Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Add exportation of "managed by" to an exsisting script that export the security groups.

Posted on 2009-05-14
4
Medium Priority
?
540 Views
Last Modified: 2012-05-07
Hi,
I have the below attached VBSCRIPT that reads from a txt file UNC paths.
It exports all the security groups listed in each UNC path.
i was wondering if there's any way that the script can also export the "managed by" tab of each security group. (Excluding several build in groups like domain\domain admins, administrators, everyone...)

(the script uses showacls.exe found from Win 2003 Server Resource kit)
 
 
Const ForReading = 1
 
strList = "c:\list.txt"
strLog = "c:\log.txt"
strFile = "c:\showacls.exe"
  
Set objfso = CreateObject("Scripting.FileSystemObject")
Set objshell = CreateObject("wscript.shell")
Set objlist = objfso.OpenTextFile(strList, ForReading)
Set objlog = objfso.CreateTextFile(strLog, True)
 
Do Until objlist.AtEndOfStream
strPath = objlist.ReadLine
strTemp = Replace(strPath, "\\","")
strHost = Split(strTemp, "\")
If Reachable(strHost(0)) then
cmd = strFile & "  " & strPath
Set objexec = objshell.Exec(cmd)
objlog.WriteLine "ACLS For " & strPath
objlog.WriteLine "-----------------------"
objlog.WriteLine objexec.StdOut.ReadAll & vbCrLf
Else
objlog.WriteLine strHost(0) & " Isn't Reachable" & vbCrLf
End if
Loop
 
MsgBox "Script finished." & vbNewLine & "Please see: " & strLog
 
Function Reachable(strComputer)
 
 strCmd = "ping -n 1 " & strComputer
 
 Set objShell = CreateObject("WScript.Shell")
 Set objExec = objShell.Exec(strCmd)
 strTemp = UCase(objExec.StdOut.ReadAll)
 
 If InStr(strTemp, "REPLY FROM") Then
 Reachable = True 
 Else
 Reachable = False
 End If
End Function

Open in new window

0
Comment
Question by:johnnyjonathan
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 65

Accepted Solution

by:
RobSampson earned 2000 total points
ID: 24408625
Hi Jonathon....I've changed a bit of the code, but that was required to obtain the group name, and try to get the ManagedBy attribute.

This should work.

Regards,

Rob.
 
 
Const ForReading = 1
 
'strList = "c:\list.txt"
'strLog = "c:\log.txt"
'strFile = "c:\showacls.exe"
 
 
strList = "list.txt"
strLog = "log.txt"
strFile = "c:\program files\resource kit\showacls.exe"
 
 
  
Set objfso = CreateObject("Scripting.FileSystemObject")
strFile = objfso.GetFile(strFile).ShortPath
Set objshell = CreateObject("wscript.shell")
Set objlist = objfso.OpenTextFile(strList, ForReading)
Set objlog = objfso.CreateTextFile(strLog, True)
 
Do Until objlist.AtEndOfStream
strPath = objlist.ReadLine
strTemp = Replace(strPath, "\\","")
strHost = Split(strTemp, "\")
If Reachable(strHost(0)) then
cmd = strFile & "  " & strPath
Set objexec = objshell.Exec(cmd)
objlog.WriteLine "ACLS For " & strPath
objlog.WriteLine "-----------------------"
While Not objExec.StdOut.AtEndOfStream
	strLine = Trim(objexec.StdOut.ReadLine)
	If strLine <> "" Then
		strLine = Replace(strLine, vbTab, "")
		If InStr(strLine, "(DENIED)") > 0 Then
			strUser = Trim(Left(strLine, InStr(strLine, "(DENIED)") - 1))
			strDetail = Trim(Mid(strLine, InStr(strLine, "(DENIED)")))
		Else
			strUser = Trim(Left(strLine, 26))
			strDetail = Trim(Mid(strLine, 27))
		End If
		If InStr(strUser, "\") > 0 Then
			strDomain = Split(strUser, "\")(0)
			strGroup = Split(strUser, "\")(1)
			If UCase(strDomain) <> "BUILTIN" And UCase(strDomain) <> "NT AUTHORITY" Then
				strGroupDN = ""
				strGroupDN = Get_LDAP_User_Properties("group", "cn", strGroup, "distinguishedName")
				If strGroupDN <> "" Then
					Set objGroup = GetObject("LDAP://" & strGroupDN)
					strManagedBy = objGroup.ManagedBy
					Set objGroup = Nothing
					If strManagedBy = "" Then strManagedBy = "<EMPTY>"
				Else
					strManagedBy = "<UNKNOWN>"
				End If
			Else
				strManagedBy = "<LOCAL>"
			End If
		End If
		objlog.WriteLine strUser & "," & strDetail & "," & strManagedBy
	End If
Wend
Else
objlog.WriteLine strHost(0) & " Isn't Reachable" & vbCrLf
End if
Loop
 
MsgBox "Script finished." & vbNewLine & "Please see: " & strLog
 
Function Reachable(strComputer)
 
 strCmd = "ping -n 1 " & strComputer
 
 Set objShell = CreateObject("WScript.Shell")
 Set objExec = objShell.Exec(strCmd)
 strTemp = UCase(objExec.StdOut.ReadAll)
 
 If InStr(strTemp, "REPLY FROM") Then
 Reachable = True 
 Else
 Reachable = False
 End If
End Function
 
Function Get_LDAP_User_Properties(strObjectType, strSearchField, strObjectToGet, strCommaDelimProps)
      
      ' This is a custom function that connects to the Active Directory, and returns the specific
      ' Active Directory attribute value, of a specific Object.
      ' strObjectType: usually "User" or "Computer"
      ' strSearchField: the field by which to seach the AD by. This acts like an SQL Query's WHERE clause.
      '				It filters the results by the value of strObjectToGet
      ' strObjectToGet: the value by which the results are filtered by, according the strSearchField.
      '				For example, if you are searching based on the user account name, strSearchField
      '				would be "samAccountName", and strObjectToGet would be that speicific account name,
      '				such as "jsmith".  This equates to "WHERE 'samAccountName' = 'jsmith'"
      '	strCommaDelimProps: the field from the object to actually return.  For example, if you wanted
      '				the home folder path, as defined by the AD, for a specific user, this would be
      '				"homeDirectory".  If you want to return the ADsPath so that you can bind to that
      '				user and get your own parameters from them, then use "ADsPath" as a return string,
      '				then bind to the user: Set objUser = GetObject("LDAP://" & strReturnADsPath)
      
      ' Now we're checking if the user account passed may have a domain already specified,
      ' in which case we connect to that domain in AD, instead of the default one.
      If InStr(strObjectToGet, "\") > 0 Then
            arrGroupBits = Split(strObjectToGet, "\")
            strDC = arrGroupBits(0)
            strDNSDomain = strDC & "/" & "DC=" & Replace(Mid(strDC, InStr(strDC, ".") + 1), ".", ",DC=")
            strObjectToGet = arrGroupBits(1)
      Else
      ' Otherwise we just connect to the default domain
            Set objRootDSE = GetObject("LDAP://RootDSE")
            strDNSDomain = objRootDSE.Get("defaultNamingContext")
      End If
 
      strBase = "<LDAP://" & strDNSDomain & ">"
      ' Setup ADO objects.
      Set adoCommand = CreateObject("ADODB.Command")
      Set adoConnection = CreateObject("ADODB.Connection")
      adoConnection.Provider = "ADsDSOObject"
      adoConnection.Open "Active Directory Provider"
      adoCommand.ActiveConnection = adoConnection
 
 
      ' Filter on user objects.
      'strFilter = "(&(objectCategory=person)(objectClass=user))"
      strFilter = "(&(objectClass=" & strObjectType & ")(" & strSearchField & "=" & strObjectToGet & "))"
 
      ' Comma delimited list of attribute values to retrieve.
      strAttributes = strCommaDelimProps
      arrProperties = Split(strCommaDelimProps, ",")
 
      ' Construct the LDAP syntax query.
      strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
      adoCommand.CommandText = strQuery
      ' Define the maximum records to return
      adoCommand.Properties("Page Size") = 100
      adoCommand.Properties("Timeout") = 30
      adoCommand.Properties("Cache Results") = False
 
      ' Run the query.
      Set adoRecordset = adoCommand.Execute
      ' Enumerate the resulting recordset.
      strReturnVal = ""
      Do Until adoRecordset.EOF
          ' Retrieve values and display.    
          For intCount = LBound(arrProperties) To UBound(arrProperties)
                If strReturnVal = "" Then
                      strReturnVal = adoRecordset.Fields(intCount).Value
                Else
                      strReturnVal = strReturnVal & VbCrLf & adoRecordset.Fields(intCount).Value
                End If
          Next
          ' Move to the next record in the recordset.
          adoRecordset.MoveNext
      Loop
 
      ' Clean up.
      adoRecordset.Close
      adoConnection.Close
      Get_LDAP_User_Properties = strReturnVal
 
End Function

Open in new window

0
 
LVL 65

Expert Comment

by:RobSampson
ID: 24408628
Oh I left in my testing paramaters.  Delete these lines:
strList = "list.txt"
strLog = "log.txt"
strFile = "c:\program files\resource kit\showacls.exe"

and uncomment the ones above them.

Regards,

Rob.
0
 

Author Closing Comment

by:johnnyjonathan
ID: 31581456
As always, you are a true pro! thank you
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 24417249
Great! Glad it worked. Thanks for the grade.

Regards,

Rob.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Hello again, all.  For those of you that have been following along, you'll know that this is my third article on this topic (though it is not Part III).  This article is sort of remedial, and probably the topic with which I should have started the s…
This script will sweep a range of IP addresses (class c only, 255.255.255.0) and report to a log the version of office installed. What it does: 1.)      Creates log file in the directory the script is run from (if it doesn't already exist) 2.)      Sweep…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question