Prev: Hex to string
Next: How do I run an .exe with command line arguments.
From: Livin on 17 Jan 2008 19:52
Goal: Domain-wide (all container) search for any object Class/Category
(input at start of script)

The LDAP query looks correct and I've tried several options...

LDAP:// DCname / FullPATH
LDAP:// FulllPATH
LDAP:// FQDN
....etc

I've tried replacing objectCategory with objectClass in the query,
same result.


---------- code -------------

sDefaultOBJECT = "computer"
sDefaultNAME = "CAFE"
sDefaultSERVER = "dc025"
' Domain Distinguished Name: "DC=Subdomain,DC=Domain,DC=com" - hard
coded instead of using RootDSE
sDefaultPATH = "DC=global,DC=ds,DC=Company,DC=com"
sUSER = "user777a"
sPW = "userPW!"

sADSpath = InputBox("Enter the name of the Domain Controller and LDAP
PATH"& vbCrLf & vbCrLf &_
"","Domain Controller Name",sDefaultPATH)

sOBJECT = InputBox("Enter the OBJECT type, you'd like to search on"&
vbCrLf & vbCrLf &_
"This can be any object type: Computer, User, Printer, etc.","Object
Type",sDefaultOBJECT)

sNAME = InputBox("Enter the NAME of the object you'd like the DN for"&
vbCrLf & vbCrLf &_
"This is the sAMaccountname.","AD Object Name",sDefaultNAME)

strComputerDN = GetComputerDN(sNAME, sOBJECT, sUSER, sPW, sADSpath)

Wscript.echo "Object's DN: "& strComputerDN

Function GetDN (strName, strFilter, strUsername, strPassword,
strDomainDN)
'strName - Computer name to get the DN for
'strFilter - What to filter LDAP search for, Object type
'strUsername - Username to use for authentication to the domain
'strPassword - Password of Username specified
'strDomainDN - DN for the domain you want to search

' Use ADO to search Active Directory.
Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Properties("User ID") = strUsername
objConnection.Properties("Password") = strPassword
objConnection.Properties("Encrypt Password") = TRUE
objConnection.Properties("ADSI Flag") = 3
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection
strBase = "<LDAP://" & strDomainDN & ">"

' Filter query
strFilter = "(objectCategory=" & strFilter & ")"
strAttributes = "distinguishedName,name"
strQuery = strBase & ";" & strFilter & ";" & strAttributes &
";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute

' Enumerate the recordset.
Do Until objRecordSet.EOF
If strName = objRecordSet.Fields("name") Then
GetDN = objRecordSet.Fields("distinguishedName")
objConnection.Close
Exit Function
End If
objRecordSet.MoveNext
Loop

' Clean up.
objConnection.Close
End Function
From: Richard Mueller [MVP] on 17 Jan 2008 21:00
Livin wrote:

"Livin" <AaronLevey(a)gmail.com> wrote in message
news:1452cbda-1fcc-4a09-b57e-4caa8eb2259b(a)s19g2000prg.googlegroups.com...
> Goal: Domain-wide (all container) search for any object Class/Category
> (input at start of script)
>
> The LDAP query looks correct and I've tried several options...
>
> LDAP:// DCname / FullPATH
> LDAP:// FulllPATH
> LDAP:// FQDN
> ...etc
>
> I've tried replacing objectCategory with objectClass in the query,
> same result.
>
>
> ---------- code -------------
>
> sDefaultOBJECT = "computer"
> sDefaultNAME = "CAFE"
> sDefaultSERVER = "dc025"
> ' Domain Distinguished Name: "DC=Subdomain,DC=Domain,DC=com" - hard
> coded instead of using RootDSE
> sDefaultPATH = "DC=global,DC=ds,DC=Company,DC=com"
> sUSER = "user777a"
> sPW = "userPW!"
>
> sADSpath = InputBox("Enter the name of the Domain Controller and LDAP
> PATH"& vbCrLf & vbCrLf &_
> "","Domain Controller Name",sDefaultPATH)
>
> sOBJECT = InputBox("Enter the OBJECT type, you'd like to search on"&
> vbCrLf & vbCrLf &_
> "This can be any object type: Computer, User, Printer, etc.","Object
> Type",sDefaultOBJECT)
>
> sNAME = InputBox("Enter the NAME of the object you'd like the DN for"&
> vbCrLf & vbCrLf &_
> "This is the sAMaccountname.","AD Object Name",sDefaultNAME)
>
> strComputerDN = GetComputerDN(sNAME, sOBJECT, sUSER, sPW, sADSpath)
>
> Wscript.echo "Object's DN: "& strComputerDN
>
> Function GetDN (strName, strFilter, strUsername, strPassword,
> strDomainDN)
> 'strName - Computer name to get the DN for
> 'strFilter - What to filter LDAP search for, Object type
> 'strUsername - Username to use for authentication to the domain
> 'strPassword - Password of Username specified
> 'strDomainDN - DN for the domain you want to search
>
> ' Use ADO to search Active Directory.
> Set objCommand = CreateObject("ADODB.Command")
> Set objConnection = CreateObject("ADODB.Connection")
> objConnection.Provider = "ADsDSOObject"
> objConnection.Properties("User ID") = strUsername
> objConnection.Properties("Password") = strPassword
> objConnection.Properties("Encrypt Password") = TRUE
> objConnection.Properties("ADSI Flag") = 3
> objConnection.Open "Active Directory Provider"
> objCommand.ActiveConnection = objConnection
> strBase = "<LDAP://" & strDomainDN & ">"
>
> ' Filter query
> strFilter = "(objectCategory=" & strFilter & ")"
> strAttributes = "distinguishedName,name"
> strQuery = strBase & ";" & strFilter & ";" & strAttributes &
> ";subtree"
> objCommand.CommandText = strQuery
> objCommand.Properties("Page Size") = 100
> objCommand.Properties("Timeout") = 30
> objCommand.Properties("Cache Results") = False
> Set objRecordSet = objCommand.Execute
>
> ' Enumerate the recordset.
> Do Until objRecordSet.EOF
> If strName = objRecordSet.Fields("name") Then
> GetDN = objRecordSet.Fields("distinguishedName")
> objConnection.Close
> Exit Function
> End If
> objRecordSet.MoveNext
> Loop
>
> ' Clean up.
> objConnection.Close
> End Function

First, GetComputerDN should be GetDN. For example:

strComputerDN = GetDN(sNAME, sOBJECT, sUSER, sPW, sADSpath)

It could help to use "Option Explicit" and declare all variables in Dim
statements, which is how I found this error.

Second, the Name attribute of an object is the Relative Distinguished Name
(RDN), not the sAMAccountName. For user, group, and computer objects the RDN
is the value of the cn (Common Name) attribute. For computer objects I would
expect the values of the cn and sAMAccountName attributes to be the same
(although they don't have to be), but not necessarily for users. I got the
code to work by searching for the value of the cn attribute.

Third, I had to specify the username (sUser) as either "MyDomain\UserName"
or "cn=Jim Smith,ou=Sales,dc=MyDomain,dc=com".

Fourth, I couldn't get the code to work with ADSI Flag = 3. The values I've
seen are:

' ADS Authentication constants that can be used.

Const ADS_SECURE_AUTHENTICATION = &H1

Const ADS_USE_ENCRYPTION = &H2

Const ADS_USE_SSL = &H2

Const ADS_USE_SIGNING = &H40

Const ADS_USE_SEALING = &H80

Const ADS_USE_DELEGATION = &H100
Const ADS_SERVER_BIND = &H200



For example, I have used:



objConnection.Properties("ADSI Flag") = ADS_SERVER_BIND _

Or ADS_SECURE_AUTHENTICATION


Finally, assuming that the "Name" of the object is the NetBIOS name
(sAMAccountName), an alternative method (perhaps more efficient because it
does not involve searching) would be to use the NameTranslate object. For
more see this link:

http://www.rlmueller.net/NameTranslateFAQ.htm

The trick for computer objects is to remember that the sAMAccountName of
computer objects is the NetBIOS name with the character "$" appended on the
end.

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--


 | 
Pages: 1
Prev: Hex to string
Next: How do I run an .exe with command line arguments.