Solved

How to list all AD Users with emailaddress over all domains

Posted on 2009-07-10
3
224 Views
Last Modified: 2012-05-07
Hello,

my problem is, that I have to create a list with all Active Directory users over all domains with a specific email domain e.g. "@xy.de". When I ask the Global Catalog I it works good, but what informations are missing in the GC? When I perform a normal LDAP search, I get only the entries in the local AD domain partition.

So I think the best way would be a LDAP search including all child domains.

This is my first question here, so please advise me of my faults.
wscript.echo  "Looking for GC"
dim oCont, oGC
Set oCont = GetObject("GC:")
For Each oGC In oCont
    strGCPath = oGC.ADsPath
Next
wscript.echo "strGCPath=" & strGCPath, 3
 
wscript.echo "Querying AD for Objects" & strGCPath
Set oConnection = CreateObject("ADODB.Connection")
Set oRecordset = CreateObject("ADODB.Recordset")
Set oCommand = CreateObject("ADODB.Command")
oConnection.Provider = "ADsDSOObject"  'The ADSI OLE-DB provider
oConnection.Open "ADs Provider"
oCommand.ActiveConnection = oConnection
oCommand.Properties("Page Size") = 100
oCommand.CommandText = "<" & strGCPath & ">;" & _
	"(mail=*@xy.de);" & _
	"distinguishedName,ObjectClass,displayName,mail" & _
	";subtree"
Set oRecordset = oCommand.Execute
wscript.echo "Done Total Records found:" & oRecordset.recordcount
 
do until oRecordset.EOF
	wscript.echo "---- Infos aus dem ADO-Recordset ----"
	wscript.echo "Klasse:" & lcase(join(oRecordset.Fields("ObjectClass"),","))
	wscript.echo 	
	wscript.echo "distinguishedName:" & oRecordset.Fields("distinguishedName")
	wscript.echo "displayName      :" & oRecordset.Fields("displayName")
	wscript.echo "Mail             :" & oRecordset.Fields("mail")
	wscript.echo "---- Infos aus dem gebundenen Object ----"
	set oObject = GetObject("LDAP:// " & oRecordset.Fields("distinguishedName"))
	wscript.echo "name          :" & oObject.name
	wscript.echo "SamAccountName:" & oObject.samAccountName
	oRecordset.MoveNext
loop

Open in new window

0
Comment
Question by:D-CPA
  • 2
3 Comments
 
LVL 65

Accepted Solution

by:
RobSampson earned 125 total points
ID: 24821654
Hi, welcome to EE!

First off, I'm not sure what you mean when you ask "what informations are missing in the GC?"

Perhaps you could use part of the EnumDomains Sub from here:
http://www.rlmueller.net/Programs/DocumentForest.txt

to list all of your child domains, then you could just do a normal LDAP search on each of those....

If you need help with that, I can give it a shot tomorrow.

Regards,

Rob.
0
 

Author Closing Comment

by:D-CPA
ID: 31601979
Thanks a lot, looks good. I will try now to combine my script with this solution.
0
 
LVL 65

Expert Comment

by:RobSampson
ID: 24822549
No problem. FYI, you don't need to close a question straight away if you're still working on it. Most of us experts are glad to assist you further in completing your task.

Regards,

Rob.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question