Does anyone know of a way to find the GUID of a specific GPO given its name using VBScript? I've seen a lot of examples to go from a GUID to a GPO, but not the other way around.
Use an LDAP query that filters for a given display name. The name attribute of the GPO contains the GUID.
displayName = "..."
domain = GetObject("LDAP://rootDSE").Get("defaultNamingContext")
Set cn = CreateObject("ADODB.Connection")
cn.Provider = "ADsDSOObject"
cn.Open "Active Directory Provider"
Set cmd = CreateObject("ADODB.Command")
Set cmd.ActiveConnection = cn
cmd.CommandText = "SELECT name " & _
"FROM 'LDAP://CN=Policies,CN=System," & domain & "' " & _
"WHERE objectClass = 'groupPolicyContainer' AND " & _
"displayName = '" & displayName & "'"
Set rs = cmd.Execute
Do Until rs.EOF
WScript.Echo rs.Fields("name").Value
rs.MoveNext
Loop
Related
I am loosing my hair on VBScript. How the heck can I pass a reference as return value of a function?
Currently my code looks like this:
Set objUser = FindUser("bendert")
REM Searches Directory for the User
Function FindUser(UserLoginName)
Wscript.Echo "Querying AD to retrieve user-data"
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
'Get user Using LDAP/ADO. There is an easier way
'to bind to a user object using the WinNT provider,
'but this way is a better for educational purposes
Set oRoot = GetObject("LDAP://rootDSE")
'work in the default domain
sDomain = oRoot.Get("defaultNamingContext")
Set oDomain = GetObject("LDAP://" & sDomain)
sBase = "<" & oDomain.ADsPath & ">"
'Only get data for login name requested
sFilter = "(&(sAMAccountName="& UserLoginName &")(objectClass=user))"
sAttribs = "adsPath"
sDepth = "subTree"
sQuery = sBase & ";" & sFilter & ";" & sAttribs & ";" & sDepth
WScript.Echo "LDAP Query is:" & sQuery &""
objCommand.CommandText=sQuery
Set objRecordSet = objCommand.Execute
FindUser = GetObject(objRecordSet.Fields("adspath"))
WScript.Echo "You E-Mail Address is: " & objUser.EmailAddress
objConnection.Close
End Function
Unfortunatley VBScript throws an error on the line where I make an assignment to the function's return value.
FindUser = GetObject(objRecordSet.Fields("adspath"))
The Error looks like "wrong number of arguments or invalid property assignment".
What am I doing wrong?
Looks like you need:
Set FindUser = GetObject(objRecordSet.Fields("adspath"))
Set FindUser = ...
http://msdn.microsoft.com/en-us/library/4afksd44%28VS.85%29.aspx
I am creating a script that will allow me to enter a username in our domain, and have it look up attributes from their AD profile.
So first I am getting the users' DN. Once I have that - I can run;
Set objAD = CreateObject("ADSystemInfo")
Set objUser = GetObject("LDAP://" & ***I NEED DN HERE***)
and query specific attributes to be output.
So what I need to do is somehow get the DN into a variable to put into the LDAP query. I know (I think) I need to get it from the Do Loop below, but am having a complete blank and can't figure out how to just put the whole DN into a variable.
Username = InputBox("Enter UserName to lookup...")
Set rootDSE = GetObject("LDAP://RootDSE")
base = "<LDAP://" & rootDSE.Get("defaultNamingContext") & ">"
fltr = "(&(objectClass=user)(objectCategory=Person)" & "(sAMAccountName=" & UserName & "))"
attr = "distinguishedName,sAMAccountName"
scope = "subtree"
Set conn = CreateObject("ADODB.Connection")
conn.Provider = "ADsDSOObject"
conn.Open "Active Directory Provider"
Set cmd = CreateObject("ADODB.Command")
Set cmd.ActiveConnection = conn
cmd.CommandText = base & ";" & fltr & ";" & attr & ";" & scope
Set rs = cmd.Execute
Do Until rs.EOF
WScript.Echo rs.Fields("distinguishedName").Value
rs.MoveNext
Loop
rs.Close
conn.Close
In case anyone has the same problem - it was an easy fix.
Just needed to write it to a variable instead of echoing.
Do Until rs.EOF
strDN = rs.Fields("distinguishedname").value
rs.MoveNext
Loop
Set objDomain = GetObject("WinNT://abc.local")
For each objDomainItem in objDomain
if objDomainItem.Class = "User" then
'WScript.echo "Name: " & objDomainItem.Name + " : Full Name: " + objDomainItem.FullName
Set objUser = Nothing
err.clear
Set objUser = GetObject("LDAP://cn=" & objDomainItem.FullName & ",OU=IS, OU=Users, OU=ABC Company, DC=ABC, dc=local")
if err.number = 0 then
wscript.echo "distinguishedName: " & objUser.distinguishedName
end if
end if
Next
Right now, this works fine to list all users in the IS department (OU=IS). But when I take out "OU=IS" to list all users in all departments, it returns nothing; no user objects at all. The only way it will return the user object for the given fullName is if I also specify the OU that that user is contained in; but I do not have the OU to supply it.
Our AD structure is
ABC Company --> Users --> IS
ABC Company --> Users --> FINANCE
ABC Company --> Users --> Management
ABC Company --> Users --> Flight Operations
etc etc etc
I want to use the code above to enumerate all users from the "Users" level, down through ALL departments, but again, as soon as I remove "OU=IS", it returns nothing.
Any help?
Do a query with scope Subtree using an ADODB.Connection and an ADODB.Command object:
base = "<LDAP://OU=Users,OU=ABC Company,DC=ABC,DC=local>"
fltr = "(&(objectClass=user)(objectCategory=Person))"
attr = "distinguishedName,sAMAccountName"
scope = "subtree"
Set cn = CreateObject("ADODB.Connection")
cn.Provider = "ADsDSOObject"
cn.Open "Active Directory Provider"
Set cmd = CreateObject("ADODB.Command")
Set cmd.ActiveConnection = cn
cmd.CommandText = base & ";" & fltr & ";" & attr & ";" & scope
Set rs = cmd.Execute
Do Until rs.EOF
WScript.Echo rs.Fields("distinguishedName").Value
WScript.Echo rs.Fields("sAMAccountName").Value
rs.MoveNext
Loop
Add other attributes to attr as required (the variable contains a list of attribute names as a comma-separated string).
Since these queries require the same boilerplate code every time, I got fed up with writing it over and over again some time ago and wrapped it in a custom class (ADQuery) to simplify its usage:
'<-- paste or include class code here
Set qry = New ADQuery
qry.SearchBase = "OU=Users,OU=ABC Company,DC=ABC,DC=local"
qry.Attributes = Array("distinguishedName", "sAMAccountName")
Set rs = qry.Execute
Do Until rs.EOF
WScript.Echo rs.Fields("distinguishedName").Value
WScript.Echo rs.Fields("sAMAccountName").Value
rs.MoveNext
Loop
I want to know is there any script to check if the machine is present in AD or not. Like say i have a machine named XYZ and I want to check if this machine is in AD or not.
Using VBScript how do I do this?
I am new to LDAP.
If your AD is a Windows Server 2008 or 2008 R2 take a look at Dsquery Computer
Use : Dsquery computer -name MyComputer
However, you can try using ADODB
Or this example : (sample from VBsedit)
' List All Computer Accounts in Active Directory
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = _
"Select Name, Location from 'LDAP://DC=fabrikam,DC=com' " _
& "Where objectClass='computer'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
Wscript.Echo "Computer Name: " & objRecordSet.Fields("Name").Value
Wscript.Echo "Location: " & objRecordSet.Fields("Location").Value
objRecordSet.MoveNext
Loop
You can find an example here.. You need to use the WSCript.Network
http://social.technet.microsoft.com/Forums/windowsserver/en-US/58aea18c-d5ff-48a7-bc76-5bd64183ba8c/use-vbscript-to-query-ad-for-computer-account?forum=winserverDS
I am loosing my hair on VBScript. How the heck can I pass a reference as return value of a function?
Currently my code looks like this:
Set objUser = FindUser("bendert")
REM Searches Directory for the User
Function FindUser(UserLoginName)
Wscript.Echo "Querying AD to retrieve user-data"
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
'Get user Using LDAP/ADO. There is an easier way
'to bind to a user object using the WinNT provider,
'but this way is a better for educational purposes
Set oRoot = GetObject("LDAP://rootDSE")
'work in the default domain
sDomain = oRoot.Get("defaultNamingContext")
Set oDomain = GetObject("LDAP://" & sDomain)
sBase = "<" & oDomain.ADsPath & ">"
'Only get data for login name requested
sFilter = "(&(sAMAccountName="& UserLoginName &")(objectClass=user))"
sAttribs = "adsPath"
sDepth = "subTree"
sQuery = sBase & ";" & sFilter & ";" & sAttribs & ";" & sDepth
WScript.Echo "LDAP Query is:" & sQuery &""
objCommand.CommandText=sQuery
Set objRecordSet = objCommand.Execute
FindUser = GetObject(objRecordSet.Fields("adspath"))
WScript.Echo "You E-Mail Address is: " & objUser.EmailAddress
objConnection.Close
End Function
Unfortunatley VBScript throws an error on the line where I make an assignment to the function's return value.
FindUser = GetObject(objRecordSet.Fields("adspath"))
The Error looks like "wrong number of arguments or invalid property assignment".
What am I doing wrong?
Looks like you need:
Set FindUser = GetObject(objRecordSet.Fields("adspath"))
Set FindUser = ...
http://msdn.microsoft.com/en-us/library/4afksd44%28VS.85%29.aspx