IT-NYC
asked on
Find out if Active Directory 2003 schema has custom attributes
In preparation of Active Directory Upgrade from Windows 2003 R2 to Windows 2012 R2, I am trying to find if Active Directory schema has any unsupported customizations.
What is the best way to do it?
Thanks!
What is the best way to do it?
Thanks!
ASKER
Get error when trying to run it.
Posted to a question to the author (see below)
Experts,
Any other ideas?
-------------------------- ---------- ---------- --
I am trying to run your script on Windows 7 machine against Windows 2003 R2 forest. This is the error I get:
"At line:93 char:3
+ ' Set ADO connection
+ ~~~
Unexpected token 'Set' in expression or statement.
At line:102 char:58
+ objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~
Unexpected token 'LDAP://" & strDomain & "' WHERE objectCategory='user' AND samAccountName = '" & auser & "'"
'' in expression or statement.
At line:108 char:3
+ If DistName <> "" then
+ ~
Missing '(' after 'If' in if statement.
At line:108 char:14
+ If DistName <> "" then
+ ~
Missing file specification after redirection operator.
At line:108 char:13
+ If DistName <> "" then
+ ~
The '<' operator is reserved for future use.
At line:110 char:1
+ 'If distinguished Name is a null value ( null value for deleted users ) then suc ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~~~~ ~~~~
The string is missing the terminator: '.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordE xception
+ FullyQualifiedErrorId : UnexpectedToken"
Any advice will be appreciated. Thanks!"
Posted to a question to the author (see below)
Experts,
Any other ideas?
--------------------------
I am trying to run your script on Windows 7 machine against Windows 2003 R2 forest. This is the error I get:
"At line:93 char:3
+ ' Set ADO connection
+ ~~~
Unexpected token 'Set' in expression or statement.
At line:102 char:58
+ objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
Unexpected token 'LDAP://" & strDomain & "' WHERE objectCategory='user' AND samAccountName = '" & auser & "'"
'' in expression or statement.
At line:108 char:3
+ If DistName <> "" then
+ ~
Missing '(' after 'If' in if statement.
At line:108 char:14
+ If DistName <> "" then
+ ~
Missing file specification after redirection operator.
At line:108 char:13
+ If DistName <> "" then
+ ~
The '<' operator is reserved for future use.
At line:110 char:1
+ 'If distinguished Name is a null value ( null value for deleted users ) then suc ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~
The string is missing the terminator: '.
+ CategoryInfo : ParserError: (:) [], ParentContainsErrorRecordE
+ FullyQualifiedErrorId : UnexpectedToken"
Any advice will be appreciated. Thanks!"
I think we should be able to do it if we look for schema objects which are not part of the base.
This is still going to need some exploration because other systems which add attributes, such as Exchange, may not set this flag (unable to verify at this time). In addition, you may find this flag is not reliably set which will completely scupper this plan.
The following code is in PowerShell, your Windows 7 box will have that by default.
Chris
This is still going to need some exploration because other systems which add attributes, such as Exchange, may not set this flag (unable to verify at this time). In addition, you may find this flag is not reliably set which will completely scupper this plan.
The following code is in PowerShell, your Windows 7 box will have that by default.
$RootDSE = [ADSI]"LDAP://RootDSE"
$Schema = [ADSI]"LDAP://$($RootDSE.schemaNamingContext)"
$Searcher = [ADSISearcher]"(!(systemFlags:1.2.840.113556.1.4.803:=16))"
$Searcher.PageSize = 1000
$Searcher.SearchRoot = $Schema
$Searcher.FindAll() | ForEach-Object { $_.Properties['name'][0] }}
If that returns nothing, or everything, another method will have to be attempted.Chris
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I found the solution myself, posted the solution link
http://ad911.weebly.com/3/post/2011/11/find-custom-attributes-for-all-users-in-active-directory.html
If the link breaks, this is the contents:
Pre-Requisites:
1) Excel should be installed on the machine where this script would be executed
2) All the users in active directory should be dumped to " C:\scripts\Ad stale cleanup project\month1day1\StaleUs
--------------------------
--------------------------
On Error Resume next
Dim aUser,StrUser
Dim objExec,DistName,objUser,o
Dim objRootDSE,strDomain,objCo
Const ADS_SCOPE_SUBTREE = 2
Set Fso = CreateObject("Scripting.Fi
Set Fso = CreateObject("Scripting.Fi
'Create a txt file for stale computers
Dim objtxtFile
strlog= "C:\scripts\Ad stale cleanup project\month1day1\StaleUs
Set objtxtFSO=CreateObject("Sc
Set objtxtFile=objtxtFSO.Creat
If FSO.FileExists("C:\scripts
fso.DeleteFile "C:\scripts\Ad stale cleanup project\month1day1\CustomA
End If
Set objExcel = CreateObject("Excel.Applic
objExcel.Visible = False
Set objWorkbook = objExcel.Workbooks.Add()
Set objWorksheet = objWorkbook.Worksheets(1)
intRow = 2
objExcel.Cells(1, 1).Value = "Display Name"
objExcel.Cells(1, 2).Value = "extensionAttribute1"
objExcel.Cells(1, 3).Value = "extensionAttribute2"
objExcel.Cells(1, 4).Value = "extensionAttribute3"
objExcel.Cells(1, 5).Value = "extensionAttribute4"
objExcel.Cells(1, 6).Value = "extensionAttribute5"
objExcel.Cells(1, 7).Value = "extensionAttribute6"
objExcel.Cells(1, 8).Value = "extensionAttribute7"
objExcel.Cells(1, 9).Value = "extensionAttribute8"
objExcel.Cells(1, 10).Value = "extensionAttribute9"
objExcel.Cells(1, 11).Value = "extensionAttribute10"
objExcel.Cells(1, 12).Value = "extensionAttribute11"
objExcel.Cells(1, 13).Value = "extensionAttribute12"
objExcel.Cells(1, 14).Value = "extensionAttribute13"
objExcel.Cells(1, 15).Value = "extensionAttribute14"
objExcel.Cells(1, 16).Value = "extensionAttribute15"
objExcel.Cells(1, 2).Interior.ColorIndex = 27
objExcel.Cells(1, 5).Interior.ColorIndex = 27
objExcel.Cells(1, 6).Interior.ColorIndex = 27
objExcel.Cells(1, 1).Interior.ColorIndex = 27
objExcel.Cells(1, 7).Interior.ColorIndex = 27
objExcel.Cells(1, 8).Interior.ColorIndex = 27
objExcel.Cells(1, 3).Interior.ColorIndex = 27
objExcel.Cells(1, 4).Interior.ColorIndex = 27
objExcel.Cells(1, 9).Interior.ColorIndex = 27
objExcel.Cells(1, 10).Interior.ColorIndex = 27
objExcel.Cells(1, 11).Interior.ColorIndex = 27
objExcel.Cells(1, 12).Interior.ColorIndex = 27
objExcel.Cells(1, 13).Interior.ColorIndex = 27
objExcel.Cells(1, 14).Interior.ColorIndex = 27
objExcel.Cells(1, 15).Interior.ColorIndex = 27
objExcel.Cells(1, 16).Interior.ColorIndex = 27
objExcel.Cells(1, 2).font.bold = True
objExcel.Cells(1, 5).font.bold = True
objExcel.Cells(1, 6).font.bold = True
objExcel.Cells(1, 1).font.bold = True
objExcel.Cells(1, 7).font.bold = True
objExcel.Cells(1, 8).font.bold = True
objExcel.Cells(1, 3).font.bold = True
objExcel.Cells(1, 4).font.bold = True
objExcel.Cells(1, 9).font.bold = True
objExcel.Cells(1, 10).font.bold = True
objExcel.Cells(1, 11).font.bold = True
objExcel.Cells(1, 12).font.bold = True
objExcel.Cells(1, 13).font.bold = True
objExcel.Cells(1, 14).font.bold = True
objExcel.Cells(1, 15).font.bold = True
objExcel.Cells(1, 16).font.bold = True
objexcel.Selection.Autofil
Set oFS = CreateObject("Scripting.Fi
Set objShell = CreateObject("WScript.Shel
InputFile = "C:\scripts\Ad stale cleanup project\month1day1\AllUser
Set f = oFS.OpenTextFile(InputFile
StrUser = f.ReadAll
f.Close
arrUsers = Split(StrUser,vbCrLf)
For Each aUser in arrUsers
Set objRootDSE = GetObject("LDAP://RootDSE"
strDomain = objRootDSE.Get("DefaultNam
' Set ADO connection
Set objConnection = CreateObject("ADODB.Connec
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
' Set ADO command
Set objCommand = CreateObject("ADODB.Comman
Set objCommand.ActiveConnectio
objCommand.Properties("Sea
objCommand.CommandText = "SELECT distinguishedName FROM 'LDAP://" & strDomain & "' WHERE objectCategory='user' AND samAccountName = '" & auser & "'"
' Set recordset to hold the query result
Set objRecordSet = objCommand.Execute
DistName = objRecordSet.Fields("disti
If DistName <> "" then
'If distinguished Name is a null value ( null value for deleted users ) then such users are not processed.
set objUser = GetObject("LDAP://" & DistName)
set objLogon = objUser.Get("lastLogontime
ext1 = objUser.Get("extensionAttr
ext2 = objUser.Get("extensionAttr
ext3 = objUser.Get("extensionAttr
ext4 = objUser.Get("extensionAttr
ext5 = objUser.Get("extensionAttr
ext6 = objUser.Get("extensionAttr
ext7 = objUser.Get("extensionAttr
ext8 = objUser.Get("extensionAttr
ext9 = objUser.Get("extensionAttr
ext10 = objUser.Get("extensionAttr
ext11 = objUser.Get("extensionAttr
ext12 = objUser.Get("extensionAttr
ext13 = objUser.Get("extensionAttr
ext14 = objUser.Get("extensionAttr
ext15 = objUser.Get("extensionAttr
CoMN = objUser.Get("cn")
objExcel.Cells(intRow, 2).Value = ext1
objExcel.Cells(intRow, 5).Value = ext4
objExcel.Cells(intRow, 6).Value = ext5
objExcel.Cells(intRow, 1).Value = CoMN
objExcel.Cells(intRow, 7).Value = ext6
objExcel.Cells(intRow, 8).Value = ext7
objExcel.Cells(intRow, 3).Value = ext2
objExcel.Cells(intRow, 4).Value = ext3
objExcel.Cells(intRow, 9).Value = ext8
objExcel.Cells(intRow, 10).Value = ext9
objExcel.Cells(intRow, 11).Value = ext10
objExcel.Cells(intRow, 12).Value = ext11
objExcel.Cells(intRow, 13).Value = ext12
objExcel.Cells(intRow, 14).Value = ext13
objExcel.Cells(intRow, 15).Value = ext14
objExcel.Cells(intRow, 16).Value = ext15
intRow = intRow + 1
End If
objBB = Null
objBBC = Null
div = Null
aUser = Null
Country = Null
DistName = Null
StaleDate = Null
CoMN = Null
Next
objexcel.Cells.EntireColum
objexcel.Cells.EntireRow.A
objWorkbook.SaveAs "C:\scripts\Ad stale cleanup project\month1day1\CustomA
objExcel.Quit
MsgBox "Script Executed. Please check the output."