Solved

2003 ad script for enumeration

Posted on 2011-02-21
8
1,015 Views
Last Modified: 2012-05-11
In active directory users and computers, each user has a type and description column. Is it possible to run a vbscript to enumerate user, type and description for every domain user and domain group in a domain (2003)? Similar to that seen below? I only have domain user credentials not domain admin credentials, but as I can see it in ADUC as a domain user I assume it can also be enumerated...

http://www.axigen.com/usr/kb/AD_CreateAxiAcc1.jpg

0
Comment
Question by:pma111
  • 4
  • 4
8 Comments
 
LVL 12

Accepted Solution

by:
prashanthd earned 250 total points
Comment Utility
Hi,

You can try this code
'On Error Resume Next

Dim objRootDSE, strDomain, strUsername, objConnection, objCommand, objRecordSet, strDN
Const ADS_SCOPE_SUBTREE = 2
Const ADS_GROUP_TYPE_GLOBAL_GROUP = &h2
Const ADS_GROUP_TYPE_LOCAL_GROUP = &h4
Const ADS_GROUP_TYPE_UNIVERSAL_GROUP = &h8
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &h80000000


' Get domain components
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")

' Set ADO connection
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

' Set ADO command
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='group'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
' Set recordset to hold the query result
Set objRecordSet = objCommand.Execute

' If a Group was found - Retrieve the distinguishedName
Do While Not objRecordSet.EOF 
    strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
    
    Set objGroup = GetObject(strDN)
    objGroup.GetInfo
        
    strName = objGroup.Get("name")
    strSAMAccountName = objGroup.Get("sAMAccountName")
    intgroupType = objGroup.Get("groupType")
    
    strDescription = objGroup.GetEx("description")
    
    WScript.Echo "name: " & strName
    WScript.Echo "sAMAccountName: " & strSAMAccountName
    
    WScript.StdOut.Write "Group type: "
    If intGroupType And ADS_GROUP_TYPE_SECURITY_ENABLED Then
        WScript.Echo "Type : Security group"
    Else
        WScript.Echo "Type : Distribution group"
    End If
    
    For Each strValue In strDescription
        WScript.Echo "description: " & strValue
    Next    
    objRecordSet.MoveNext
Loop


objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='person'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
' Set recordset to hold the query result
Set objRecordSet = objCommand.Execute

' If a Group was found - Retrieve the distinguishedName
Do While Not objRecordSet.EOF 
    strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
    
    Set objUser = GetObject(strDN)
    objUser.GetInfo
        
    strName = objUser.Get("name")
    strSAMAccountName = objGroup.Get("sAMAccountName")
       
    strDescription = objGroup.GetEx("description")
    
    WScript.Echo "name: " & strName
    WScript.Echo "sAMAccountName: " & strSAMAccountName
    WScript.StdOut.Write "Type: User"
    
    For Each strValue In strDescription
        WScript.Echo "description: " & strValue
    Next    
    
    objRecordSet.MoveNext
Loop

Open in new window

0
 
LVL 3

Author Comment

by:pma111
Comment Utility
where will it write the results out to?
0
 
LVL 12

Expert Comment

by:prashanthd
Comment Utility
Use following command, it will write to output.txt

cscript vbfilename.vbs > output.txt
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
It fails,

enumerator.vbs (43, 5) Active Directory: The directory property cannot be found in cache
0
Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

 
LVL 12

Expert Comment

by:prashanthd
Comment Utility
try the following
On Error Resume Next

Dim objRootDSE, strDomain, strUsername, objConnection, objCommand, objRecordSet, strDN
Const ADS_SCOPE_SUBTREE = 2
Const ADS_GROUP_TYPE_GLOBAL_GROUP = &h2
Const ADS_GROUP_TYPE_LOCAL_GROUP = &h4
Const ADS_GROUP_TYPE_UNIVERSAL_GROUP = &h8
Const ADS_GROUP_TYPE_SECURITY_ENABLED = &h80000000


' Get domain components
Set objRootDSE = GetObject("LDAP://RootDSE")
strDomain = objRootDSE.Get("DefaultNamingContext")

' Set ADO connection
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

' Set ADO command
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='group'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
' Set recordset to hold the query result
Set objRecordSet = objCommand.Execute

' If a Group was found - Retrieve the distinguishedName
Do While Not objRecordSet.EOF 
    strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
    
    Set objGroup = GetObject(strDN)
    objGroup.GetInfo
        
    strName = objGroup.Get("name")
    strSAMAccountName = objGroup.Get("sAMAccountName")
    intgroupType = objGroup.Get("groupType")
    
    strDescription = objGroup.Getex("description")
    
    WScript.Echo "name: " & strName
    WScript.Echo "sAMAccountName: " & strSAMAccountName
    
    WScript.StdOut.Write "Group type: "
    If intGroupType And ADS_GROUP_TYPE_SECURITY_ENABLED Then
        WScript.Echo "Type : Security group"
    Else
        WScript.Echo "Type : Distribution group"
    End If
    
    For Each strValue In strDescription
        WScript.Echo "description: " & strValue
    Next    
    objRecordSet.MoveNext
Loop


objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='person'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
' Set recordset to hold the query result
Set objRecordSet = objCommand.Execute

' If a Group was found - Retrieve the distinguishedName
Do While Not objRecordSet.EOF 
    strDN = "LDAP://" & objRecordSet.Fields("distinguishedName").Value
    
    Set objUser = GetObject(strDN)
    objUser.GetInfo
        
    strName = objUser.Get("name")
    strSAMAccountName = objGroup.Get("sAMAccountName")
       
    strDescription = objGroup.GetEx("description")
    
    WScript.Echo "name: " & strName
    WScript.Echo "sAMAccountName: " & strSAMAccountName
    WScript.StdOut.Write "Type: User"
    
    For Each strValue In strDescription
        WScript.Echo "description: " & strValue
    Next    
    
    objRecordSet.MoveNext
Loop

Open in new window

0
 
LVL 3

Author Comment

by:pma111
Comment Utility
Hmm, it returns data, but in ADUC against accounts there is often a comment in the description field, when I search for the description in the output of this query it doesnt find it...
0
 
LVL 12

Expert Comment

by:prashanthd
Comment Utility
Is it not returning any value for description?
0
 
LVL 3

Author Comment

by:pma111
Comment Utility
I found an alternative that worked...
0

Featured Post

Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

Join & Write a Comment

Installing a printer using group policy preferences is not that hard let’s take a look at it. First lets open up your group policy console and edit the policy you want to add it to. I recommend creating a new policy for each printer makes it a l…
Over the years I have built up my own little library of code snippets that I refer to when programming or writing a script.  Many of these have come from the web or adaptations from snippets I find on the Web.  Periodically I add to them when I come…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now