[JDMils]

Can I use DSQuery to do this and if so, what's the syntax?

Windows2003

[wullieb1]

Quote:

Originally Posted by JDMils

Can I use DSQuery to do this and if so, what's the syntax?

Windows2003

Personally i would use CSVDE.

This is the syntax i use to extract user info from AD

csvde -d "ou=users,ou=whatever,ou=whatever,dc=whatever,dc=c om" -l "cn,department,title,mail,telephonenumber,mobi le" -f filepath

This then extract the info

CN
Department
Title
Mail
Telephone Number
Mobile Number

[guyt]

If you also require an expansion of nested groups, you might want to look at the following script I once wrote:
http://guy.netguru.co.il/uploads/EnumDLGroup.vbs.txt

Code:

' EnumDLGroup.vbs
' The script will enumerate all members (users and contacts) of a 
' given Distribution List.
' Nested groups are expanded.
' No duplicates will be output as the script uses Scripting.Dictionary object
' for intermidiate membership storage.

' Created by Guy Teverovsky August 03, 2005

Option Explicit


Dim rs,conn
Set conn = CreateObject("ADODB.Connection")
conn.Provider = "ADSDSOObject"
conn.Open "ADs Provider"


Dim oMembersList
Set oMembersList = CreateObject("Scripting.Dictionary")
oMembersList.CompareMode = vbTextCompare

Dim arrKeys,i,sDLsamAccountName,sGroupDN

'----------Start Change me------------------
sDLsamAccountName = "TEST"
'-----------End Change me-------------------


sGroupDN = findDLGroup(sDLsamAccountName)
enumGroupMembers sGroupDN


arrKeys = oMembersList.Keys   ' Get the keys.
For i = 0 To oMembersList.Count -1 
	WScript.Echo arrKeys(i) & ": " & oMembersList(arrKeys(i))
Next


'Clean up
Set conn 		= Nothing
Set oMembersList	= Nothing


'==============================================================
'			Subroutines
'==============================================================


'==============================================================
' Locate a distribution list by sAMAccountName
' 
' Parameters:
'	- sAMAccountName: the NT-style name of the DL
'==============================================================

Function findDLGroup(sAMAccountName)
	Dim objRootDSE, domainContainer, oGroup,ldapStrExchDL
	Set objRootDSE	= GetObject("LDAP://RootDSE")
	domainContainer = objRootDSE.Get("defaultNamingContext")
	ldapStrExchDL = "<LDAP://" & domainContainer & _
		">;(&(objectCategory=group)(!groupType:1.2.840.113556.1.4.803:=2147483648)(sAMAccountName=" & sAMAccountName & "));adspath;subtree"
	Set rs = conn.Execute(ldapStrExchDL)
	If Not rs.EOF Then
		Set oGroup = GetObject (rs.Fields(0).Value)
		findDLGroup = oGroup.distinguishedName
	Else
		WScript.Echo "Group not found"
		WScript.Quit 0
	End If
	Set objRootDSE = Nothing
End Function


'==============================================================
' Recursive subroutine to enumerate members of a given group
' 
' Parameters:
'	- sObjDN: group object's DN to enumerate it's members
'==============================================================
Sub enumGroupMembers(sObjDN)
	Dim oContainer, obj, sDN	

  	Set oContainer=GetObject ("LDAP://" & sObjDN)  	
	
	For each obj in oContainer.members
  		Select Case LCase(obj.Class)  	
		Case "user" , "contact"
			If Not oMembersList.Exists(obj.sAMAccountName) Then
				oMembersList.Add obj.sAMAccountName, obj.Get("mail")
			End If
		Case "contact"
			If Not oMembersList.Exists(obj.Get("mail")) Then
				oMembersList.Add obj.Get("mail"), obj.Get("mail")
			End If								
		Case "group"
			EnumGroupMembers obj.distinguishedName
		End Select 		
	Next
End Sub

[Amdocs]

Hi Mr. Guy T,

First of all thanks to your reference over here.

I'm trying to use it, however from some unknown reasons it gave me nothing...
In function 'findDLGroup' you check if 'Not rs.EOF' and from unknown reason it's goes to the else part... i tried to play with it and change it, with no success

I truly hope you could help me to determine what could be the problem over there?

Thanks a lot!
Eldad

[guyt]

Have you changed the saMAccountName of the DL group you are trying to enumerate ? Or do you need to enumerate a bunch of DL grouos ?

[Amdocs]

Hi,

Thanks a lot to your quick responce.

yes, i've chenge it, the code looks like that after changes were made in the functions you made:

ldapStrExchDL : <LDAP://DC=corp,DC=amdocs,DC=com>;(&(objectCategory=group) (!groupType:1.2.840.113556.1.4.803:=214748364(sA MAccountName=*IMIS Clarify CRM Projects));adspath;subtree

the only thing that i changed is the 'sAMAccountName=' part, all other data is retrieved by your functions.

After running this query i get a nul record set.

Thanks a lot!
Eldad

[guyt]

Looks like the group is a security group. The filter in my script looks only for distribution groups.

Just change the following line:

Code:

	ldapStrExchDL = "<LDAP://" & domainContainer & _
		">;(&(objectCategory=group)(!groupType:1.2.840.113556.1.4.803:=2147483648)(sAMAccountName=" & sAMAccountName & "));adspath;subtree"

to:

Code:

	ldapStrExchDL = "<LDAP://" & domainContainer & _
		">;(&(objectCategory=group)(objectclass=group)(sAMAccountName=" & sAMAccountName & "));adspath;subtree"

This will search for both distribution AND security groups

[Amdocs]

Hi,

Thanks a lot!

It's solve the problem.

Have a nice day!

Eldad

[JDMils]

Just out of curiosity, how does one debug a VBS script? Can you trace the code line-by-line and have watches on variables like .Net?

[biggles77]

Quote:

Originally Posted by JDMils

Just out of curiosity, how does one debug a VBS script? Can you trace the code line-by-line and have watches on variables like .Net?

how to debug a vb script