VBScript: Query AD for Groups

Discussion in 'Scripting & Programming' started by Fergal1982, Jun 19, 2006.

  1. Fergal1982

    Fergal1982 Petabyte Poster

    4,196
    172
    211
    ok guys, here is the first of my scripts. this one allows searching of AD for groups using wildcard searching, without having to resort to dsquery

    Code:
    Code:
    ADS_CHASE_REFERRALS_NEVER = &00
    ADS_CHASE_REFERRALS_SUBORDINATE = &20
    ADS_CHASE_REFERRALS_EXTERNAL = &40
    ADS_CHASE_REFERRALS_ALWAYS = &60
    ADS_SCOPE_BASE = 0
    ADS_SCOPE_ONELEVEL = 1
    ADS_SCOPE_SUBTREE = 2
    Call Main()
    
    wscript.quit
    
    
    '##############################Main#################################################
    Function Main()
    
    n = 0
    Set RootDSE = GetObject("[url="ldap://RootDSE"]LDAP://RootDSE[/url]")
    groupDN = "ou=people,DC=testing,DC=int,DC=test,DC=com"
     
    'Initialize ADO connection
    Set connection = CreateObject("ADODB.Connection")
    connection.Provider = "ADsDSOObject"
    connection.open
    Set command = CreateObject("ADODB.Command")
    Set command.ActiveConnection = connection
    Command.Properties("Page Size") = 1000
    Command.Properties("Timeout") = 30
    Command.Properties("searchscope") = ADS_SCOPE_SUBTREE
    Command.Properties("Chase referrals") =   ADS_CHASE_REFERRALS_NEVER
    Command.Properties("Cache Results") = False
    set WshShell = WScript.CreateObject("WScript.Shell")
    strRecord = Inputbox("Input Search Criteria (Do not enter Wildcards)" & VBCRLF & "Hint: Less is More","Search Criteria")
    
    if strRecord <> "" then
    
      command.CommandText = "SELECT name FROM " & "'LDAP://" & groupDN &"' WHERE   name='*" & strrecord & "*' and objectcategory='group'"
    
    	Set rs = command.Execute
    	on error resume next
    	do until rs.EOF
    	  if lcase(right(rs.fields("name"), 2)) <> "_l" then
    		strResults = strResults & "<br /> " & rs.fields("name")
    		n = n + 1
    	  end if
    
    	if err.number <> 0 then
    	  msgbox "Error: " & err.number & " occurred." & VBCRLF & err.description & VBCRLF & "Contact a Scripter for Assistance",48,"Script Error"
    	  err.clear
    	  wscript.quit
    	end if
    	rs.movenext
      loop
      on error goto 0
    
    
      if n <> 0 then
    	Call Results(("<B><Big>Results:</Big></B><br /><br />" & strResults &" <br /> <br /><small><i> " & n & " Results Found.</i></small>"))
      else
    	Call Results(("<B><Big>Results:</Big></B><br /><br /> No Matches Found<br /> <br /><small><i> " & n & " Results Found.</i></small>"))
      end if
    
    end if
    
    End Function
    '################################################################################
    
    
    '#########################Results##################################################
    Function Results(Input)
    
    On Error Resume Next
    strComputer = "."
    Set objWMIService = GetObject("Winmgmts:\\" & strComputer & "\root\cimv2")
    Set colItems = objWMIService.ExecQuery("Select * From Win32_DesktopMonitor")
    For Each objItem in colItems
    	intHorizontal = objItem.ScreenWidth
    	intVertical = objItem.ScreenHeight
    Next
    
    Set objExplorer = CreateObject _
    	("InternetExplorer.Application")
    
    objExplorer.Navigate "about:blank"
    objExplorer.ToolBar = 0
    objExplorer.StatusBar = 0
    objExplorer.Left = (intHorizontal - 400) / 2
    objExplorer.Top = (intVertical - 200) / 2
    objExplorer.Width = 400
    objExplorer.Height = 400
    objExplorer.Visible = 1
    
    objExplorer.Document.Title = "Search Results"
    objExplorer.Document.Body.InnerHTML = Input
    On error goto 0
    
    End Function
    the line
    Code:
    groupDN = "ou=people,DC=testing,DC=int,DC=test,DC=com"
    needs to point to where your groups are kept - in this case its the people OU in the domain testing.int.test.com.

    Code:
    if lcase(right(rs.fields("name"), 2)) <> "_l" then
    you may want to take this IF case out, or change it - in our domain "_l" at the end of the groupname indicates a local group. in the case of this program i didnt want these groups to be listed, since our people dont do anything with them (they use the appropriate global group).

    Code:
    Command.Properties("searchscope") = ADS_SCOPE_SUBTREE
    this line indicates that the search should check the subdirectories of the listed OU/area - you can set this to ADS_SCOPE_ONELEVEL to set it to just check the named folder.

    I'll admit there are a few portions that i dont fully understand, having taken some of it from another script, but it does work. I also have to give credit to the guys in my app support team and my colleague, both of whom helped me put this together for the portions i didnt understand

    Usage:
    Save the above code, with appropriate modifications as a .vbs file. Double-click on the file and this will run the script (assuming you have cscript installed), and bring up the search box

    EG.
    Groupname Test_Bluebottle_Project_Access

    If you know that the group contains the word bluebottle, but arent sure if its Blue_Bottle or BlueBottle, or some other variation, and have no idea what the group starts with, enter "blue" into the search dialogue. This will then search AD for all the groups which contain Blue in their name and output this list to an IE window (Yes i know it would be much nicer to output to the default browser - but the output is from a script from MS and im not clued up enough to modify it appropriately at this time - thats for a later modification).

    Let me know what you guys think.

    Fergal
     
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present
  2. simongrahamuk
    Honorary Member

    simongrahamuk Hmmmmmmm?

    6,205
    136
    199
    None of that makes any sense to me but it sure looks good! :biggrin
     
  3. zimbo
    Honorary Member

    zimbo Petabyte Poster

    5,215
    99
    181
    ill give it a go tonight and let you know! :D
     
    Certifications: B.Sc, MCDST & MCSA
    WIP: M.Sc - Computer Forensics
  4. d-Faktor
    Honorary Member

    d-Faktor R.I.P - gone but never forgotten.

    810
    0
    39
    nice, although it's not working for me. i'll have a closer look at the code when i have some time to find out why it fails for me.
     
  5. Fergal1982

    Fergal1982 Petabyte Poster

    4,196
    172
    211
    whats happening when you run it? are you getting an error or just no results?
     
    Certifications: ITIL Foundation; MCTS: Visual Studio Team Foundation Server 2010, Administration
    WIP: None at present
  6. d-Faktor
    Honorary Member

    d-Faktor R.I.P - gone but never forgotten.

    810
    0
    39
    0 results. no biggie. i'll go over the code one of these days. i'm just too swamped with work to be bothered right now. no offence. :oops:
     

Share This Page

Loading...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.