A personal repository of random information in compensation for a fatigued biological computer
http://www.selfadsi.org
http://www.computerperformance.co.uk/Logon/LDAP_attributes_active_directory.htm
Function Main()
Dim sysinfo
Set sysinfo = CreateObject("ADSystemInfo")
Debug.Print sysinfo.UserName
Set wshshell = CreateObject("Wscript.Shell")
Set objnetwork = CreateObject("Wscript.Network")
DomainString = objnetwork.UserDomain
UserString = objnetwork.UserName
Debug.Print DomainString
Debug.Print UserString
' Set UserObj = GetObject("WinNT://" & DomainString & "/" & UserString)
Set UserObj = GetObject("WinNT://" & DomainString & "/" & "bradenaa")
MsgBox UserObj.FullName
Office = "Unknown"
For Each GroupObj In UserObj.Groups
Select Case (GroupObj.Name)
Case "Dunedin"
Office = "Dunedin"
Case "Wellington"
Office = "Wellington"
Case "Christchurch"
Office = "Christchurch"
Case "Auckland"
Office = "Auckland"
Case Else
End Select
Next
MsgBox Office
End Function
WshNetwork Object
http://msdn.microsoft.com/en-us/library/s6wt333f%28VS.85%29.aspx
Active Directory Service Interfaces
http://msdn.microsoft.com/en-us/library/aa772170%28VS.85%29.aspx
http://www.15seconds.com/issue/020130.htm:
ADSI scripts
1.Domain Computers
1.1 Display all domains in the server NameSpace
Sub PullAllDomains
Dim objNameSpace
Dim Domain
Set objNameSpace = GetObject("WinNT:")
For Each Domain in Namespace
Response.Write Domain.Name
Next
End sub
1.2 Display all Connected Computers on the Primary Domain Controller
Sub PullAllComputers(strDomain)
Dim PrimDomainContr
Set PrimDomainContr = getobject("WinNT://" & strDomain)
PrimDomainContr.filter = Array("Computer")
For each Computer in PrimDomainContr
Reponse.write Computer.Name
Next
End sub
1.3 Remove a Connected Computer from a Primary Domain Controller
Sub DelComputerFromPDC(strDomain,strDelComputer)
Dim PrimDomainContr
Set PrimDomainContr = getobject("WinNT://" & strDomain)
Call PrimDomainContr.Delete("Computer", strDelComputer)
End Sub
2. Computer Users
2.1 Display all user accounts
sub PullAllUsers(strDomain)
Dim Computer
Dim User
Set Computer = GetObject("WinNT://" & strDomain)
Computer.Filter = Array("User")
For Each User in Computer
Response.Write User.Name
Next
End Sub
2.2 Display Minimum Password Age
Sub DispMinPassAge(strDomain)
Dim Computer
Set Computer = GetObject("WinNT://" & strDomain)
Response.Write ((Computer.MinPasswordAge) / 86400)
End Sub
2.3 Display Minimum Password Length
Sub DispMinPassLength(strDomain)
Dim Computer
Set Computer= GetObject("WinNT://" & strDomain)
Response.Write Computer.MinPasswordLength
End Sub
2.4 Display Password History Length
Sub DispPassHisLength(strDomain)
Dim Computer
Set Computer = GetObject("WinNT://" & strDomain)
Response.Write Domain.PasswordHistoryLength
End Sub
2.5 Display Auto Unlock Interval
Sub DispAutoUnlock(strDomain)
Dim Computer
Set Computer = GetObject("WinNT://" & strDomain)
Response.Write Computer.AutoUnlockInterval
End Sub
2.6 Display Lockout Observation Interval
Sub DispAutoUnlockObservation(strDomain)
Dim Computer
Set Computer = GetObject("WinNT://" & strDomain)
Response.Write Computer.LockOutObservationInterval
End Sub
3. Computer Groups
3.1 Display All Groups
Sub PullAllGroups(strDomain)
Dim Computer
Dim Group
Set Computer = GetObject("WinNT://" & strDomain)
Computer.Filter = Array("Group")
For Each Group in Computer
Response.Write Group.Name
Next
End Sub
4. User Specific Fields
4.1 Display User Fullname
Sub PullUserFullname(strDomain,strUser)
Dim User
Set User = GetObject("WinNT://" & strDomain & "/" & strUser & ",user")
Response.write User.Fullname
End sub
4.2 Display User Description
Sub PullUserDescription(strDomain,strUser)
Dim User
Set User = GetObject("WinNT://" & strDomain & "/" & strUser & ",user")
Response.write User.Description
End sub
4.3 Display User Must Change Password Flag
Sub PullUserMustChangePass(strDomain,strUser)
Dim User
Set User = GetObject("WinNT://" & strDomain & "/" & strUser & ",user")
Response.write User.Get("PasswordExpired") '// 1 Means the Password Expired
End Sub
4.4 Display User Can't Change Password Flag
Sub PullUserCannotChangePass(strDomain,strUser)
Dim User
Dim Flags
Set User = GetObject("WinNT://" & strDomain & "/" & strUser & ",user")
Flags = User.Get("UserFlags")
Response.write Flags And &H00040 '// 0 Means that user CAN change pass
End sub
4.5 Display Password Never Expires Flag
Sub PullPassNeverExpires(strDomain,strUser)
Dim User
Dim Flags
Set User = GetObject("WinNT://" & strDomain & "/" & strUser & ",user")
Flags = User.Get("UserFlags")
Response.write Flags And &H10000 '// 0 Means that Password DOES expire
End sub
4.6 Display User Password Minimum Length
Sub PullUserPassMinLength(strDomain,strUser)
Dim User
Set User = GetObject("WinNT://" & strDomain & "/" & strUser & ",user")
Response.Write User.PasswordMinimumLength
End Sub
4.7 Display User Password Required
Sub PullUserPassRequired(strDomain,strUser)
Dim User
Set User = GetObject("WinNT://" & strDomain & "/" & strUser & ",user")
Response.Write User.PasswordRequired
End Sub
4.8 Display User Account Disabled Flag
Sub PullUserAccountDisabled(strDomain,strUser)
Dim User
Set User = GetObject("WinNT://" & strDomain & "/" & strUser & ",user")
Response.Write User.AccountDisabled
End Sub
4.9 Display User Account Lockout Flag
Sub PullUserAccountLockout(strDomain,strUser)
Dim User
Set User = GetObject("WinNT://" & strDomain & "/" & strUser & ",user")
Response.Write User.IsAccountLocked
End Sub
4.10 Display User Account Type
Sub PullUserAccountType(strDomain,strUser)
Dim User
Dim Flags
Set User = GetObject("WinNT://" & strDomain & "/" & strUser & ",user")
Flags = User.Get("UserFlags")
Response.write Flags And &H100 '// 0 Means that account is GLOBAL
End sub
4.11 Display User Profile Path
Sub PullUserProfilePath(strDomain,strUser)
Dim User
Set User = GetObject("WinNT://" & strDomain & "/" & strUser & ",user")
Response.Write User.Profile
End Sub
4.12 Display User Login Script
Sub PullUserLoginScript(strDomain,strUser)
Dim User
Set User = GetObject("WinNT://" & strDomain & "/" & strUser & ",user")
Response.Write User.LoginScript
End Sub
4.13 Display User Home Directory Path
Sub PullUserHomeDirPath(strDomain,strUser)
Dim User
Set User = GetObject("WinNT://" & strDomain & "/" & strUser & ",user")
Response.Write User.HomeDirectory
End Sub
4.14 Display User Home Directory Mapping
Sub PullUserHomeDirDrive(strDomain,strUser)
Dim User
Set User = GetObject("WinNT://" & strDomain & "/" & strUser & ",user")
Response.Write User.Get("HomeDirDrive")
End Sub
4.15 Display User Account Expiration Date (NT 4.0 only)
Sub PullUserAccountExpireDate(strDomain,strUser)
Dim User
Set User = GetObject("WinNT://" & strDomain & "/" & strUser & ",user")
Response.Write User.AccountExpirationDate
End Sub
4.16 Display User Bad Login Count (NT 4.0 only)
Sub PullUserBadLoginCount(strDomain,strUser)
Dim User
Set User = GetObject("WinNT://" & strDomain & "/" & strUser & ",user")
Response.Write User.BadLoginCount
End Sub
4.17 Display User Last Login (NT 4.0 only)
Sub PullUserLastLogin(strDomain,strUser)
Dim User
Set User = GetObject("WinNT://" & strDomain & "/" & strUser & ",user")
Response.Write User.LastLogin
End Sub
4.18 Display User Last Logoff (NT 4.0 only)
Sub PullUserLastLogoff(strDomain,strUser)
Dim User
Set User = GetObject("WinNT://" & strDomain & "/" & strUser & ",user")
Response.Write User.LastLogoff
End Sub
4.19 Display User Last Logoff (NT 4.0 only)
Sub PullUserLastLogoff(strDomain,strUser)
Dim User
Set User = GetObject("WinNT://" & strDomain & "/" & strUser & ",user")
Response.Write User.LastLogoff
End Sub
4.20 Display User Logon Hours Restriction(NT 4.0 only)
Sub PullUserLogonHourRestriction(strDomain,strUser)
Dim User
Dim RegTime
Dim Restrict
Set User = GetObject("WinNT://" & strDomain & "/" & strUser & ",user")
For Each RegTime In User.LoginHours
If RegTime < 255 Then Restrict = True
Next
Response.write Restrict
End Sub
5. Group Specific Fields
5.1 Display All Users in a Group
Sub PullAllUserFromGroup(strDomain,strGroup)
Dim Group
Dim User
Set Group = GetObject("WinNT://" & strDomain & "/" & strGroup & ",group")
For Each User in Group.Members
Response.Write User.Name
Next
End Sub
5.2 Display if a Users is listed in a Group
Sub DispUserInGroup(strDomain,strGroup,strUser)
Dim Group
Dim User
Set Group = GetObject("WinNT://" & strDomain & "/" & strGroup & ",group")
Set User = GetObject("WinNT://" & strDomain & "/" & strUser & ",user")
Response.Write Group.IsMember(User.ADsPath)
End Sub
5.2 Display Group Description
Sub PullGroupDescription(strDomain,strGroup,strUser)
Dim Group
Set Group = GetObject("WinNT://" & strDomain & "/" & strGroup & ",group")
Response.Write Group.Description
End Sub
5.2 Display Which Group a User is Listed in
Sub DispUserInWhichGroup(strDomain,strGroup,strUser)
Dim Group
Dim User
Set User = GetObject("WinNT://" & strDomain & "/" & strUser & ",user")
For Each Group in User.Groups
Response.Write Group.Name
Next
End Sub
http://www.rlmueller.net/WinNT_Binding.htm:
Binding to Active Directory objects with the WinNT provider
To access the properties and methods of an object, you need to bind to it. This creates a reference to the object. You bind to Active Directory objects in VBScript with a "Set" statement, using the GetObject method. GetObject requires a "binding string", which is a text string that uniquely specifies the object in Active Directory. This is also referred to as the AdsPath of the object. Below are examples of statements that bind to objects with the WinNT provider. The binding string is the string in quotes.
Set objComputer = GetObject("WinNT://MyDomain/Idaho,computer")
Set objGroup = GetObject("WinNT://MyComputer/TestGroup,group")
Set objUser = GetObject("WinNT://MyDC/MyDomain/JSmith,user")
where:
| WinNT: | The provider (case sensitive) |
| objComputer, objGroup, objUser | Variable referring to the object |
| Idaho, TestGroup, JSmith | Name of the object (Relative Distinguished Name) |
| MyDomain | The NetBIOS domain name |
| user, group, computer | The object class, which is optional |
| MyComputer | A computer name |
| MyDC | The name of a domain controller |
In the examples above, objComputer refers to a computer object in Active Directory. This computer has the name "Idaho" in the "MyDomain" domain. objGroup refers to a local group object with the name "TestGroup" on the computer "MyComputer". objUser refers to a user object with the name "JSmith" in the domain "MyDomain", but we are specifically retrieving the user object from the copy of Active Directory on the Domain Controller "MyDC". Ordinarily, you would avoid specifying a specific domain controller.
The "Name" attribute exposed by the WinNT provider is sometimes called the "NT name", because it is the name used in NT networks. It is the pre-Windows 2000 logon name of user objects. The actual Active Directory attribute is "sAMAccountName". If you were to bind to the same object with the LDAP provider, you would refer to the same attribute as "sAMAccountName". The "sAMAccountName" attribute of any object must be unique in the domain.