Active Directory – Page 2

Enumerate All Empty Active Directory Groups

The following script was created to enumerate all the empty groups that exist in an Active Directory.

This output of the script can be piped to a text file.

Basic steps are
1) Create connection to Active Directory domain
2) Create recordset from query, filtering in only empty groups
3) Enumerate through recordset, displaying name of group
4) Cleanup

[sourcecode language=”vb”]
Option Explicit

On Error Resume Next

Dim objCommand
Dim objConnection
Dim objRootDSE
Dim strDNSDomain
Dim strBase
Dim objSystemInfo
Dim strDomain
Dim strFilter
Dim strAttributes
Dim strQuery
Dim objRecordset
Dim strGroupName

Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")

objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection

Set objRootDSE = GetObject("LDAP://RootDSE")

strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = ""

Set objSystemInfo = CreateObject("ADSystemInfo")
strDomain = objSystemInfo.DomainShortName

strFilter = "(&(objectCategory=group)(!member=*))"

strAttributes = "sAMAccountName"

strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False

Set objRecordset = objCommand.Execute

Do Until objRecordset.EOF
strGroupName = objRecordset.Fields("sAMAccountName").Value
WScript.Echo strGroupName
objRecordset.MoveNext
Loop

objRecordset.Close
objConnection.Close

Set objRecordset = Nothing
Set objSystemInfo = Nothing
Set objRootDSE = Nothing
Set objConnection = Nothing
Set objCommand = Nothing
[/sourcecode]

Attachment(s):
[list-attachments]

Enumerate All Active Directory Users’ ProxyAddresses

The following script was created to enumerate all the various addresses an Active Directory users might have.

This output of the script can be piped to a text file which in turn can be imported into a database to generate various reports.

Basic steps are
1) Create connection to Active Directory domain
2) Create recordset from query, filtering in only user accounts
3) Enumerate through recordset, display combination of sAMAccountName and proxyAddress
4) Cleanup

[sourcecode language=”vb”]
Option Explicit

On Error Resume Next

Dim objCommand
Dim objConnection
Dim objRootDSE
Dim strDNSDomain
Dim strBase
Dim objSystemInfo
Dim strDomain
Dim strFilter
Dim strAttributes
Dim strQuery
Dim objRecordset
Dim strUserName
Dim strCN
Dim objUser
Dim arrproxyAddresses
Dim strproxyAddresses

Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")

objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection

Set objRootDSE = GetObject("LDAP://RootDSE")

strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = ""

Set objSystemInfo = CreateObject("ADSystemInfo")
strDomain = objSystemInfo.DomainShortName

strFilter = "(&(objectCategory=Person)(objectClass=User))"

strAttributes = "sAMAccountName,cn,proxyAddresses"

Set objRecordset = objCommand.Execute

Do Until objRecordset.EOF
strUserName = objRecordset.Fields("sAMAccountName").Value
strCN = objRecordset.Fields("cn").value
arrproxyAddresses = objRecordset.Fields("proxyAddresses").value
If IsArray(arrproxyAddresses) = True Then
For Each strproxyAddresses In arrproxyAddresses
WScript.Echo strUserName & vbTab & strproxyAddresses
Next
End If
objRecordset.MoveNext
Loop

objRecordset.Close
objConnection.Close

set objUser = Nothing
Set objRecordset = Nothing
Set objSystemInfo = Nothing
Set objRootDSE = Nothing
Set objConnection = Nothing
Set objCommand = Nothing
[/sourcecode]

Attachment(s):
[list-attachments]