JSI Tip 8459. Who has dial-in permission in my domain?

Using DSQUERY to interogate the msNPAllowDialin attribute, I have scripted WhoDials.bat to display the distinguishedName of all users who have dial-in permission in your Windows 2000 native mode, or greater, domain.

WhoDials.bat contains:

@echo off
setlocal
set qry=dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User))" -attr distinguishedName msNPAllowDialin -L -limit 0
for /f "Tokens=1*" %%a in ('%qry%') do (
 call :isdial "%%a" "%%b"
)
endlocal
goto :EOF
:isdial
if %1 EQU "distinguishedName:" set dn=%2&goto :EOF
if %2 NEQ "TRUE" goto :EOF
@echo %dn%



Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish