Suffering from a lack of inspiration I decided to rework a previous script.
I had a request on my previous messagerestriction script.
Added to the script is the option to enter the smtp address of
the user or group object for which the messagerestrictions are set.
I have done that by re-using code from this script.
Another question was the option to output to a file,
this can be done easily by running the script like this:
cscript enumeratesendtorights.vbs > thefilenameofyourchoice.txt.
Follow the next steps to run the script (no admin rights needed):
* find the distinguished name of the nested group (adsiedit.msc)
* open your favorite text editor
* copy and paste the script into the editor
* change the distinguished name
* save the script (for example c:\temp\enumeratesendtorights.vbs)
* open a command prompt
* go to “c:\temp”
* give “cscript enumeratesendtorights.vbs” (without quotes) and enter
The script:
' Name : enumeratesendtorights.vbs
' Description : script to enumerate the message restrictions (send to rights) of a distributionlist
' Author : dirk adamsky - deludi bv
' Version : 2.00 added smtp input option based on input from M (see comments on previous script)
' Date : 20-08-2010 (v.1.00 date 08-02-2010)
' Level: advanced
strObject = InputBox("Please enter the smtp address")
Set objSource = GetObject("LDAP://" & GetDN(strObject))
If TypeName(objSource.authOrig) = "String" Then
GetSendToRights ("LDAP://" & objSource.authOrig)
Else
For Each User In objSource.authOrig
GetSendToRights ("LDAP://" & User)
Next
End If
If TypeName(objSource.dLMemSubmitPerms) = "String" Then
EnumNestedgroup objSource.dLMemSubmitPerms
Else
For Each Group in objSource.dLMemSubmitPerms
EnumNestedgroup Group
Next
End If
Set objSource = Nothing
Function GetDN(strMail)
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strBase = "<LDAP://" & objRootDSE.Get("defaultNamingContext") & ">"
' Filter on user objects.
strFilter = "(mail=" & strMail & ")"
' Comma delimited list of attribute values to retrieve.
strAttributes = "distinguishedName"
' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute
wscript.echo adoRecordset.Fields("distinguishedName").Value
GetDN = adoRecordset.Fields("distinguishedName").Value
adoRecordset.Close
adoConnection.Close
Set adoRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing
End Function
Function GetSendToRights(strUserDN)
On Error Resume Next
Set objAccount = GetObject(strUserDN)
Wscript.Echo objAccount.Mail & " ; " & objAccount.DisplayName & " ; direct send to rights"
Set objSecurityDescriptor = objAccount.Get("ntSecurityDescriptor")
Set objDacl = objSecurityDescriptor.DiscretionaryAcl
Set objAce = CreateObject("AccessControlEntry")
For Each objAce In objDacl
If objAce.ObjectType = "{AB721A54-1E2F-11D0-9819-00AA0040529B}" Then
If (Left(objAce.Trustee,3) <> "S-1" And objAce.Trustee <> "NT AUTHORITY\SELF") Then
GetUserDetails Mid(objAce.Trustee,9)
End If
End If
Next
End Function
Function GetUserDetails(strPreW2K)
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
' Filter on user objects.
strFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & strPreW2K & "))"
' Comma delimited list of attribute values to retrieve.
strAttributes = "mail, displayname"
' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
' Run the query.
Set adoRecordset = adoCommand.Execute
Wscript.Echo adoRecordset.Fields("mail").Value & " ; " & adoRecordset.Fields("displayname").Value & " ; indirect send to rights"
' Clean up.
adoRecordset.Close
adoConnection.Close
Set adoRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing
End Function
Sub EnumNestedgroup(strGroupDN)
Set objGroup = GetObject("LDAP://" & strGroupDN)
For Each objMember in objGroup.Members
If (LCase(objMember.Class) = "group") Then
Call EnumNestedgroup(objMember.AdsPath)
Else
GetSendToRights objMember.AdsPath
End If
Next
Set objGroup = Nothing
End Sub
When you have problems/questions with the script please post a reply.
Happy scripting.
Best regards,
Dirk Adamsky
VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
The next script for today enumerates all hidden distribution groups.
This is done by an ADO query with a filter on groups, msExchHideFromAddressLists and mail property.
Follow the next steps to run the script (no admin rights needed):
- copy and paste the script in your favorite text editor
- save the script (for example c:\temp\hidden-distribution-groups.vbs)
- open a command prompt
- go to “c:\temp”
- give “cscript hidden-distribution-groups.vbs” (without quotes) and enter
The script:
' Name : hidden-distribution-groups.vbs
' Description : script to enumerate all distribution groups that are hidden in the Global Address List
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 15-07-2010
' Level: intermediate
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strBase = "<LDAP://" & objRootDSE.Get("defaultNamingContext") & ">"
strFilter = "(&(objectCategory=group)(msExchHideFromAddressLists=TRUE)(mail=*))"
strAttributes = "displayname, mail, msExchHideFromAddressLists"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set objRecordset = adoCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
Wscript.Echo objRecordSet.Fields("displayname").Value & " ; " & objRecordSet.Fields("mail").Value
objRecordSet.MoveNext
Loop
Set objRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing
When you have problems/questions please post a reply or give a ‘star’ rating.
Happy scripting.
Best regards,
Dirk Adamsky – Deludi BV
VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
Script for today is about members of the remote desktop users local group.
This group exists on all servers except the domain controllers.
The script can take a long time in large domains because it connects each server separately.
Follow the next steps to run the script (admin rights needed):
- copy and paste the script in your favorite text editor
- save the script (for example c:\temp\remotedesktopusers.vbs)
- open a command prompt
- go to “c:\temp”
- give “cscript remotedesktopusers.vbs” (without quotes) and enter
The script:
' Name : remotedesktopusers.vbs
' Description : script to enumerate the members of remote desktop users group of all servers
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 23-04-2010
' Level: intermediate
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
strFilter = "(&(objectCategory=computer)(operatingSystem=*server*))"
strAttributes = "name,distinguishedName"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute
Do Until adoRecordset.EOF
strHostname = adoRecordset.Fields("name").Value
If CheckStatus(strHostname) = True Then
If Instr(adoRecordset.Fields("distinguishedName").Value,"Domain Controllers") = 0 Then
Set objGroup = GetObject("WinNT://" & strHostname & "/Remote Desktop Users,group")
For Each Member In objGroup.Members
wscript.echo strHostname & " has " & Member.Name & " in the remote desktop users group"
Next
Set objGroup = Nothing
End If
End If
adoRecordset.MoveNext
Loop
adoRecordset.Close
adoConnection.Close
Set adoRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing
Function CheckStatus(strAddress)
Dim objPing, objRetStatus
Set objPing = GetObject("winmgmts:{impersonationLevel=impersonate}").ExecQuery _
("select * from Win32_PingStatus where address = '" & strAddress & "'")
For Each objRetStatus In objPing
If IsNull(objRetStatus.StatusCode) Or objRetStatus.StatusCode <> 0 Then
CheckStatus = False
Else
CheckStatus = True
End If
Next
Set objPing = Nothing
End Function
When you have problems/questions please post a reply or give a ‘star’ rating.
Happy scripting.
Best regards,
Dirk Adamsky – Deludi BV
VN:F [1.9.3_1094]
Rating: 10.0/10 (2 votes cast)
VN:F [1.9.3_1094]
Script for today is a mutation of my previous enumerate nested group script.
The script enumerates all nested group users with a citrix token.
Follow the next steps to run the script (no admin rights needed):
- copy and paste the script in your favorite text editor
- change the distinguished name of the nested group to your group distinguished name
- save the script (for example c:\temp\enumeratenestedgrouptokens.vbs)
- open a command prompt
- go to “c:\temp”
- give “cscript enumeratenestedgrouptokens.vbs” (without quotes) and enter
The script:
' Name : enumeratenestedgrouptokens.vbs
' Description : script to enumerate the citrix tokens of a nested group
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 13-04-2010
' Level: intermediate
strTargetGroupDN = "LDAP://CN=testgroup,OU=groups,DC=test,DC=org"
EnumNestedgroup strTargetGroupDN
Sub EnumNestedgroup(strGroupDN)
Set objGroup = GetObject(strGroupDN)
For Each objMember in objGroup.Members
If (LCase(objMember.Class) = "group") Then
EnumNestedgroup objMember.AdsPath
ElseIf objMember.[securecomputingCom2000-SafeWord-UserID] <> "" Then
Wscript.Echo objMember.DisplayName & " ; " & objMember.Mail & " ; " & objMember.[securecomputingCom2000-SafeWord-UserID]
End If
Next
Set objGroup = Nothing
End Sub
When you have problems/questions please post a reply or give a ‘star’ rating.
Happy scripting.
Best regards,
Dirk Adamsky – Deludi BV
VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
Today I had to find out the lastlogon of the members of a nested group.
Extra request was the users who’s lastlogon was longer than 90 days ago.
I solved the problem by creating a script that was a combination of earlier scripts.
The lastlogon code came from my lastlogon script, the enumeration of the group members code was taken from my enumeratenestedgroup script. The users with a lastlogon of 1-1-1601 did never log on.
Follow the next steps to run the script (no admin rights needed):
- open your favorite text editor
- copy and paste the script into the editor
- change the distinguished name of strTargetGroupDN to the distinguished name of your nested group
- optionally: change the treshold value in line 17 to the desired value (example treshold value is 90 days)
- save the script (for example c:\temp\enumerate-lastlogon-nestedgroup-with-treshold.vbs)
- open a command prompt
- go to “c:\temp”
- give “cscript enumerate-lastlogon-nestedgroup-with-treshold.vbs” (without quotes) and enter
The script:
' Name : enumerate-lastlogon-nestedgroup-with-treshold.vbs
' Description : script to enumerate the last logon of the members of a nested group with treshold
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 23-03-2010
' Level : advanced
intBias = TimeZoneBias
strTargetGroupDN = "LDAP://CN=Testgroup,OU=Groups,DC=Test,DC=org"
EnumNestedgroup strTargetGroupDN
Sub EnumNestedgroup(strGroupDN)
Set objGroup = GetObject(strGroupDN)
For Each objMember in objGroup.Members
If (LCase(objMember.Class) = "group") Then
EnumNestedgroup objMember.AdsPath
Else
CheckLastLoginWithTreshold objMember.AdsPath, 90
End If
Next
Set objGroup = Nothing
End Sub
Sub CheckLastLoginWithTreshold(strDN,intTreshold)
Set objUser = GetObject(strDN)
On Error resume next
Set objDate = objUser.Get("lastLogonTimestamp")
If (Err.Number <> 0) Then
dtmDate = #1/1/1601#
Else
dtmDate = ((((objDate.Highpart * (2^32)) + objDate.LowPart)/(600000000 - intBias))/1440) + #1/1/1601#
End If
Set objDate = Nothing
If DateDiff("d",dtmDate,Date) > intTreshold Then
Wscript.Echo objUser.Displayname & " ; " & objUser.Mail & " ; " & dtmDate
End If
Set objUser = Nothing
End Sub
Function TimeZoneBias
strComputer = "."
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colTimeZone = objWMIService.ExecQuery("Select * from Win32_TimeZone")
For Each objTimeZone in colTimeZone
TimeZoneBias = objTimeZone.Bias
Next
Set colTimeZone = Nothing
Set objWMIService = Nothing
End Function
When you have problems/questions please post a reply.
Happy scripting.
Best regards,
Dirk Adamsky – Deludi BV
VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
For most system administrators cleaning up Active Directory is not their favorite thing.
This script helps you by enumerating all empty groups, so you can remove them (manually).
Follow the next steps to run the script (no admin rights needed):
* open your favorite text editor
* copy and paste the script into the editor
* save the script (for example c:\temp\emptygroups.vbs)
* open a command prompt
* go to “c:\temp”
* give “cscript emptygroups.vbs” (without quotes) and enter
The script:
' Name : emptygroups.vbs
' Description : script to enumerate all empty groups
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 18-03-2010
' Level : intermediate
Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strBase = "<LDAP://" & objRootDSE.Get("defaultNamingContext") & ">"
Set objRootDSE = Nothing
strFilter = "(&(objectCategory=group)(!member=*))"
strAttributes = "name"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
Do Until objRecordSet.EOF
Wscript.Echo objRecordSet.Fields("name").Value
objRecordSet.MoveNext
Loop
objRecordSet.Close
objConnection.Close
Set objRecordSet = Nothing
Set objConnection = Nothing
Set objCommand = Nothing
When you have problems/questions please post a reply, you can also rate the script.
Happy scripting.
Best regards,
Dirk Adamsky – Deludi BV
VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
This script is a mutation of yesterday’s script.
It searches Active Directory for mail enabled groups with multiple smtp addresses.
By changing the treshold value (i) in line number 39 you can broaden or narrow your searches.
Follow the next steps to run the script (no admin rights needed):
* open your favorite text editor
* copy and paste the script into the editor
* save the script (for example c:\temp\showgroupswithmultiplesmtp.vbs)
* open a command prompt
* go to “c:\temp”
* give “cscript showgroupswithmultiplesmtp.vbs” (without quotes) and enter
The script:
' Name : showgroupswithmultiplesmtp.vbs
' Description : script to show all groups with multiple smtp addresses
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 23-02-2010
' Level : intermediate
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
strFilter = "(&(objectCategory=group)(mail=*))"
strAttributes = "distinguishedName"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute
Do Until adoRecordset.EOF
On Error Resume Next
Set objGroup = GetObject ("LDAP://" & adoRecordset.Fields("distinguishedName").Value)
arrProxy = objGroup.GetEx("proxyAddresses")
i = 0
For Each strMailAddress in arrProxy
If Lcase(Left(strMailAddress,5))= "smtp:" Then
i = i + 1
End If
Next
If i >= 2 Then
strAllMailAddresses = ""
For Each strMailAddress in arrProxy
If Lcase(Left(strMailAddress,5))= "smtp:" Then
strAllMailAddresses = strAllMailAddresses & " ; " & strMailAddress
End If
Next
Wscript.Echo objGroup.DisplayName & strAllMailAddresses
End If
Set objGroup = Nothing
adoRecordset.MoveNext
Loop
adoRecordset.Close
adoConnection.Close
Set adoRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing
When you have problems/questions please post a reply.
I also added a rating system yesterday, thank you in advance for your reaction.
Happy scripting.
Best regards,
Dirk Adamsky – Deludi BV
VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
This script is something I wanted to do for a long time
It is a mutation of the enumeratenestedgroupV2 script.
In large organizations the main distributiongroups tend to be complex also.
Often the distributiongroups represent the organization hierarchy.
A user in general only needs his/her department distributiongroup membership.
This script checks If a user has multiple entries in the main distributiongroup, if so an entry is added to the output.
Part of the script is the use of the dictionary object, also known as “associative array” in other scripting languages.
What the script does:
- create a dictionary object
- fill a variable with the group distinguished name
- call the subroutine EnumNestedgroup
- the subroutine checks whether the member is a group or a user
- when the member is a user the smtp address is added to the dictionary object with value 1
- when the smtp address is already in the dictionary 1 is added to the value
- the last routine echoes the dictionary object keys and values
Follow the next steps to run the script (no admin rights needed):
- find the distinguished name of the nested group (adsiedit.msc)
- open your favorite text editor
- copy and paste the script into the editor
- change the distinguished name
- save the script (for example c:\temp\countmembershipnestedgroup.vbs)
- open a command prompt
- go to “c:\temp”
- give “cscript enumeratenestedgroup.vbs” (without quotes) and enter
The script:
' Name : countmembershipnestedgroup.vbs
' Description : script to count users with multiple entries in a nested distribution group
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 16-02-2010
' Level : advanced
Set objDictionary = CreateObject("Scripting.Dictionary")
strTargetGroupDN = "LDAP://CN=testgroup,OU=groups,DC=test,DC=org"
Call EnumNestedgroup(strTargetGroupDN)
Sub EnumNestedgroup(strGroupDN)
Set objGroup = GetObject(strGroupDN)
For Each objMember in objGroup.Members
If (LCase(objMember.Class) = "group") Then
Call EnumNestedgroup(objMember.AdsPath)
Else
If objDictionary.Exists(objMember.DisplayName) Then
objDictionary.Item(objMember.DisplayName) = objDictionary.Item(objMember.DisplayName) + 1
Else
objDictionary.Add objMember.DisplayName, 1
End If
End If
Next
Set objGroup = Nothing
End Sub
For Each strKey in objDictionary.Keys
If objDictionary.Item(strKey) > 1 Then
Wscript.Echo strKey & " ; " & objDictionary.Item(strKey) & " ; entries in list"
End If
Next
Set objDictionary = Nothing
When you have problems/questions please post a reply.
Happy scripting.
Dirk Adamsky – Deludi BV
VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
A couple of weeks ago I posted the enumeratenestedgroup script.
Last friday (while working at another script) I thought: this can be done better/more efficient.
What I have done is a rewrite of the script, it now contains 50% less code.
This is mainly because the recursion is implemented better.
What the script does:
- fill a variable with the group distinguished name
- call the subroutine EnumNestedgroup
- the subroutine checks whether the member is a group or a user
- when the member is a user the displayname and smtp address a echoed on the screen
- when the member is a group the group distinguished name is echoed the the sub is called again
Follow the next steps to run the script (no admin rights needed):
- find the distinguished name of the nested group (adsiedit.msc)
- open your favorite text editor
- copy and paste the script into the editor
- change the distinguished name
- save the script (for example c:\temp\enumeratenestedgroup.vbs)
- open a command prompt
- go to “c:\temp”
- give “cscript enumeratenestedgroup.vbs” (without quotes) and enter
The script:
' Name : enumeratenestedgroup.vbs
' Description : script to enumerate the members of a nested group
' Author : dirk adamsky - deludi bv
' Version : 2.1 removed the "Call" statement from line 10 and 16 based on input from jvierra
' also removed parenthesis
' (http://www.scriptinganswers.com/forum2/forum_posts.asp?TID=2244&PID=21775#21775)
' Date : 24-02-2010
strTargetGroupDN = "LDAP://CN=testgroup,OU=groups,DC=test,DC=org"
EnumNestedgroup strTargetGroupDN
Sub EnumNestedgroup(strGroupDN)
Set objGroup = GetObject(strGroupDN)
For Each objMember in objGroup.Members
If (LCase(objMember.Class) = "group") Then
wscript.echo objMember.AdsPath
EnumNestedgroup objMember.AdsPath
Else
Wscript.Echo objMember.DisplayName & " ; " & objMember.Mail
End If
Next
Set objGroup = Nothing
End Sub
When you have problems/questions please post a reply.
Happy scripting.
Dirk Adamsky – Deludi BV
VN:F [1.9.3_1094]
Rating: 10.0/10 (1 vote cast)
VN:F [1.9.3_1094]
This script enumerates all active directory distribution groups with a manager.
It starts with an ado query for the distinguished name of all group objects with an smtp address (accomplished by checking the mail property in the ado filter).
For each group a group object is created, the displayname, mail attribute and managedBy attribute of the group are displayed.
Follow the next steps to make and run the script (no admin rights needed):
- open your favorite text editor (mine is notepad++)
- copy and paste the script into the editor (delete the line numbers)
- save the script (for example c:\temp\distributiongroupswithmanager.vbs)
- open a command prompt
- go to “c:\temp”
- give “cscript distributiongroupswithmanager.vbs” (without quotes) and enter
When you want to save the output in a textfile give:
“cscript distributiongroupswithmanager.vbs > distributiongroupswithmanager.txt” (without quotes) and enter
The script:
' Name : distributiongroupswithmanager.vbs
' Description : script to enumerate all distributiongroups with manager
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 01-02-2010
' Level : intermediate
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
strFilter = "(&(objectCategory=group)(mail=*))"
strAttributes = "distinguishedName"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set objRecordset = adoCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
On Error Resume Next
Set objGroup = GetObject("LDAP://" & objRecordSet.Fields("distinguishedName").Value)
Wscript.Echo objGroup.DisplayName & " ; " & objGroup.Mail & " ; " & objGroup.managedBy
Set objGroup = Nothing
objRecordSet.MoveNext
Loop
Set objRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing
When you have questions or problems with the script please drop a comment.
VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
Recent Comments