Solved

VB Script for a list of Active Directory users with Remote Access enabled.

Posted on 2011-03-22
4
423 Views
Last Modified: 2012-05-11
I'm trying to get a list of all my users who have Remote Access enabled. We use a Radius server to authenticate VPN users. I'm getting a list of users, but it's not all of them. It is finding users in different OU's, so I don't think that is a problem.

What am I doing wrong?
Const ADS_SCOPE_SUBTREE = 4

Dim objFSO, objFolder, objShell, objTextFile, objFile

objFile = "c:\queries\VPNUsers.txt"

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
Set objFSO = CreateObject("Scripting.FileSystemObject")

Set objFile = objFSO.CreateTextFile(objFile)

objCommand.Properties("Page Size") = 10000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE 

objCommand.CommandText = _
    "SELECT * FROM 'LDAP://dc=dayton_rogers,dc=local' WHERE objectCategory='user' AND msNPAllowDialin = TRUE"
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    objFile.WriteLine(objRecordSet.Fields("ADsPath").Value)
    objRecordSet.MoveNext
Loop

objFile.Close

Open in new window

0
Comment
Question by:leviatdr
  • 2
4 Comments
 
LVL 7

Expert Comment

by:holthd
ID: 35194947
Not sure how the Searchscope property behaves but try the below script. I allways use that as a baseline when with Active Directory - never experienced "wierd" issues, such as this, as with other Recordset setups.

-Daniel
objFile = "c:\queries\VPNUsers.txt"
Set objFSO = CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.CreateTextFile(objFile)

' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection

' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")

strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"

' Filter on user objects.
strFilter = "(&(objectCategory=person)(objectClass=user))"

' Comma delimited list of attribute values to retrieve.
strAttributes = "ADsPath"

' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

' Run the query.
Set adoRecordset = adoCommand.Execute

' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
	objFile.WriteLine(adoRecordset.Fields("ADsPath").Value)
    adoRecordset.MoveNext
Loop

' Clean up.
adoRecordset.Close
adoConnection.Close
objFile.Close

' Example used was originally created by Richard L. Mueller - http://www.rlmueller.net

Open in new window

0
 
LVL 3

Expert Comment

by:Anurag_Tiwari
ID: 35198516
As tested your script.It's working fine.It's picking up all the user's from domain.If you want to restrict it to a particuler OU then you need to modify your search critaria
0
 

Accepted Solution

by:
leviatdr earned 0 total points
ID: 35198850
That gives me the full output of the users, but I need all the users who have Remote Access enabled on the Dial in Tab of Active Directory Users and Computers. My research tells me the property is called msNPAllowDialin = TRUE. How do I modify your script to just include those entries?
0
 

Author Closing Comment

by:leviatdr
ID: 35775502
We have moved on and this question is irrelevant to our current situation.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Synchronize a new Active Directory domain with an existing Office 365 tenant
This script can help you clean up your user profile database by comparing profiles to Active Directory users in a particular OU, and removing the profiles that don't match.
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

21 Experts available now in Live!

Get 1:1 Help Now