Solved

VB Script for a list of Active Directory users with Remote Access enabled.

Posted on 2011-03-22
4
428 Views
Last Modified: 2012-05-11
I'm trying to get a list of all my users who have Remote Access enabled. We use a Radius server to authenticate VPN users. I'm getting a list of users, but it's not all of them. It is finding users in different OU's, so I don't think that is a problem.

What am I doing wrong?
Const ADS_SCOPE_SUBTREE = 4

Dim objFSO, objFolder, objShell, objTextFile, objFile

objFile = "c:\queries\VPNUsers.txt"

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objFile = objFSO.CreateTextFile(objFile)

objCommand.Properties("Page Size") = 10000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 

objCommand.CommandText = _
    "SELECT * FROM 'LDAP://dc=dayton_rogers,dc=local' WHERE objectCategory='user' AND msNPAllowDialin = TRUE"
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    objFile.WriteLine(objRecordSet.Fields("ADsPath").Value)
    objRecordSet.MoveNext
Loop

objFile.Close

Open in new window

0
Comment
Question by:leviatdr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 7

Expert Comment

by:holthd
ID: 35194947
Not sure how the Searchscope property behaves but try the below script. I allways use that as a baseline when with Active Directory - never experienced "wierd" issues, such as this, as with other Recordset setups.

-Daniel
objFile = "c:\queries\VPNUsers.txt"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.CreateTextFile(objFile)

' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection

' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")

strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"

' Filter on user objects.
strFilter = "(&(objectCategory=person)(objectClass=user))"

' Comma delimited list of attribute values to retrieve.
strAttributes = "ADsPath"

' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

' Run the query.
Set adoRecordset = adoCommand.Execute

' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
	objFile.WriteLine(adoRecordset.Fields("ADsPath").Value)
    adoRecordset.MoveNext
Loop

' Clean up.
adoRecordset.Close
adoConnection.Close
objFile.Close

' Example used was originally created by Richard L. Mueller - http://www.rlmueller.net

Open in new window

0
 
LVL 3

Expert Comment

by:Anurag_Tiwari
ID: 35198516
As tested your script.It's working fine.It's picking up all the user's from domain.If you want to restrict it to a particuler OU then you need to modify your search critaria
0
 

Accepted Solution

by:
leviatdr earned 0 total points
ID: 35198850
That gives me the full output of the users, but I need all the users who have Remote Access enabled on the Dial in Tab of Active Directory Users and Computers. My research tells me the property is called msNPAllowDialin = TRUE. How do I modify your script to just include those entries?
0
 

Author Closing Comment

by:leviatdr
ID: 35775502
We have moved on and this question is irrelevant to our current situation.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

With User Account Control (UAC) enabled in Windows 7, one needs to open an elevated Command Prompt in order to run scripts under administrative privileges. Although the elevated Command Prompt accomplishes the task, the question How to run as script…
Auditing domain password hashes is a commonly overlooked but critical requirement to ensuring secure passwords practices are followed. Methods exist to extract hashes directly for a live domain however this article describes a process to extract u…
This video shows how to use Hyena, from SystemTools Software, to bulk import 100 user accounts from an external text file. View in 1080p for best video quality.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question