?
Solved

VB Script for a list of Active Directory users with Remote Access enabled.

Posted on 2011-03-22
4
Medium Priority
?
431 Views
Last Modified: 2012-05-11
I'm trying to get a list of all my users who have Remote Access enabled. We use a Radius server to authenticate VPN users. I'm getting a list of users, but it's not all of them. It is finding users in different OU's, so I don't think that is a problem.

What am I doing wrong?
Const ADS_SCOPE_SUBTREE = 4

Dim objFSO, objFolder, objShell, objTextFile, objFile

objFile = "c:\queries\VPNUsers.txt"

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objFile = objFSO.CreateTextFile(objFile)

objCommand.Properties("Page Size") = 10000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 

objCommand.CommandText = _
    "SELECT * FROM 'LDAP://dc=dayton_rogers,dc=local' WHERE objectCategory='user' AND msNPAllowDialin = TRUE"
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    objFile.WriteLine(objRecordSet.Fields("ADsPath").Value)
    objRecordSet.MoveNext
Loop

objFile.Close

Open in new window

0
Comment
Question by:leviatdr
  • 2
4 Comments
 
LVL 7

Expert Comment

by:holthd
ID: 35194947
Not sure how the Searchscope property behaves but try the below script. I allways use that as a baseline when with Active Directory - never experienced "wierd" issues, such as this, as with other Recordset setups.

-Daniel
objFile = "c:\queries\VPNUsers.txt"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.CreateTextFile(objFile)

' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection

' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")

strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"

' Filter on user objects.
strFilter = "(&(objectCategory=person)(objectClass=user))"

' Comma delimited list of attribute values to retrieve.
strAttributes = "ADsPath"

' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

' Run the query.
Set adoRecordset = adoCommand.Execute

' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
	objFile.WriteLine(adoRecordset.Fields("ADsPath").Value)
    adoRecordset.MoveNext
Loop

' Clean up.
adoRecordset.Close
adoConnection.Close
objFile.Close

' Example used was originally created by Richard L. Mueller - http://www.rlmueller.net

Open in new window

0
 
LVL 3

Expert Comment

by:Anurag_Tiwari
ID: 35198516
As tested your script.It's working fine.It's picking up all the user's from domain.If you want to restrict it to a particuler OU then you need to modify your search critaria
0
 

Accepted Solution

by:
leviatdr earned 0 total points
ID: 35198850
That gives me the full output of the users, but I need all the users who have Remote Access enabled on the Dial in Tab of Active Directory Users and Computers. My research tells me the property is called msNPAllowDialin = TRUE. How do I modify your script to just include those entries?
0
 

Author Closing Comment

by:leviatdr
ID: 35775502
We have moved on and this question is irrelevant to our current situation.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A hard and fast method for reducing Active Directory Administrators members.
Had a business requirement to store the mobile number in an environmental variable. This is just a quick article on how this was done.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

839 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question