Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
June 19, 2006
In tip 8459, we used DSQUERY to determine who has dial-in permission in my domain?
In this tip, we will use DSQUERY, ADFind.exe freeware, and VBScript.
Still using DSQUERY.EXE, you can filter for the msNPAllowDialin attribute being TRUE:
@echo offsetlocal EnableDelayedExpansionset qry=dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(msNPAllowDialin=TRUE))" -attr distinguishedName -limit 0for /f "Skip=1 Tokens=*" %%a in ('%qry%') do ( set dn=%%a# set dn=!dn: =! set dn=!dn: #=! set dn="!dn:#=!" @echo !dn!)endlocal
Using ADFind.exe freeware, type the following in a batch or at a CMD.EXE window:
adfind -nodn -csv -nocsvheader -default -f "&(objectCategory=person)(objectClass=user)(msNPAllowDialin=TRUE)" distinguishedName
Using a LDAP (Lightweight Directory Access Protocol) query, you can use an approach similar to tip 9843:
On Error Resume NextDim objConnection, objCommand, objRootDSE, strDNSDomainDim strFilter, strQuery, objRecordSetSet objConnection = CreateObject("ADODB.Connection")Set objCommand = CreateObject("ADODB.Command")objConnection.Provider = "ADsDSOOBject"objConnection.Open "Active Directory Provider"Set objCommand.ActiveConnection = objConnectionSet objRootDSE = GetObject("LDAP://RootDSE")'Get domainstrDNSDomain = objRootDSE.Get("defaultNamingContext")strBase = ""'Define the filter elementsstrFilter = "(&(objectCategory=person)(objectClass=user)(msNPAllowDialin=TRUE))"'List all attributes you will requirestrAttributes = "distinguishedName"'compose querystrQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"objCommand.CommandText = strQueryobjCommand.Properties("Page Size") = 99999objCommand.Properties("Timeout") = 300objCommand.Properties("Cache Results") = FalseSet objRecordSet = objCommand.ExecuteobjRecordSet.MoveFirstDo Until objRecordSet.EOF strDN = objRecordSet.Fields("distinguishedName") Wscript.Echo
" & strDN &
" objRecordSet.MoveNextLoop' Clean up.objConnection.CloseSet objConnection = NothingSet objCommand = NothingSet objRootDSE = NothingSet objRecordSet = Nothing
You May Also Like