Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1032
  • Last Modified:

2003 ad script for enumeration

In active directory users and computers, each user has a type and description column. Is it possible to run a vbscript to enumerate user, type and description for every domain user and domain group in a domain (2003)? Similar to that seen below? I only have domain user credentials not domain admin credentials, but as I can see it in ADUC as a domain user I assume it can also be enumerated...

http://www.axigen.com/usr/kb/AD_CreateAxiAcc1.jpg

0
pma111
Asked:
pma111
  • 4
  • 4
1 Solution
 
prashanthdCommented:
Hi,

You can try this code
'On Error Resume Next

Dim objRootDSE, strDomain, strUsername, objConnection, objCommand, objRecordSet, strDN
Const ADS_SCOPE_SUBTREE = 2
Const ADS_GROUP_TYPE_GLOBAL_GROUP = &h2
Const ADS_GROUP_TYPE_LOCAL_GROUP = &h4
Const ADS_GROUP_TYPE_UNIVERSAL_GROUP = &h8
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &h80000000


' Get domain components
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")

' Set ADO connection
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

' Set ADO command
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='group'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
' Set recordset to hold the query result
Set objRecordSet = objCommand.Execute

' If a Group was found - Retrieve the distinguishedName
Do While Not objRecordSet.EOF 
    strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
    
    Set objGroup = GetObject(strDN)
    objGroup.GetInfo
        
    strName = objGroup.Get("name")
    strSAMAccountName = objGroup.Get("sAMAccountName")
    intgroupType = objGroup.Get("groupType")
    
    strDescription = objGroup.GetEx("description")
    
    WScript.Echo "name: " & strName
    WScript.Echo "sAMAccountName: " & strSAMAccountName
    
    WScript.StdOut.Write "Group type: "
    If intGroupType And ADS_GROUP_TYPE_SECURITY_ENABLED Then
        WScript.Echo "Type : Security group"
    Else
        WScript.Echo "Type : Distribution group"
    End If
    
    For Each strValue In strDescription
        WScript.Echo "description: " & strValue
    Next    
    objRecordSet.MoveNext
Loop


objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='person'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
' Set recordset to hold the query result
Set objRecordSet = objCommand.Execute

' If a Group was found - Retrieve the distinguishedName
Do While Not objRecordSet.EOF 
    strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
    
    Set objUser = GetObject(strDN)
    objUser.GetInfo
        
    strName = objUser.Get("name")
    strSAMAccountName = objGroup.Get("sAMAccountName")
       
    strDescription = objGroup.GetEx("description")
    
    WScript.Echo "name: " & strName
    WScript.Echo "sAMAccountName: " & strSAMAccountName
    WScript.StdOut.Write "Type: User"
    
    For Each strValue In strDescription
        WScript.Echo "description: " & strValue
    Next    
    
    objRecordSet.MoveNext
Loop

Open in new window

0
 
pma111Author Commented:
where will it write the results out to?
0
 
prashanthdCommented:
Use following command, it will write to output.txt

cscript vbfilename.vbs > output.txt
0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
pma111Author Commented:
It fails,

enumerator.vbs (43, 5) Active Directory: The directory property cannot be found in cache
0
 
prashanthdCommented:
try the following
On Error Resume Next

Dim objRootDSE, strDomain, strUsername, objConnection, objCommand, objRecordSet, strDN
Const ADS_SCOPE_SUBTREE = 2
Const ADS_GROUP_TYPE_GLOBAL_GROUP = &h2
Const ADS_GROUP_TYPE_LOCAL_GROUP = &h4
Const ADS_GROUP_TYPE_UNIVERSAL_GROUP = &h8
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &h80000000


' Get domain components
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")

' Set ADO connection
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

' Set ADO command
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='group'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
' Set recordset to hold the query result
Set objRecordSet = objCommand.Execute

' If a Group was found - Retrieve the distinguishedName
Do While Not objRecordSet.EOF 
    strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
    
    Set objGroup = GetObject(strDN)
    objGroup.GetInfo
        
    strName = objGroup.Get("name")
    strSAMAccountName = objGroup.Get("sAMAccountName")
    intgroupType = objGroup.Get("groupType")
    
    strDescription = objGroup.Getex("description")
    
    WScript.Echo "name: " & strName
    WScript.Echo "sAMAccountName: " & strSAMAccountName
    
    WScript.StdOut.Write "Group type: "
    If intGroupType And ADS_GROUP_TYPE_SECURITY_ENABLED Then
        WScript.Echo "Type : Security group"
    Else
        WScript.Echo "Type : Distribution group"
    End If
    
    For Each strValue In strDescription
        WScript.Echo "description: " & strValue
    Next    
    objRecordSet.MoveNext
Loop


objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='person'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
' Set recordset to hold the query result
Set objRecordSet = objCommand.Execute

' If a Group was found - Retrieve the distinguishedName
Do While Not objRecordSet.EOF 
    strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
    
    Set objUser = GetObject(strDN)
    objUser.GetInfo
        
    strName = objUser.Get("name")
    strSAMAccountName = objGroup.Get("sAMAccountName")
       
    strDescription = objGroup.GetEx("description")
    
    WScript.Echo "name: " & strName
    WScript.Echo "sAMAccountName: " & strSAMAccountName
    WScript.StdOut.Write "Type: User"
    
    For Each strValue In strDescription
        WScript.Echo "description: " & strValue
    Next    
    
    objRecordSet.MoveNext
Loop

Open in new window

0
 
pma111Author Commented:
Hmm, it returns data, but in ADUC against accounts there is often a comment in the description field, when I search for the description in the output of this query it doesnt find it...
0
 
prashanthdCommented:
Is it not returning any value for description?
0
 
pma111Author Commented:
I found an alternative that worked...
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 4
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now