Ok let’s do another nested group script.
This script enumerates the lastlogon of all members of a nested group.
Attention: the lastlogontimestamp attribute has a treshold of 2 weeks, so recently added users might not occur in the output of the script.
Follow the next steps to run the script (no admin rights needed):
- copy and paste the script in your favorite text editor
- change the distinguished name of the nested group to your group distinguished name
- save the script (for example c:\temp\enumeratenestedgrouplastlogon.vbs)
- open a command prompt
- go to “c:\temp”
- give “cscript enumeratenestedgrouplastlogon.vbs” (without quotes) and enter
The script:
' Name : enumeratenestedgrouplastlogon.vbs
' Description : script to enumerate the lastlogon of all users of a nested group
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 13-04-2010
' Level: intermediate
intBias = TimeZoneBias
strTargetGroupDN = "LDAP://CN=testgroup,OU=Groups,DC=test,DC=org"
EnumNestedgroup strTargetGroupDN
Sub EnumNestedgroup(strGroupDN)
Set objGroup = GetObject(strGroupDN)
For Each objMember in objGroup.Members
If (LCase(objMember.Class) = "group") Then
EnumNestedgroup objMember.AdsPath
ElseIf TypeName(objMember.lastLogonTimeStamp) <> "Empty" Then
Set objDate = objMember.lastLogonTimeStamp
If (Err.Number <> 0) Then
dtmDate = #1/1/1601#
Else
dtmDate = ((((objDate.Highpart * (2^32)) + objDate.LowPart)/(600000000 - intBias))/1440) + #1/1/1601#
End If
Set objDate = Nothing
Wscript.Echo objMember.DisplayName & " ; " & objMember.Mail & " ; " & dtmDate
End If
Next
Set objGroup = Nothing
End Sub
Function TimeZoneBias
strComputer = "."
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colTimeZone = objWMIService.ExecQuery("Select * from Win32_TimeZone")
For Each objTimeZone in colTimeZone
TimeZoneBias = objTimeZone.Bias
Next
Set colTimeZone = Nothing
Set objWMIService = Nothing
End Function
When you have problems/questions please post a reply or give a ‘star’ rating.
Happy scripting.
Best regards,
Dirk Adamsky – Deludi BV
VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
Script for today is a mutation of my previous enumerate nested group script.
The script enumerates all nested group users with a citrix token.
Follow the next steps to run the script (no admin rights needed):
- copy and paste the script in your favorite text editor
- change the distinguished name of the nested group to your group distinguished name
- save the script (for example c:\temp\enumeratenestedgrouptokens.vbs)
- open a command prompt
- go to “c:\temp”
- give “cscript enumeratenestedgrouptokens.vbs” (without quotes) and enter
The script:
' Name : enumeratenestedgrouptokens.vbs
' Description : script to enumerate the citrix tokens of a nested group
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 13-04-2010
' Level: intermediate
strTargetGroupDN = "LDAP://CN=testgroup,OU=groups,DC=test,DC=org"
EnumNestedgroup strTargetGroupDN
Sub EnumNestedgroup(strGroupDN)
Set objGroup = GetObject(strGroupDN)
For Each objMember in objGroup.Members
If (LCase(objMember.Class) = "group") Then
EnumNestedgroup objMember.AdsPath
ElseIf objMember.[securecomputingCom2000-SafeWord-UserID] <> "" Then
Wscript.Echo objMember.DisplayName & " ; " & objMember.Mail & " ; " & objMember.[securecomputingCom2000-SafeWord-UserID]
End If
Next
Set objGroup = Nothing
End Sub
When you have problems/questions please post a reply or give a ‘star’ rating.
Happy scripting.
Best regards,
Dirk Adamsky – Deludi BV
VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
This script enumerates all Citrix tokens in Active Directory.
Follow the next steps (no admin rights needed):
- open your favorite text editor
- copy and paste the script into the editor
- save the script (for example c:\temp\citrixtokens.vbs)
- open a command prompt
- go to “c:\temp”
- give “cscript citrixtokens.vbs” (without quotes) and enter
The script:
' Name : citrixtokens.vbs
' Description : script to enumerate citrix tokens
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 11-01-2010
Option Explicit
Dim adoCommand, adoConnection, strBase, strFilter, strAttributes, strCN, arrToken, strToken
Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strUserDN, objUser, protocolSettings, strMail
' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
' Filter on user objects.
strFilter = "(&(objectCategory=person)(objectClass=user))"
' Comma delimited list of attribute values to retrieve.
strAttributes = "mail,cn,securecomputingCom2000-SafeWord-UserID"
' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
' Run the query.
Set adoRecordset = adoCommand.Execute
' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
On Error Resume Next
If adoRecordset.Fields("securecomputingCom2000-SafeWord-UserID").Actualsize <> 0 Then
strCN = adoRecordset.Fields("cn").Value
strMail = adoRecordset.Fields("mail").Value
arrToken = adoRecordset.Fields("securecomputingCom2000-SafeWord-UserID").Value
For each strToken in arrToken
If strToken > 0 Then
Wscript.echo strMail & " ; " & strCN & " ; " & strToken
End If
Next
End if
'Move to the next record in the recordset.
adoRecordset.MoveNext
Loop
' Clean up.
adoRecordset.Close
adoConnection.Close
Set adoRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing
VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
Recent Comments