Solved

VB Script for a list of Active Directory users with Remote Access enabled.

Posted on 2011-03-22
4
426 Views
Last Modified: 2012-05-11
I'm trying to get a list of all my users who have Remote Access enabled. We use a Radius server to authenticate VPN users. I'm getting a list of users, but it's not all of them. It is finding users in different OU's, so I don't think that is a problem.

What am I doing wrong?
Const ADS_SCOPE_SUBTREE = 4

Dim objFSO, objFolder, objShell, objTextFile, objFile

objFile = "c:\queries\VPNUsers.txt"

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objFile = objFSO.CreateTextFile(objFile)

objCommand.Properties("Page Size") = 10000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 

objCommand.CommandText = _
    "SELECT * FROM 'LDAP://dc=dayton_rogers,dc=local' WHERE objectCategory='user' AND msNPAllowDialin = TRUE"
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    objFile.WriteLine(objRecordSet.Fields("ADsPath").Value)
    objRecordSet.MoveNext
Loop

objFile.Close

Open in new window

0
Comment
Question by:leviatdr
  • 2
4 Comments
 
LVL 7

Expert Comment

by:holthd
ID: 35194947
Not sure how the Searchscope property behaves but try the below script. I allways use that as a baseline when with Active Directory - never experienced "wierd" issues, such as this, as with other Recordset setups.

-Daniel
objFile = "c:\queries\VPNUsers.txt"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.CreateTextFile(objFile)

' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection

' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")

strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"

' Filter on user objects.
strFilter = "(&(objectCategory=person)(objectClass=user))"

' Comma delimited list of attribute values to retrieve.
strAttributes = "ADsPath"

' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

' Run the query.
Set adoRecordset = adoCommand.Execute

' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
	objFile.WriteLine(adoRecordset.Fields("ADsPath").Value)
    adoRecordset.MoveNext
Loop

' Clean up.
adoRecordset.Close
adoConnection.Close
objFile.Close

' Example used was originally created by Richard L. Mueller - http://www.rlmueller.net

Open in new window

0
 
LVL 3

Expert Comment

by:Anurag_Tiwari
ID: 35198516
As tested your script.It's working fine.It's picking up all the user's from domain.If you want to restrict it to a particuler OU then you need to modify your search critaria
0
 

Accepted Solution

by:
leviatdr earned 0 total points
ID: 35198850
That gives me the full output of the users, but I need all the users who have Remote Access enabled on the Dial in Tab of Active Directory Users and Computers. My research tells me the property is called msNPAllowDialin = TRUE. How do I modify your script to just include those entries?
0
 

Author Closing Comment

by:leviatdr
ID: 35775502
We have moved on and this question is irrelevant to our current situation.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question