Page 1 of 2 12>
Topic Options
#40277 - 2003-05-16 02:35 PM Help with Active Directory Query
JohnQ Offline
Starting to like KiXtart

Registered: 2003-03-04
Posts: 171
I'm using the following script to compile a list of users and their login scripts. This helps us identify which login scripts are being used and also finding any users who don't have a login script assigned. Here's the script:
code:
Break ON
$target = GetObject("LDAP://OU=Users,OU=USA,DC=mycompany,DC=net")
If ReDirectOutput("c:\logons.xls") = 0
For Each $user in $target
$script = $user.loginscript
If $Script = ""
? "Current Script for"+Chr(09)+$user.name+Chr(09)+ "NO SCRIPT ASSIGNED"
Else
? "Current Script for "+Chr(09)+$user.name+Chr(09)+$script
EndIf
Next
EndIf

The script works great to retrieve the users from the OU specified. The problem is, under the OU "USA" there are sub OU's for almost every state and then each of those has one or more sub OU's containing user IDs. Is there anyway to have the script search all sub OU's underneath any given "root" OU and return the same info? I know that I could hard code an array of target OU's and loop through that, but we're talking about possibly 100's of OU's and 1000's of users.

Thanks.

Top
#40278 - 2003-05-16 02:39 PM Re: Help with Active Directory Query
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
When you GETOBJECT on the users OU, your enumeration should also enumerate the other OU objects. You should check the "class" of each object. If the class is "user" then get and report your properties. Otherwise, You should perform another GETOBJECT on the OU to enumerate it. This would be a good use for a recursive UDF.
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#40279 - 2003-05-16 04:09 PM Re: Help with Active Directory Query
JohnQ Offline
Starting to like KiXtart

Registered: 2003-03-04
Posts: 171
Howard, if it's not too much to ask could you elaborate a little bit? A lot of this is new to me and I'm now lost [Frown] . If it's too much trouble, or too detailed to go into I understand.

Thanks.

Top
#40280 - 2003-05-16 04:21 PM Re: Help with Active Directory Query
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
I will provide you a code sample later today. I am currently working on some time sensitive items.
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#40281 - 2003-05-16 08:03 PM Re: Help with Active Directory Query
Kdyer Offline
KiX Supporter
*****

Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
JohnQ,

Hate to "steal Howard's thunder!" [Big Grin]

Here is another way to do this, no LDAP needed. [Smile]

Borrowing from the follwing topics:
Re-Write of the KIX32.EXE Deployment tool

MS-Tech Article findings- 318689

We can take the code to modify the users from NTLOGON and change it to look for Domain Users that have no script. [Smile]

code:
CLS
BREAK ON
$DomainString='DOMAIN' ;Replace with your domain
$GroupString='Domain Users'
$GroupObj = GetObject('WinNT://' + $DomainString + '/' + $GroupString)
For each $UserObj in $GroupObj.Members
IF $UserObj.AccountDisabled<>'True' AND $UserObj.LoginScript=''
?$UserObj.Name
?$UserObj.FullName
$error=@error
$logshare='H:\' ;Change to an available drive or UNC path
$logfile=$logshare+$DomainString+'NOSCRIPT.CSV'
$logdata=$UserObj.Name+','+$UserObj.FullName+','+$error+@CRLF
LOGGER($logfile,$logdata)

ENDIF
Next
?'--'
?'Script complete'
SLEEP 4

FUNCTION LOGGER($logfile,$logdata)
DIM $n
WHILE Open(1, $logfile, 5) OR $n=5
IF $n
'.'
ELSE
?'Please wait'
ENDIF
$n=$n+1
SLEEP 3
LOOP
$n=WriteLine(1, $logdata)
$n=Close(1)
ENDFUNCTION

HTH,

Kent
_________________________
Utilize these resources:
UDFs (Full List)
KiXtart FAQ & How to's

Top
#40282 - 2003-05-16 08:04 PM Re: Help with Active Directory Query
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
Shame on you for trying that! [Eek!]

$count = EnumOUs("LDAP://NetbiosDomain/DC=us, DC=MyCompany, DC=com", "computer")
or
$count = EnumOUs("LDAP://NetbiosDomain/DC=us, DC=MyCompany, DC=com", "user")


Function EnumOUs($LDAP, $Filter)
;$Filter = 'computer' | 'user'
dim $aFilter[0], $pos, $objOU, $i, $j
$i = 0
$j = 0
$aFilter[0] = $Filter

$objOU = GetObject($LDAP)
if VarTypeName($objOU)='Object'
? ucase(Left($Filter,1)) + substr($Filter,2) + "(s) in ($LDAP)"
$objOU.Filter = $aFilter
for each $item in $objOU
$Name = $item.Name
? " " + substr($Name,4)
$i = $i +1
next
?
$aFilter[0] = "organizationalUnit"
$objOU.Filter = $aFilter
for each $item in $objOU
$Name = $item.Name
$pos = instrrev($LDAP,"/")
$DN = Left($LDAP,$pos) + $Name + ", " + substr($LDAP, $pos+1)
$j = EnumOUs($DN, $Filter);
$i = $i + $j
next
else
"GetObject COM error: " + @error + " " + @serror
endif
$EnumOUs = $i
Endfunction


[ 16. May 2003, 20:07: Message edited by: Howard Bullock ]
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#40283 - 2003-05-16 08:10 PM Re: Help with Active Directory Query
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
Radimus already has a UDF in the UDF Library:

EnumOUs() - Enumerates OUs containing Users or Computers
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#40284 - 2003-05-16 08:26 PM Re: Help with Active Directory Query
Kdyer Offline
KiX Supporter
*****

Registered: 2001-01-03
Posts: 6241
Loc: Tigard, OR
The basis of the code I provided is from -
setting a user's login script.

Thanks,

Kent
_________________________
Utilize these resources:
UDFs (Full List)
KiXtart FAQ & How to's

Top
#40285 - 2003-05-16 09:34 PM Re: Help with Active Directory Query
JohnQ Offline
Starting to like KiXtart

Registered: 2003-03-04
Posts: 171
Howard,
Your function works great but I have two questions. 1. When using the "user" filter, it still returns computers as well.
2. If I wanted to spit out the user's login script (or some other attribute), where the heck would I put that in your function?

Thanks for all of your help from the "scripting challenged".

Top
#40286 - 2003-05-17 01:50 AM Re: Help with Active Directory Query
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
There seems to be a problem with the IADsContainer FILTER property. In this function the filter works properly for "group", "computer", and "container", but returns computer objects of both 'user' and 'computer' classes when the FILTER is set to "user". This may be related to the fact that computer accounts are indeed hidden user account "computer$", but that should not be the issue since the object definitely return the class "computer" when the FILTER is to "user".

I have added additional code to validate that the object class is indeed the specified and desired class of object the function was sent to enumerate. See the "if $Class = $Filter" construct.

Also I have an oversight when enumerating the complete domain for users. The object called "Users" is in fact of class "container". So the code was modified to recurse on objects of both classes: 'organizationalUnit' and 'container'. The $aFilter array was Redim'ed and the extra filter added.


Function EnumOUs($LDAP, $Filter)
;$Filter = 'computer' | 'user' | 'group'
dim $aFilter[0], $pos, $objOU, $i, $j, $Class
$i = 0
$j = 0
$aFilter[0] = $Filter

$objOU = GetObject($LDAP)
if VarTypeName($objOU)='Object'
? ucase(Left($Filter,1)) + substr($Filter,2) + "(s) in ($LDAP)"
$objOU.Filter = $aFilter
for each $item in $objOU
$Name = $item.Name
$Class = $item.Class
if $Class = $Filter
? " " + substr($Name,4) + " " + $Class
$i = $i +1
endif
next
?
redim $aFilter[1]
$aFilter[0] = "organizationalUnit"
$aFilter[1] = "container"
$objOU.Filter = $aFilter
for each $item in $objOU
$Name = $item.Name
$pos = instrrev($LDAP,"/")
$DN = Left($LDAP,$pos) + $Name + ", " + substr($LDAP, $pos+1)
$j = EnumOUs($DN, $Filter);
$i = $i + $j
next
else
? "GetObject COM error: " + @error + " " + @serror
? "Bad path: " + $LDAP
endif
$EnumOUs = $i
Endfunction


[ 17. May 2003, 14:47: Message edited by: Howard Bullock ]
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#40287 - 2003-05-17 01:52 AM Re: Help with Active Directory Query
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
Oh, for your second question: you would add a line to get the loginscript property and place the value into a variable with $Name = $item.Name $Class = $item.Class and then add the variable to the out line.

[ 17. May 2003, 01:52: Message edited by: Howard Bullock ]
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#40288 - 2003-05-17 03:43 AM Re: Help with Active Directory Query
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
Please see More on perceived FILTER problem for some insights into the problem where Computers are returned when the FILTER is set to "user".
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#40289 - 2003-05-20 09:23 PM Re: Help with Active Directory Query
JohnQ Offline
Starting to like KiXtart

Registered: 2003-03-04
Posts: 171
Thanks Howard. One last question...If you wanted to get the value of a custom optional object property within a class, how would you go about getting that? Example:
code:
$ecode = $item.abc-emplCode  

The problem here is the dash in abc-emplCode. And $item.'abc-emplCode' returns nothing. Any suggestions?

Top
#40290 - 2003-05-20 09:28 PM Re: Help with Active Directory Query
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
that sounds like kixtart problem.

as once you write a operator there kixtart assumes it has a math sentence...
_________________________
!

download KiXnet

Top
#40291 - 2003-05-20 09:36 PM Re: Help with Active Directory Query
JohnQ Offline
Starting to like KiXtart

Registered: 2003-03-04
Posts: 171
Is there any way that you know of to get around it? Unfortunately, I can't remove the dash.
Top
#40292 - 2003-05-20 09:47 PM Re: Help with Active Directory Query
Shawn Administrator Offline
Administrator
*****

Registered: 1999-08-13
Posts: 8611
A long-shot, no AD here:

$Value = $Object.Get("Property-Name")

Top
#40293 - 2003-05-20 09:55 PM Re: Help with Active Directory Query
Howard Bullock Offline
KiX Supporter
*****

Registered: 2000-09-15
Posts: 5809
Loc: Harrisburg, PA USA
Try:

$ecode = $item.get("abc-emplCode")
or
$ecode = $item.getex("abc-emplCode")

{edit}
[Mad] I hate when people stop at my desk and ask questions. It makes my posts late.

{edit again} Lonkero, Your post has made me feel all warm and fuzzy now. [Big Grin]

[ 21. May 2003, 01:26: Message edited by: Howard Bullock ]
_________________________
Home page: http://www.kixhelp.com/hb/

Top
#40294 - 2003-05-20 10:24 PM Re: Help with Active Directory Query
Lonkero Administrator Offline
KiX Master Guru
*****

Registered: 2001-06-05
Posts: 22346
Loc: OK
hoby, does it make you stop hating if I say I love you? [Frown]
_________________________
!

download KiXnet

Top
#40295 - 2003-05-21 03:05 AM Re: Help with Active Directory Query
JohnQ Offline
Starting to like KiXtart

Registered: 2003-03-04
Posts: 171
Thanks Howard and Shawn.

Using $item.get("abc-emplCode") worked like a champ.

Top
#40296 - 2003-05-21 05:05 AM Re: Help with Active Directory Query
JohnQ Offline
Starting to like KiXtart

Registered: 2003-03-04
Posts: 171
There is one other user property that I would like to be able to retrieve from AD and this is if the "password never expires" checkbox is checked. I have tried using $item.PasswordExpirationDate but it returns nothing. Am I searching for the wrong thing.
Top
Page 1 of 2 12>


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
1 registered (Allen) and 382 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.073 seconds in which 0.024 seconds were spent on a total of 13 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org