Solved

Help with VBS script and extracting user info from AD

Posted on 2010-11-18
1
1,092 Views
Last Modified: 2012-08-13
I have the script attached that I want to modify.  I am not a programmer by any stretch of the imagination.  I cannot find some of the user object attributes that I need, and the ones that I found I cannot get any output when I run the script.  I used both ADSI Edit and CSVDE -f Exportfile.csv to try and identify the attributes that I need.

I want to keep what it has so far and add the following to the script.
PswdCanBeChanged, PswdLastSetTime, PswdRequired, PswdExpires, PswdExpiresTime,AcctDisabled, AcctLockedOut, AcctExpiresTime,LastLogonTime, LastLogonServer, LogonHours , group membership
test-ad.vbs
0
Comment
Question by:asrvwiz
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 71

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 34187260
I advise you use PowerShell and Quests AD CmdLets to get these if you have no existing scripting background. You can download those here:

http://www.quest.com/powershell/activeroles-server.aspx

With that, you can get an approximation of this with:
Get-QADUser | Select-Object Name, DN, PasswordLastSet, PasswordNeverExpires, PasswordExpires, 
    AccountIsDisabled, AccountIsLockedOut, AccountExpires, LastLogon, MemberOf |
  Export-Csv "SomeFile.csv" -NoTypeInformation

Open in new window

If you must stick with VbScript then not all of the fields you've defined are helpful.

PswdCanBeChanged - Must enumerate account security. Not trivially available.
PswdLastSetTime - PwdLastSet: Needs conversion in VbScript interface
PswdRequired - No such field
PswdExpires - You can pull Never Expires from userAccountControl
PswdExpiresTime - Based on PwdLastSet plus expiry value (set in domain policy)
AcctDisabled - From userAccountControl
AcctLockedOut - From userAccountControl
AcctExpiresTime - accountExpirationDate: Needs conversion in the VbScript interface
LastLogonTime - LastLogon: Needs conversion in VbScript interface. Note: Value is *not* replicated between Domain Controllers
LastLogonServer - No such field
LogonHours - Complex hexadecimal array
group membership - MemberOf (DN of each group the user belongs to, except Primary Group)

Chris
0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question