Solved

LDAP LookUp via VBScript

Posted on 2012-04-03
8
593 Views
Last Modified: 2012-04-19
I need to search Active Directory by last name or email and pull the employeeID attribute which is a hidden attribute and the users mobile phone. I am able to pull the mobile phone but I can't seem to pull the employeeID attribute.
0
Comment
Question by:m_travis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 35

Expert Comment

by:Joseph Daly
ID: 37802619
If your are just looking to get this information and it doesnt need to be in VB then you can use the Quest cmdlets to get what you are looking for. The command below should work for you.

get-qaduser -lastname "lastname" -includeallproperties | select-object employeeid, mobile
0
 
LVL 16

Expert Comment

by:carsRST
ID: 37802636
You'll have to play with the attributes but here are a couple of functions I use.

You'll set a reference to "Active DS Type Library"

Fill in your domain name.

Public Function isEmployee(ByVal usernameToCheck As String) As Boolean

    On Error GoTo errH

    Dim user As IADsUser

    Dim grp As Object
   
    Set user = GetObject("WinNT://" & DomainName & "/" & usernameToCheck & ",user")

    isEmployee = True
Exit Function
errH:
    If Err.Number = -2147022675 Then
        isEmployee = False
        Exit Function
    End If
    Err.Raise Err.Number, , Err.Description
End Function




Public Function getUserInfo(ByVal usernameToCheck As String) As String
    On Error GoTo errH

    Dim user As IADsUser

    Dim grp As Object

    Set user = GetObject("WinNT://" & DomainName & "/" & usernameToCheck & ",user")

    retVal = ""
    
    retVal = retVal & user.FullName & vbCrLf & user.Description
    
    getUserInfo = retVal
    
Exit Function
errH:
    If Err.Number = -2147022675 Then
        getUserInfo = "Not a valid user"
        Exit Function
    End If
    Err.Raise Err.Number, , Err.Description
End Function

Open in new window

0
 
LVL 56

Expert Comment

by:Bill Prew
ID: 37802681
I apologize if you truly need a VBS scripting solution, but I use this tool often enough for simple queries like this that I have to mention it.  You might take a look at the free ADFIND utility at the following location, great for this stuff.

http://www.joeware.net/freetools/tools/adfind/index.htm

~bp
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 1

Author Comment

by:m_travis
ID: 37802954
I am getting this error
"Error: Item cannot be found in the collection corresponding to the requested name or ordinal."

Here is the code
Option Explicit

Dim adoCommand, adoConnection, strBase, strFilter, strAttributes, strEmail
Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strName, strMobile

' Prompt for email address.
strEmail = InputBox("Enter email address of user")

' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection

' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"

' Filter on user with specified email address.
strFilter = "(mail=" & strEmail & ")"

' Comma delimited list of attribute values to retrieve.
strAttributes = "sAMAccountName,mobile"

' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 200
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

' Run the query.
Set adoRecordset = adoCommand.Execute

' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
  ' Retrieve values and display.
  strName = adoRecordset.Fields("sAMAccountName").Value
  strMobile = adoRecordset.Fields("mobile").Value
  strEmployeeID = adoRecordSet.Fields("employeeID").Value
  Wscript.Echo "NT Name: " & strName & ", Mobile phone number: " & strMobile & ", Employee ID:" & strEmployeeID
  ' Move to the next record in the recordset.
  adoRecordset.MoveNext
Loop

' Clean up.
adoRecordset.Close
adoConnection.Close

Open in new window

0
 
LVL 65

Expert Comment

by:RobSampson
ID: 37803868
That error is because you are trying to extract "employeeID" with this line:
  strEmployeeID = adoRecordSet.Fields("employeeID").Value


but you're not querying for it with this line:
strAttributes = "sAMAccountName,mobile"

so change that line to:
strAttributes = "sAMAccountName,mobile,employeeID"

and you should be fine.

Regards,

Rob.
0
 
LVL 1

Author Comment

by:m_travis
ID: 37833943
Error Message
That is the error I am getting
0
 
LVL 65

Accepted Solution

by:
RobSampson earned 500 total points
ID: 37835274
Sorry, we forgot to declare it.  Try this.

Rob.

Option Explicit

Dim adoCommand, adoConnection, strBase, strFilter, strAttributes, strEmail
Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strName, strMobile, strEmployeeID

' Prompt for email address.
strEmail = InputBox("Enter email address of user")

' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection

' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"

' Filter on user with specified email address.
strFilter = "(mail=" & strEmail & ")"

' Comma delimited list of attribute values to retrieve.
strAttributes = "sAMAccountName,mobile,employeeID"

' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 200
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

' Run the query.
Set adoRecordset = adoCommand.Execute

' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
  ' Retrieve values and display.
  strName = adoRecordset.Fields("sAMAccountName").Value
  strMobile = adoRecordset.Fields("mobile").Value
  strEmployeeID = adoRecordSet.Fields("employeeID").Value
  Wscript.Echo "NT Name: " & strName & ", Mobile phone number: " & strMobile & ", Employee ID:" & strEmployeeID
  ' Move to the next record in the recordset.
  adoRecordset.MoveNext
Loop

' Clean up.
adoRecordset.Close
adoConnection.Close

Open in new window

0
 
LVL 1

Author Closing Comment

by:m_travis
ID: 37866883
Thank you so much for all the help with this question. One day I will get better at writing VBScripts.
0

Featured Post

Interactive Way of Training for the AWS CSA Exam

An interactive way of learning that will help you visualize core concepts so that you can be more effective when taking your AWS certification exam.  Built for students by a student to help them understand the concepts that they are being taught.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Group policies can be applied selectively to specific devices with the help of groups. Utilising this, it is possible to phase-in group policies, over a period of time, by randomly adding non-members user or computers at a set interval, to a group f…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question