Solved

Add exportation of "managed by" to an exsisting script that export the security groups.

Posted on 2009-05-14
4
533 Views
Last Modified: 2012-05-07
Hi,
I have the below attached VBSCRIPT that reads from a txt file UNC paths.
It exports all the security groups listed in each UNC path.
i was wondering if there's any way that the script can also export the "managed by" tab of each security group. (Excluding several build in groups like domain\domain admins, administrators, everyone...)

(the script uses showacls.exe found from Win 2003 Server Resource kit)
 

 

Const ForReading = 1

 

strList = "c:\list.txt"

strLog = "c:\log.txt"

strFile = "c:\showacls.exe"

  

Set objfso = CreateObject("Scripting.FileSystemObject")

Set objshell = CreateObject("wscript.shell")

Set objlist = objfso.OpenTextFile(strList, ForReading)

Set objlog = objfso.CreateTextFile(strLog, True)

 

Do Until objlist.AtEndOfStream

strPath = objlist.ReadLine

strTemp = Replace(strPath, "\\","")

strHost = Split(strTemp, "\")

If Reachable(strHost(0)) then

cmd = strFile & "  " & strPath

Set objexec = objshell.Exec(cmd)

objlog.WriteLine "ACLS For " & strPath

objlog.WriteLine "-----------------------"

objlog.WriteLine objexec.StdOut.ReadAll & vbCrLf

Else

objlog.WriteLine strHost(0) & " Isn't Reachable" & vbCrLf

End if

Loop

 

MsgBox "Script finished." & vbNewLine & "Please see: " & strLog

 

Function Reachable(strComputer)

 

 strCmd = "ping -n 1 " & strComputer

 

 Set objShell = CreateObject("WScript.Shell")

 Set objExec = objShell.Exec(strCmd)

 strTemp = UCase(objExec.StdOut.ReadAll)

 

 If InStr(strTemp, "REPLY FROM") Then

 Reachable = True 

 Else

 Reachable = False

 End If

End Function

Open in new window

0
Comment
Question by:johnnyjonathan
  • 3
4 Comments
 
LVL 65

Accepted Solution

by:
RobSampson earned 500 total points
ID: 24408625
Hi Jonathon....I've changed a bit of the code, but that was required to obtain the group name, and try to get the ManagedBy attribute.

This should work.

Regards,

Rob.
 

 

Const ForReading = 1

 

'strList = "c:\list.txt"

'strLog = "c:\log.txt"

'strFile = "c:\showacls.exe"

 

 

strList = "list.txt"

strLog = "log.txt"

strFile = "c:\program files\resource kit\showacls.exe"

 

 

  

Set objfso = CreateObject("Scripting.FileSystemObject")

strFile = objfso.GetFile(strFile).ShortPath

Set objshell = CreateObject("wscript.shell")

Set objlist = objfso.OpenTextFile(strList, ForReading)

Set objlog = objfso.CreateTextFile(strLog, True)

 

Do Until objlist.AtEndOfStream

strPath = objlist.ReadLine

strTemp = Replace(strPath, "\\","")

strHost = Split(strTemp, "\")

If Reachable(strHost(0)) then

cmd = strFile & "  " & strPath

Set objexec = objshell.Exec(cmd)

objlog.WriteLine "ACLS For " & strPath

objlog.WriteLine "-----------------------"

While Not objExec.StdOut.AtEndOfStream

	strLine = Trim(objexec.StdOut.ReadLine)

	If strLine <> "" Then

		strLine = Replace(strLine, vbTab, "")

		If InStr(strLine, "(DENIED)") > 0 Then

			strUser = Trim(Left(strLine, InStr(strLine, "(DENIED)") - 1))

			strDetail = Trim(Mid(strLine, InStr(strLine, "(DENIED)")))

		Else

			strUser = Trim(Left(strLine, 26))

			strDetail = Trim(Mid(strLine, 27))

		End If

		If InStr(strUser, "\") > 0 Then

			strDomain = Split(strUser, "\")(0)

			strGroup = Split(strUser, "\")(1)

			If UCase(strDomain) <> "BUILTIN" And UCase(strDomain) <> "NT AUTHORITY" Then

				strGroupDN = ""

				strGroupDN = Get_LDAP_User_Properties("group", "cn", strGroup, "distinguishedName")

				If strGroupDN <> "" Then

					Set objGroup = GetObject("LDAP://" & strGroupDN)

					strManagedBy = objGroup.ManagedBy

					Set objGroup = Nothing

					If strManagedBy = "" Then strManagedBy = "<EMPTY>"

				Else

					strManagedBy = "<UNKNOWN>"

				End If

			Else

				strManagedBy = "<LOCAL>"

			End If

		End If

		objlog.WriteLine strUser & "," & strDetail & "," & strManagedBy

	End If

Wend

Else

objlog.WriteLine strHost(0) & " Isn't Reachable" & vbCrLf

End if

Loop

 

MsgBox "Script finished." & vbNewLine & "Please see: " & strLog

 

Function Reachable(strComputer)

 

 strCmd = "ping -n 1 " & strComputer

 

 Set objShell = CreateObject("WScript.Shell")

 Set objExec = objShell.Exec(strCmd)

 strTemp = UCase(objExec.StdOut.ReadAll)

 

 If InStr(strTemp, "REPLY FROM") Then

 Reachable = True 

 Else

 Reachable = False

 End If

End Function

 

Function Get_LDAP_User_Properties(strObjectType, strSearchField, strObjectToGet, strCommaDelimProps)

      

      ' This is a custom function that connects to the Active Directory, and returns the specific

      ' Active Directory attribute value, of a specific Object.

      ' strObjectType: usually "User" or "Computer"

      ' strSearchField: the field by which to seach the AD by. This acts like an SQL Query's WHERE clause.

      '				It filters the results by the value of strObjectToGet

      ' strObjectToGet: the value by which the results are filtered by, according the strSearchField.

      '				For example, if you are searching based on the user account name, strSearchField

      '				would be "samAccountName", and strObjectToGet would be that speicific account name,

      '				such as "jsmith".  This equates to "WHERE 'samAccountName' = 'jsmith'"

      '	strCommaDelimProps: the field from the object to actually return.  For example, if you wanted

      '				the home folder path, as defined by the AD, for a specific user, this would be

      '				"homeDirectory".  If you want to return the ADsPath so that you can bind to that

      '				user and get your own parameters from them, then use "ADsPath" as a return string,

      '				then bind to the user: Set objUser = GetObject("LDAP://" & strReturnADsPath)

      

      ' Now we're checking if the user account passed may have a domain already specified,

      ' in which case we connect to that domain in AD, instead of the default one.

      If InStr(strObjectToGet, "\") > 0 Then

            arrGroupBits = Split(strObjectToGet, "\")

            strDC = arrGroupBits(0)

            strDNSDomain = strDC & "/" & "DC=" & Replace(Mid(strDC, InStr(strDC, ".") + 1), ".", ",DC=")

            strObjectToGet = arrGroupBits(1)

      Else

      ' Otherwise we just connect to the default domain

            Set objRootDSE = GetObject("LDAP://RootDSE")

            strDNSDomain = objRootDSE.Get("defaultNamingContext")

      End If

 

      strBase = "<LDAP://" & strDNSDomain & ">"

      ' Setup ADO objects.

      Set adoCommand = CreateObject("ADODB.Command")

      Set adoConnection = CreateObject("ADODB.Connection")

      adoConnection.Provider = "ADsDSOObject"

      adoConnection.Open "Active Directory Provider"

      adoCommand.ActiveConnection = adoConnection

 

 

      ' Filter on user objects.

      'strFilter = "(&(objectCategory=person)(objectClass=user))"

      strFilter = "(&(objectClass=" & strObjectType & ")(" & strSearchField & "=" & strObjectToGet & "))"

 

      ' Comma delimited list of attribute values to retrieve.

      strAttributes = strCommaDelimProps

      arrProperties = Split(strCommaDelimProps, ",")

 

      ' Construct the LDAP syntax query.

      strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"

      adoCommand.CommandText = strQuery

      ' Define the maximum records to return

      adoCommand.Properties("Page Size") = 100

      adoCommand.Properties("Timeout") = 30

      adoCommand.Properties("Cache Results") = False

 

      ' Run the query.

      Set adoRecordset = adoCommand.Execute

      ' Enumerate the resulting recordset.

      strReturnVal = ""

      Do Until adoRecordset.EOF

          ' Retrieve values and display.    

          For intCount = LBound(arrProperties) To UBound(arrProperties)

                If strReturnVal = "" Then

                      strReturnVal = adoRecordset.Fields(intCount).Value

                Else

                      strReturnVal = strReturnVal & VbCrLf & adoRecordset.Fields(intCount).Value

                End If

          Next

          ' Move to the next record in the recordset.

          adoRecordset.MoveNext

      Loop

 

      ' Clean up.

      adoRecordset.Close

      adoConnection.Close

      Get_LDAP_User_Properties = strReturnVal

 

End Function

Open in new window

0
 
LVL 65

Expert Comment

by:RobSampson
ID: 24408628
Oh I left in my testing paramaters.  Delete these lines:
strList = "list.txt"
strLog = "log.txt"
strFile = "c:\program files\resource kit\showacls.exe"

and uncomment the ones above them.

Regards,

Rob.
0
 

Author Closing Comment

by:johnnyjonathan
ID: 31581456
As always, you are a true pro! thank you
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 24417249
Great! Glad it worked. Thanks for the grade.

Regards,

Rob.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome back!  My apologies for taking so long to write part two of this series; it's been a long time coming!  As I promised in Part 1, this article will focus on how to locate those elusive AD properties that you are searching for.  Why is this us…
Welcome, welcome!  If you are new to the series and haven't been following along, please take a brief moment to review the first three installments: Part 1 (http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/A_266-VBScri…
I designed this idea while studying technology in the classroom.  This is a semester long project.  Students are asked to take photographs on a specific topic which they find meaningful, it can be a place or situation such as travel or homelessness.…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now