Solved

VB Script for a list of Active Directory users with Remote Access enabled.

Posted on 2011-03-22
4
421 Views
Last Modified: 2012-05-11
I'm trying to get a list of all my users who have Remote Access enabled. We use a Radius server to authenticate VPN users. I'm getting a list of users, but it's not all of them. It is finding users in different OU's, so I don't think that is a problem.

What am I doing wrong?
Const ADS_SCOPE_SUBTREE = 4

Dim objFSO, objFolder, objShell, objTextFile, objFile

objFile = "c:\queries\VPNUsers.txt"

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objFile = objFSO.CreateTextFile(objFile)

objCommand.Properties("Page Size") = 10000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 

objCommand.CommandText = _
    "SELECT * FROM 'LDAP://dc=dayton_rogers,dc=local' WHERE objectCategory='user' AND msNPAllowDialin = TRUE"
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    objFile.WriteLine(objRecordSet.Fields("ADsPath").Value)
    objRecordSet.MoveNext
Loop

objFile.Close

Open in new window

0
Comment
Question by:leviatdr
  • 2
4 Comments
 
LVL 7

Expert Comment

by:holthd
Comment Utility
Not sure how the Searchscope property behaves but try the below script. I allways use that as a baseline when with Active Directory - never experienced "wierd" issues, such as this, as with other Recordset setups.

-Daniel
objFile = "c:\queries\VPNUsers.txt"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.CreateTextFile(objFile)

' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection

' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")

strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"

' Filter on user objects.
strFilter = "(&(objectCategory=person)(objectClass=user))"

' Comma delimited list of attribute values to retrieve.
strAttributes = "ADsPath"

' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

' Run the query.
Set adoRecordset = adoCommand.Execute

' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
	objFile.WriteLine(adoRecordset.Fields("ADsPath").Value)
    adoRecordset.MoveNext
Loop

' Clean up.
adoRecordset.Close
adoConnection.Close
objFile.Close

' Example used was originally created by Richard L. Mueller - http://www.rlmueller.net

Open in new window

0
 
LVL 3

Expert Comment

by:Anurag_Tiwari
Comment Utility
As tested your script.It's working fine.It's picking up all the user's from domain.If you want to restrict it to a particuler OU then you need to modify your search critaria
0
 

Accepted Solution

by:
leviatdr earned 0 total points
Comment Utility
That gives me the full output of the users, but I need all the users who have Remote Access enabled on the Dial in Tab of Active Directory Users and Computers. My research tells me the property is called msNPAllowDialin = TRUE. How do I modify your script to just include those entries?
0
 

Author Closing Comment

by:leviatdr
Comment Utility
We have moved on and this question is irrelevant to our current situation.
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Do you have users whose passwords are expiring and they are constantly calling you?  Well I sure did and needed a way to put an end to this.  We have a lot of remote users which would not be notified that their passwords were expiring since they wer…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now