[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 436
  • Last Modified:

Modify VB script to run in OU instead of against entire domain

The solution posted at http://www.experts-exchange.com/Software/Server_Software/Email_Servers/Exchange/Q_23309463.html does exactly what I need, but on too wide a scale.  How would I modify the code posted to run against an OU instead of the entire domain?

Code reposted:
On Error Resume Next
Set filesys = CreateObject("Scripting.FileSystemObject") 
Set memberfile = filesys.CreateTextFile("members.txt", True)
strSpaces  = " "
set dicSeenGroupMember = CreateObject("Scripting.Dictionary")
Dim objConnection, objCommand, objRootDSE, strDNSDomain
Dim strFilter, strQuery, objRecordSet, gt
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOOBject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
'replace with DN of OU you want to use
Set objRootDSE = GetObject("LDAP://RootDSE")
'Get domain
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
'Define the filter elements
strFilter = "(&(objectCategory=group))"
'List all attributes you will require
strAttributes = "distinguishedName,sAMAccountName,groupType"
'compose query
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 99999
objCommand.Properties("Timeout") = 300
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
Do Until objRecordSet.EOF
    strDN = objRecordSet.Fields("distinguishedName")
    strSA = objRecordSet.Fields("sAMAccountName")
   gt = objRecordSet.Fields("groupType")
    If (gt And &h01) <> 0 Then
        Scope = "Built-in"
    ElseIf (gt And &h02) <> 0 Then
        Scope = "Global"
    ElseIf (gt And &h04) <> 0 Then
        Scope = "Local"
    ElseIf (gt And &h08) <> 0 Then
        Scope = "Universal"
    End If
   If (gt And &h80000000) <> 0 Then
        SecDst = "Security"
        SecDst = "Distribution"
    End If
    if SecDst = "Security" or secDst = "Distribution" then
       memberFile.writeline "Members of " & strSA & "(" & Scope & "+" & SecDst & ")"
       DisplayMembers "LDAP://" & strDN, strSpaces, dicSeenGroupMember
    end if
' Clean up.
Set objConnection = Nothing
Set objCommand = Nothing
Set objRootDSE = Nothing
Set objRecordSet = Nothing
Function DisplayMembers ( strGroupADsPath, strSpaces, dicSeenGroupMember)
   set objGroup = GetObject(strGroupADsPath)
   for each objMember In objGroup.Members
      memberFile.writeline strSpaces & objMember.Name & vbtab & objMember.mail
      if objMember.Class = "group" then
         if dicSeenGroupMember.Exists(objMember.ADsPath) then
            memberFile.writeline strSpaces & "   ^ already seen group member " & _
                                     "(stopping to avoid loop)"
            dicSeenGroupMember.Add objMember.ADsPath, 1
            DisplayMembers objMember.ADsPath, strSpaces & " ", _
         end if
      end if
End Function

Open in new window

Jon Brelie
Jon Brelie
  • 2
1 Solution

On line 24, you have the following: strBase = "<LDAP://" & strDNSDomain & ">".

This refers to the search base, which is the point at which the script is executing its search. Right now, strDNSDomain will resolve to the domain partition (the default naming context) and thus yield domain.local in LDAP form: DC=domain,DC=local.

If you know the path of the OU you wish to be the base of your search, then adjust the strBase string thus:

strBase = "<LDAP://OU=Users,OU=Company," & strDNSDomain & ">"

That string would set a search base of the OU Users, within an OU of Company below the domain root.

Jon BrelieSystem ArchitectAuthor Commented:
Perfect!  As you can see, I'm no VB programmer.  I'm a pretty good scrounger though!

>> I'm a pretty good scrounger though!


We're here to help! Thanks for the feedback.

Featured Post

Has Powershell sent you back into the Stone Age?

If managing Active Directory using Windows Powershell® is making you feel like you stepped back in time, you are not alone.  For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now