Solved

Add exportation of "managed by" to an exsisting script that export the security groups.

Posted on 2009-05-14
4
532 Views
Last Modified: 2012-05-07
Hi,
I have the below attached VBSCRIPT that reads from a txt file UNC paths.
It exports all the security groups listed in each UNC path.
i was wondering if there's any way that the script can also export the "managed by" tab of each security group. (Excluding several build in groups like domain\domain admins, administrators, everyone...)

(the script uses showacls.exe found from Win 2003 Server Resource kit)
 

 

Const ForReading = 1

 

strList = "c:\list.txt"

strLog = "c:\log.txt"

strFile = "c:\showacls.exe"

  

Set objfso = CreateObject("Scripting.FileSystemObject")

Set objshell = CreateObject("wscript.shell")

Set objlist = objfso.OpenTextFile(strList, ForReading)

Set objlog = objfso.CreateTextFile(strLog, True)

 

Do Until objlist.AtEndOfStream

strPath = objlist.ReadLine

strTemp = Replace(strPath, "\\","")

strHost = Split(strTemp, "\")

If Reachable(strHost(0)) then

cmd = strFile & "  " & strPath

Set objexec = objshell.Exec(cmd)

objlog.WriteLine "ACLS For " & strPath

objlog.WriteLine "-----------------------"

objlog.WriteLine objexec.StdOut.ReadAll & vbCrLf

Else

objlog.WriteLine strHost(0) & " Isn't Reachable" & vbCrLf

End if

Loop

 

MsgBox "Script finished." & vbNewLine & "Please see: " & strLog

 

Function Reachable(strComputer)

 

 strCmd = "ping -n 1 " & strComputer

 

 Set objShell = CreateObject("WScript.Shell")

 Set objExec = objShell.Exec(strCmd)

 strTemp = UCase(objExec.StdOut.ReadAll)

 

 If InStr(strTemp, "REPLY FROM") Then

 Reachable = True 

 Else

 Reachable = False

 End If

End Function

Open in new window

0
Comment
Question by:johnnyjonathan
  • 3
4 Comments
 
LVL 65

Accepted Solution

by:
RobSampson earned 500 total points
Comment Utility
Hi Jonathon....I've changed a bit of the code, but that was required to obtain the group name, and try to get the ManagedBy attribute.

This should work.

Regards,

Rob.
 

 

Const ForReading = 1

 

'strList = "c:\list.txt"

'strLog = "c:\log.txt"

'strFile = "c:\showacls.exe"

 

 

strList = "list.txt"

strLog = "log.txt"

strFile = "c:\program files\resource kit\showacls.exe"

 

 

  

Set objfso = CreateObject("Scripting.FileSystemObject")

strFile = objfso.GetFile(strFile).ShortPath

Set objshell = CreateObject("wscript.shell")

Set objlist = objfso.OpenTextFile(strList, ForReading)

Set objlog = objfso.CreateTextFile(strLog, True)

 

Do Until objlist.AtEndOfStream

strPath = objlist.ReadLine

strTemp = Replace(strPath, "\\","")

strHost = Split(strTemp, "\")

If Reachable(strHost(0)) then

cmd = strFile & "  " & strPath

Set objexec = objshell.Exec(cmd)

objlog.WriteLine "ACLS For " & strPath

objlog.WriteLine "-----------------------"

While Not objExec.StdOut.AtEndOfStream

	strLine = Trim(objexec.StdOut.ReadLine)

	If strLine <> "" Then

		strLine = Replace(strLine, vbTab, "")

		If InStr(strLine, "(DENIED)") > 0 Then

			strUser = Trim(Left(strLine, InStr(strLine, "(DENIED)") - 1))

			strDetail = Trim(Mid(strLine, InStr(strLine, "(DENIED)")))

		Else

			strUser = Trim(Left(strLine, 26))

			strDetail = Trim(Mid(strLine, 27))

		End If

		If InStr(strUser, "\") > 0 Then

			strDomain = Split(strUser, "\")(0)

			strGroup = Split(strUser, "\")(1)

			If UCase(strDomain) <> "BUILTIN" And UCase(strDomain) <> "NT AUTHORITY" Then

				strGroupDN = ""

				strGroupDN = Get_LDAP_User_Properties("group", "cn", strGroup, "distinguishedName")

				If strGroupDN <> "" Then

					Set objGroup = GetObject("LDAP://" & strGroupDN)

					strManagedBy = objGroup.ManagedBy

					Set objGroup = Nothing

					If strManagedBy = "" Then strManagedBy = "<EMPTY>"

				Else

					strManagedBy = "<UNKNOWN>"

				End If

			Else

				strManagedBy = "<LOCAL>"

			End If

		End If

		objlog.WriteLine strUser & "," & strDetail & "," & strManagedBy

	End If

Wend

Else

objlog.WriteLine strHost(0) & " Isn't Reachable" & vbCrLf

End if

Loop

 

MsgBox "Script finished." & vbNewLine & "Please see: " & strLog

 

Function Reachable(strComputer)

 

 strCmd = "ping -n 1 " & strComputer

 

 Set objShell = CreateObject("WScript.Shell")

 Set objExec = objShell.Exec(strCmd)

 strTemp = UCase(objExec.StdOut.ReadAll)

 

 If InStr(strTemp, "REPLY FROM") Then

 Reachable = True 

 Else

 Reachable = False

 End If

End Function

 

Function Get_LDAP_User_Properties(strObjectType, strSearchField, strObjectToGet, strCommaDelimProps)

      

      ' This is a custom function that connects to the Active Directory, and returns the specific

      ' Active Directory attribute value, of a specific Object.

      ' strObjectType: usually "User" or "Computer"

      ' strSearchField: the field by which to seach the AD by. This acts like an SQL Query's WHERE clause.

      '				It filters the results by the value of strObjectToGet

      ' strObjectToGet: the value by which the results are filtered by, according the strSearchField.

      '				For example, if you are searching based on the user account name, strSearchField

      '				would be "samAccountName", and strObjectToGet would be that speicific account name,

      '				such as "jsmith".  This equates to "WHERE 'samAccountName' = 'jsmith'"

      '	strCommaDelimProps: the field from the object to actually return.  For example, if you wanted

      '				the home folder path, as defined by the AD, for a specific user, this would be

      '				"homeDirectory".  If you want to return the ADsPath so that you can bind to that

      '				user and get your own parameters from them, then use "ADsPath" as a return string,

      '				then bind to the user: Set objUser = GetObject("LDAP://" & strReturnADsPath)

      

      ' Now we're checking if the user account passed may have a domain already specified,

      ' in which case we connect to that domain in AD, instead of the default one.

      If InStr(strObjectToGet, "\") > 0 Then

            arrGroupBits = Split(strObjectToGet, "\")

            strDC = arrGroupBits(0)

            strDNSDomain = strDC & "/" & "DC=" & Replace(Mid(strDC, InStr(strDC, ".") + 1), ".", ",DC=")

            strObjectToGet = arrGroupBits(1)

      Else

      ' Otherwise we just connect to the default domain

            Set objRootDSE = GetObject("LDAP://RootDSE")

            strDNSDomain = objRootDSE.Get("defaultNamingContext")

      End If

 

      strBase = "<LDAP://" & strDNSDomain & ">"

      ' Setup ADO objects.

      Set adoCommand = CreateObject("ADODB.Command")

      Set adoConnection = CreateObject("ADODB.Connection")

      adoConnection.Provider = "ADsDSOObject"

      adoConnection.Open "Active Directory Provider"

      adoCommand.ActiveConnection = adoConnection

 

 

      ' Filter on user objects.

      'strFilter = "(&(objectCategory=person)(objectClass=user))"

      strFilter = "(&(objectClass=" & strObjectType & ")(" & strSearchField & "=" & strObjectToGet & "))"

 

      ' Comma delimited list of attribute values to retrieve.

      strAttributes = strCommaDelimProps

      arrProperties = Split(strCommaDelimProps, ",")

 

      ' Construct the LDAP syntax query.

      strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"

      adoCommand.CommandText = strQuery

      ' Define the maximum records to return

      adoCommand.Properties("Page Size") = 100

      adoCommand.Properties("Timeout") = 30

      adoCommand.Properties("Cache Results") = False

 

      ' Run the query.

      Set adoRecordset = adoCommand.Execute

      ' Enumerate the resulting recordset.

      strReturnVal = ""

      Do Until adoRecordset.EOF

          ' Retrieve values and display.    

          For intCount = LBound(arrProperties) To UBound(arrProperties)

                If strReturnVal = "" Then

                      strReturnVal = adoRecordset.Fields(intCount).Value

                Else

                      strReturnVal = strReturnVal & VbCrLf & adoRecordset.Fields(intCount).Value

                End If

          Next

          ' Move to the next record in the recordset.

          adoRecordset.MoveNext

      Loop

 

      ' Clean up.

      adoRecordset.Close

      adoConnection.Close

      Get_LDAP_User_Properties = strReturnVal

 

End Function

Open in new window

0
 
LVL 65

Expert Comment

by:RobSampson
Comment Utility
Oh I left in my testing paramaters.  Delete these lines:
strList = "list.txt"
strLog = "log.txt"
strFile = "c:\program files\resource kit\showacls.exe"

and uncomment the ones above them.

Regards,

Rob.
0
 

Author Closing Comment

by:johnnyjonathan
Comment Utility
As always, you are a true pro! thank you
0
 
LVL 65

Expert Comment

by:RobSampson
Comment Utility
Great! Glad it worked. Thanks for the grade.

Regards,

Rob.
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

This is an addendum to the following article: Acitve Directory based Outlook Signature (http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_24950055.html) The script is fine, and works in normal client-server domains…
This script will sweep a range of IP addresses (class c only, 255.255.255.0) and report to a log the version of office installed. What it does: 1.)      Creates log file in the directory the script is run from (if it doesn't already exist) 2.)      Sweep…
This video discusses moving either the default database or any database to a new volume.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now