & "," & objUser.profilePath _

  & "," & objUser.homeDirectory & "," &objUser.ScriptPath




Open in new window


Author Closing Comment

ID: 31579117
Thanks Zoofan - works great!
LVL 12

Expert Comment

ID: 24329004
Glad to help,

thanks for the points ;-)


Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now