Solved

Help with VBS script and extracting user info from AD

Posted on 2010-11-18
1
1,060 Views
Last Modified: 2012-08-13
I have the script attached that I want to modify.  I am not a programmer by any stretch of the imagination.  I cannot find some of the user object attributes that I need, and the ones that I found I cannot get any output when I run the script.  I used both ADSI Edit and CSVDE -f Exportfile.csv to try and identify the attributes that I need.

I want to keep what it has so far and add the following to the script.
PswdCanBeChanged, PswdLastSetTime, PswdRequired, PswdExpires, PswdExpiresTime,AcctDisabled, AcctLockedOut, AcctExpiresTime,LastLogonTime, LastLogonServer, LogonHours , group membership
test-ad.vbs
0
Comment
Question by:asrvwiz
1 Comment
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
ID: 34187260
I advise you use PowerShell and Quests AD CmdLets to get these if you have no existing scripting background. You can download those here:

http://www.quest.com/powershell/activeroles-server.aspx

With that, you can get an approximation of this with:
Get-QADUser | Select-Object Name, DN, PasswordLastSet, PasswordNeverExpires, PasswordExpires, 
    AccountIsDisabled, AccountIsLockedOut, AccountExpires, LastLogon, MemberOf |
  Export-Csv "SomeFile.csv" -NoTypeInformation

Open in new window

If you must stick with VbScript then not all of the fields you've defined are helpful.

PswdCanBeChanged - Must enumerate account security. Not trivially available.
PswdLastSetTime - PwdLastSet: Needs conversion in VbScript interface
PswdRequired - No such field
PswdExpires - You can pull Never Expires from userAccountControl
PswdExpiresTime - Based on PwdLastSet plus expiry value (set in domain policy)
AcctDisabled - From userAccountControl
AcctLockedOut - From userAccountControl
AcctExpiresTime - accountExpirationDate: Needs conversion in the VbScript interface
LastLogonTime - LastLogon: Needs conversion in VbScript interface. Note: Value is *not* replicated between Domain Controllers
LastLogonServer - No such field
LogonHours - Complex hexadecimal array
group membership - MemberOf (DN of each group the user belongs to, except Primary Group)

Chris
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the years I have built up my own little library of code snippets that I refer to when programming or writing a script.  Many of these have come from the web or adaptations from snippets I find on the Web.  Periodically I add to them when I come…
Not long ago I saw a question in the VB Script forum that I thought would not take much time. You can read that question (Question ID  (http://www.experts-exchange.com/Programming/Languages/Visual_Basic/VB_Script/Q_28455246.html)28455246) Here (http…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now