Solved

2003 ad script for enumeration

Posted on 2011-02-21
8
1,016 Views
Last Modified: 2012-05-11
In active directory users and computers, each user has a type and description column. Is it possible to run a vbscript to enumerate user, type and description for every domain user and domain group in a domain (2003)? Similar to that seen below? I only have domain user credentials not domain admin credentials, but as I can see it in ADUC as a domain user I assume it can also be enumerated...

http://www.axigen.com/usr/kb/AD_CreateAxiAcc1.jpg

0
Comment
Question by:pma111
  • 4
  • 4
8 Comments
 
LVL 12

Accepted Solution

by:
prashanthd earned 250 total points
ID: 34942040
Hi,

You can try this code
'On Error Resume Next

Dim objRootDSE, strDomain, strUsername, objConnection, objCommand, objRecordSet, strDN
Const ADS_SCOPE_SUBTREE = 2
Const ADS_GROUP_TYPE_GLOBAL_GROUP = &h2
Const ADS_GROUP_TYPE_LOCAL_GROUP = &h4
Const ADS_GROUP_TYPE_UNIVERSAL_GROUP = &h8
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &h80000000


' Get domain components
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")

' Set ADO connection
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

' Set ADO command
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='group'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
' Set recordset to hold the query result
Set objRecordSet = objCommand.Execute

' If a Group was found - Retrieve the distinguishedName
Do While Not objRecordSet.EOF 
    strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
    
    Set objGroup = GetObject(strDN)
    objGroup.GetInfo
        
    strName = objGroup.Get("name")
    strSAMAccountName = objGroup.Get("sAMAccountName")
    intgroupType = objGroup.Get("groupType")
    
    strDescription = objGroup.GetEx("description")
    
    WScript.Echo "name: " & strName
    WScript.Echo "sAMAccountName: " & strSAMAccountName
    
    WScript.StdOut.Write "Group type: "
    If intGroupType And ADS_GROUP_TYPE_SECURITY_ENABLED Then
        WScript.Echo "Type : Security group"
    Else
        WScript.Echo "Type : Distribution group"
    End If
    
    For Each strValue In strDescription
        WScript.Echo "description: " & strValue
    Next    
    objRecordSet.MoveNext
Loop


objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='person'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
' Set recordset to hold the query result
Set objRecordSet = objCommand.Execute

' If a Group was found - Retrieve the distinguishedName
Do While Not objRecordSet.EOF 
    strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
    
    Set objUser = GetObject(strDN)
    objUser.GetInfo
        
    strName = objUser.Get("name")
    strSAMAccountName = objGroup.Get("sAMAccountName")
       
    strDescription = objGroup.GetEx("description")
    
    WScript.Echo "name: " & strName
    WScript.Echo "sAMAccountName: " & strSAMAccountName
    WScript.StdOut.Write "Type: User"
    
    For Each strValue In strDescription
        WScript.Echo "description: " & strValue
    Next    
    
    objRecordSet.MoveNext
Loop

Open in new window

0
 
LVL 3

Author Comment

by:pma111
ID: 34942088
where will it write the results out to?
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 34942109
Use following command, it will write to output.txt

cscript vbfilename.vbs > output.txt
0
 
LVL 3

Author Comment

by:pma111
ID: 34942153
It fails,

enumerator.vbs (43, 5) Active Directory: The directory property cannot be found in cache
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 12

Expert Comment

by:prashanthd
ID: 34942233
try the following
On Error Resume Next

Dim objRootDSE, strDomain, strUsername, objConnection, objCommand, objRecordSet, strDN
Const ADS_SCOPE_SUBTREE = 2
Const ADS_GROUP_TYPE_GLOBAL_GROUP = &h2
Const ADS_GROUP_TYPE_LOCAL_GROUP = &h4
Const ADS_GROUP_TYPE_UNIVERSAL_GROUP = &h8
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &h80000000


' Get domain components
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")

' Set ADO connection
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

' Set ADO command
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='group'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
' Set recordset to hold the query result
Set objRecordSet = objCommand.Execute

' If a Group was found - Retrieve the distinguishedName
Do While Not objRecordSet.EOF 
    strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
    
    Set objGroup = GetObject(strDN)
    objGroup.GetInfo
        
    strName = objGroup.Get("name")
    strSAMAccountName = objGroup.Get("sAMAccountName")
    intgroupType = objGroup.Get("groupType")
    
    strDescription = objGroup.Getex("description")
    
    WScript.Echo "name: " & strName
    WScript.Echo "sAMAccountName: " & strSAMAccountName
    
    WScript.StdOut.Write "Group type: "
    If intGroupType And ADS_GROUP_TYPE_SECURITY_ENABLED Then
        WScript.Echo "Type : Security group"
    Else
        WScript.Echo "Type : Distribution group"
    End If
    
    For Each strValue In strDescription
        WScript.Echo "description: " & strValue
    Next    
    objRecordSet.MoveNext
Loop


objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='person'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
' Set recordset to hold the query result
Set objRecordSet = objCommand.Execute

' If a Group was found - Retrieve the distinguishedName
Do While Not objRecordSet.EOF 
    strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
    
    Set objUser = GetObject(strDN)
    objUser.GetInfo
        
    strName = objUser.Get("name")
    strSAMAccountName = objGroup.Get("sAMAccountName")
       
    strDescription = objGroup.GetEx("description")
    
    WScript.Echo "name: " & strName
    WScript.Echo "sAMAccountName: " & strSAMAccountName
    WScript.StdOut.Write "Type: User"
    
    For Each strValue In strDescription
        WScript.Echo "description: " & strValue
    Next    
    
    objRecordSet.MoveNext
Loop

Open in new window

0
 
LVL 3

Author Comment

by:pma111
ID: 34942300
Hmm, it returns data, but in ADUC against accounts there is often a comment in the description field, when I search for the description in the output of this query it doesnt find it...
0
 
LVL 12

Expert Comment

by:prashanthd
ID: 34942424
Is it not returning any value for description?
0
 
LVL 3

Author Comment

by:pma111
ID: 34943030
I found an alternative that worked...
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is the result of a quest to better understand Task Scheduler 2.0 and all the newer objects available in vbscript in this version over  the limited options we had scripting in Task Scheduler 1.0.  As I started my journey of knowledge I f…
Deploying a Microsoft Access application in a Citrix environment is not difficult but takes a few steps. However, Citrix system people are often of little help, as they typically know next to nothing about Access. The script provided here will take …
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now