[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

How to pull who uses what login script in Active Directory

Posted on 2011-03-18
4
Medium Priority
?
524 Views
Last Modified: 2012-05-11
Hi guys,

I need to create a script that allows me to see who has what login script in their profile.

I found this online. Not sure how good it works. Thoughts?

Set objRootDSE = GetObject("LDAP://RootDSE")
strConfig = objRootDSE.Get("configurationNamingContext")
strDNSDomain = objRootDSE.Get("defaultNamingContext")

'      Initiate ADO

Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection

'      Assemble query string

strBase = ""
strFilter = "(&(objectCategory=person)(objectClass=user))"
strAttributes = "distinguishedName,Name,ScriptPath"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"

'      set parameters

objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 60
objCommand.Properties("Cache Results") = False

Set objRecordSet = objCommand.Execute

Do Until objRecordSet.EOF
wscript.echo objRecordSet.Fields("Name") & vbtab & objRecordSet.Fields("scriptPath")
objRecordSet.MoveNext
Loop

Thanks

0
Comment
Question by:nexxsupport
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 31

Expert Comment

by:Justin Owens
ID: 35166091
It looks like it should be fine....  Have you tried it yet?

DrUltima
0
 
LVL 7

Expert Comment

by:SjoerdvW
ID: 35166135
Created this script a while back... Export the logonscript (and some other attributes) to a csv file
'**************************************************************************
'Application settings
'**************************************************************************
Const ForReading = 1
Const ForWriting = 2
Const ADS_PROPERTY_APPEND = 3
Const Primary_EmailAddress = "SMTP:"

'**************************************************************************
'Declare variables
'**************************************************************************
Counter=0

ExportfilePath = InputBox("Path to the export file:", "Export to","export.csv") 
Set objExportFSO = CreateObject("Scripting.FileSystemObject")
Set objExportTextFile = objExportFSO.OpenTextFile(ExportfilePath, ForWriting, True)

On Error Resume Next
objExportTextFile.writeline("UserName;Full Name;First Name;Initials;Lastname;Account disabled;PrimaryEmail;LoginScript;HomeDir;ProfilePath")

'Create Objects for LDAP Queries
Set rootDSE = GetObject("LDAP://RootDSE")
DomainContainer = rootDSE.Get("defaultNamingContext")

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000

objCommand.CommandText = _
   "SELECT sAMAccountName, cn, givenName, initials, sn, distinguishedName, proxyAddresses, ScriptPath, homeDirectory, profilePath FROM 'LDAP://" & DomainContainer & "' WHERE objectCategory='user' "

Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    distinguishedName = objRecordSet.Fields("distinguishedName")
    Set objUser       = GetObject("LDAP://" & distinguishedName)
    Set colGroups     = objUser.Groups
    LogonName         = objRecordSet.Fields("sAMAccountName").Value
    FullName	      = objRecordSet.Fields("cn").Value
    GivenName         = objRecordSet.Fields("givenName").Value
    Initials          = objRecordSet.Fields("initials").Value
    SureName          = objRecordSet.Fields("sn").Value
    Disabled          = objUser.AccountDisabled
    if Disabled then Disabled = 1 else Disabled = 0 end if  
    ProxyAddresses    = objRecordSet.Fields("proxyAddresses")
    primaryMail       = ""
    LoginScript       = objRecordSet.Fields("ScriptPath")
    homeDirectory     = objRecordSet.Fields("homeDirectory")
    profilePath       = objRecordSet.Fields("profilePath")
    
    If IsArray(ProxyAddresses) Then
      For Each ProxyAddress in ProxyAddresses
      On Error Resume Next
       If (ProxyAddress<>"") Then
         If CBool(InStr(ProxyAddress, Primary_EmailAddress)) Then 
          primaryMail = Mid(proxyAddress,6)
         End If
       End If
      Next
    End If

    objExportTextFile.writeLine(LogonName & ";" & FullName & ";" & GivenName & ";" & Initials & ";" & SureName & ";" & Disabled & ";" & primaryMail & ";" & LoginScript & ";" & homeDirectory & ";" & profilePath)

    Counter=Counter+1
    objRecordSet.MoveNext
Loop

WScript.Echo "Exported " & Counter & " users"

Open in new window

0
 

Author Comment

by:nexxsupport
ID: 35166909
Thanks, Im trying to edit it so it can be OU specific and only with firstname and surname.

When i edit it all I get is
,,,,,,,"first name of user", loginscritp.

Any idea?
0
 
LVL 7

Accepted Solution

by:
SjoerdvW earned 2000 total points
ID: 35179908
This script should export you're whole AD with the distinguishedName, logonnname and script of all users. You can resolve the OU by the users distinguished name.

If you would only query a specific OU you should change the rules
Set rootDSE = GetObject("LDAP://RootDSE")
DomainContainer = rootDSE.Get("defaultNamingContext")

with something like:
DomainContainer = "OU=Users,OU=Test,DC=Domain,DC=Local"

'**************************************************************************
'Application settings
'**************************************************************************
Const ForReading = 1
Const ForWriting = 2
Const ADS_PROPERTY_APPEND = 3
Const Primary_EmailAddress = "SMTP:"

'**************************************************************************
'Declare variables
'**************************************************************************
Counter=0

ExportfilePath = InputBox("Path to the export file:", "Export to","export.csv") 
Set objExportFSO = CreateObject("Scripting.FileSystemObject")
Set objExportTextFile = objExportFSO.OpenTextFile(ExportfilePath, ForWriting, True)

On Error Resume Next
objExportTextFile.writeline("distinguishedName;UserName;LoginScript")

'Create Objects for LDAP Queries
Set rootDSE = GetObject("LDAP://RootDSE")
DomainContainer = rootDSE.Get("defaultNamingContext")

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000

objCommand.CommandText = "SELECT distinguishedName, sAMAccountName, ScriptPath FROM 'LDAP://" & DomainContainer & "' WHERE objectCategory='user' "

Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    distinguishedName = objRecordSet.Fields("distinguishedName")
    Set objUser       = GetObject("LDAP://" & distinguishedName)
    LogonName         = objRecordSet.Fields("sAMAccountName").Value
    LoginScript       = objRecordSet.Fields("ScriptPath")
    objExportTextFile.writeLine(distinguishedName & ";" & LogonName & ";" & LoginScript)
    Counter=Counter+1
    objRecordSet.MoveNext
Loop

WScript.Echo "Exported " & Counter & " users"

Open in new window

0

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
While rebooting windows server 2003 server , it's showing "active directory rebuilding indices please wait" at startup. It took a little while for this process to complete and once we logged on not all the services were started so another reboot is …
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question