Modify VB script to run in OU instead of against entire domain

Posted on 2011-04-21
Last Modified: 2012-06-22
The solution posted at does exactly what I need, but on too wide a scale.  How would I modify the code posted to run against an OU instead of the entire domain?

Code reposted:
On Error Resume Next
Set filesys = CreateObject("Scripting.FileSystemObject") 
Set memberfile = filesys.CreateTextFile("members.txt", True)
strSpaces  = " "
set dicSeenGroupMember = CreateObject("Scripting.Dictionary")
Dim objConnection, objCommand, objRootDSE, strDNSDomain
Dim strFilter, strQuery, objRecordSet, gt
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOOBject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
'replace with DN of OU you want to use
Set objRootDSE = GetObject("LDAP://RootDSE")
'Get domain
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
'Define the filter elements
strFilter = "(&(objectCategory=group))"
'List all attributes you will require
strAttributes = "distinguishedName,sAMAccountName,groupType"
'compose query
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 99999
objCommand.Properties("Timeout") = 300
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
Do Until objRecordSet.EOF
    strDN = objRecordSet.Fields("distinguishedName")
    strSA = objRecordSet.Fields("sAMAccountName")
   gt = objRecordSet.Fields("groupType")
    If (gt And &h01) <> 0 Then
        Scope = "Built-in"
    ElseIf (gt And &h02) <> 0 Then
        Scope = "Global"
    ElseIf (gt And &h04) <> 0 Then
        Scope = "Local"
    ElseIf (gt And &h08) <> 0 Then
        Scope = "Universal"
    End If
   If (gt And &h80000000) <> 0 Then
        SecDst = "Security"
        SecDst = "Distribution"
    End If
    if SecDst = "Security" or secDst = "Distribution" then
       memberFile.writeline "Members of " & strSA & "(" & Scope & "+" & SecDst & ")"
       DisplayMembers "LDAP://" & strDN, strSpaces, dicSeenGroupMember
    end if
' Clean up.
Set objConnection = Nothing
Set objCommand = Nothing
Set objRootDSE = Nothing
Set objRecordSet = Nothing
Function DisplayMembers ( strGroupADsPath, strSpaces, dicSeenGroupMember)
   set objGroup = GetObject(strGroupADsPath)
   for each objMember In objGroup.Members
      memberFile.writeline strSpaces & objMember.Name & vbtab & objMember.mail
      if objMember.Class = "group" then
         if dicSeenGroupMember.Exists(objMember.ADsPath) then
            memberFile.writeline strSpaces & "   ^ already seen group member " & _
                                     "(stopping to avoid loop)"
            dicSeenGroupMember.Add objMember.ADsPath, 1
            DisplayMembers objMember.ADsPath, strSpaces & " ", _
         end if
      end if
End Function

Open in new window

Question by:Enphyniti
    LVL 58

    Accepted Solution


    On line 24, you have the following: strBase = "<LDAP://" & strDNSDomain & ">".

    This refers to the search base, which is the point at which the script is executing its search. Right now, strDNSDomain will resolve to the domain partition (the default naming context) and thus yield domain.local in LDAP form: DC=domain,DC=local.

    If you know the path of the OU you wish to be the base of your search, then adjust the strBase string thus:

    strBase = "<LDAP://OU=Users,OU=Company," & strDNSDomain & ">"

    That string would set a search base of the OU Users, within an OU of Company below the domain root.

    LVL 16

    Author Closing Comment

    Perfect!  As you can see, I'm no VB programmer.  I'm a pretty good scrounger though!
    LVL 58

    Expert Comment


    >> I'm a pretty good scrounger though!


    We're here to help! Thanks for the feedback.

    Featured Post

    6 Surprising Benefits of Threat Intelligence

    All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

    Join & Write a Comment

    Set OWA language and time zone in Exchange for individuals, all users or per database.
    Synchronize a new Active Directory domain with an existing Office 365 tenant
    In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
    The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now