You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Basic Scripting » More on perceived FILTER problem
Register User       Forum List       Calendar       FAQ
Page 1 of 1 1
Topic Options
#40345 - 2003-05-17 03:36 AM More on perceived FILTER problem
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
I think I have uncovered some pertinent data regarding the perceived ADSI filter issue where computers are returned when the FILTER is set to "user" as seen in thread:

http://www.kixtart.org/board/ultimatebb.php?ubb=get_topic;f=1;t=007184;p=1#000009

Using an alternative method (ADODB) to query the "users" from Active Directory I have discovered that an object seems to have an array of CLASS attributes. A user has shows these class attributes: top person organizationalPerson user while a computer object has these: top person organizationalPerson user computer.

With the above info I can see why ADSI is returning both users and computers when the FILTER is set to "user".

You can gather your own data with the following code.


$oConnection1 = CreateObject("ADODB.Connection")
$oCommand1 = CreateObject("ADODB.Command")

; Open the connection.
$oConnection1.Provider = "ADsDSOObject"  ; This is the ADSI OLE-DB provider name
$oConnection1.Open ("Active Directory Provider")

; Create a command object for this connection.
$oCommand1.ActiveConnection = $oConnection1

; Compose a search string.
$oCommand1.CommandText = "select name, objectClass from 'LDAP://NetBIOSDomainName/DC=DNSDomainName, DC=com' " +
                         "WHERE objectClass='user'"

; Execute the query.
$rs = $oCommand1.Execute
? "exexcute: @error @serror"

;--------------------------------------
; Navigate the record set
;--------------------------------------

While (Not $rs.EOF)
    for each $item in $rs.Fields
        ? $item.Name + " = "
        $Value = $item.Value
        if VarTypeName($Value) = "String"
            " " + $Value
        else
            for each $v in $Value
                " " + $v
            next
        endif
    next
    $rs.MoveNext
Loop


[ 17. May 2003, 03:55: Message edited by: Howard Bullock ]
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#40346 - 2003-05-17 04:34 AM Re: More on perceived FILTER problem
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
In the script shown in the first post if you change the CommandText to :

$oCommand1.CommandText = "select name, objectClass from 'LDAP://NetBIOSDomainName/DC=DNSDomainName, DC=com' " +
"WHERE objectClass='user' and objectClass<>'computer'"

You will elinmate the computers and only return USERs.

[ 17. May 2003, 04:36: Message edited by: Howard Bullock ]
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#40347 - 2003-05-17 07:03 PM Re: More on perceived FILTER problem
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
More info (From Steve @ Microsoft):
quote:
What you are finding is correct. The Computer class is based on the User class, so if you filter on 'User' in the IADsContainer::Filter, it will also display the Computers located in that container. The reason the opposite is not true, is that the User does not have an entry for 'Computer' in it's objectClass attribute.

Unfortunately, the filter only will filter on the objectClass rather than the objectCategory, so this filter will not distinguish between User and Computer objects. If you have containers that have both User and Computer objects in it, I would work around it using one of the following techniques:

1. When looping through the objects in the IADsContainer object, check the objectCategory value and ensure it is Person.
2. Use ADO with the ADsDSoObject and execute a one level search on that container, filtering on objectCategory='Person'.

I am attaching a sample script that I had lying around that shows querying on the objectCategory. For further information concerning using the ADSI OLE-DB provider with ADO, please see the information at the following MSDN link.

http://msdn.microsoft.com/library/en-us/netdir/adsi/searching_with_activex_data _objects_ado.asp

set oRoot = getobject("LDAP://rootdse")
strDefaultNameCont = oRoot.get("defaultNamingContext")
strDNSHost = oRoot.get("dnsHostName")
set oRoot = nothing


set oConn = createobject("adodb.connection")
oConn.provider = "adsdsoobject"
oConn.open "My GC Connection"

dim strQuery


strQuery = "select distinguishedName,objectClass from 'LDAP://" & strDNSHost & "/ou=TestOU," & strDefaultNameCont & "'" _
       & " where objectCategory='Person'"
           

wscript.echo strQuery

set oCmd = createobject("adodb.command")
oCmd.ActiveConnection = oConn
oCmd.CommandText = strQuery

oCmd.Properties("Page Size") = 1000

set oRS = oCmd.execute()

if oRS.eof then
    wscript.echo "No User"
end if
if oRS.recordcount=1 then
    wscript.echo "One User Returned"
end if
Do While Not oRS.EOF
    For i = 0 To oRS.Fields.Count - 1
        wscript.echo oRS.Fields(i).Name
        aEnt = oRS.Fields(i).Value
        If IsArray(aEnt) Then
            For m = 0 To UBound(aEnt)
                wscript.echo aEnt(m)
            Next
        Else
            wscript.echo aEnt
        End If
    Next
    oRS.MoveNext
Loop


[ 17. May 2003, 19:04: Message edited by: Howard Bullock ]
_________________________
Home page: http://www.kixhelp.com/hb/

Top
Page 1 of 1 1


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 1017 anonymous users online.
details
Newest Members
batdk82, StuTheCoder, M_Moore, BeeEm, min_seow
17885 Registered Users
My Cookies · Mark all read Powered by UBB.threads™ Contact Us · KiXtart.org website · Top

Generated in 0.047 seconds in which 0.022 seconds were spent on a total of 12 queries. Zlib compression enabled.
Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org