Active Directory: VBscript to enumerate the message restrictions (send to rights) of a user or distributiongroup v2

messagerestrictions No Responses »
Aug 202010

Suffering from a lack of inspiration I decided to rework a previous script.
I had a request on my previous messagerestriction script.
Added to the script is the option to enter the smtp address of
the user or group object for which the messagerestrictions are set.
I have done that by re-using code from this script.
Another question was the option to output to a file,
this can be done easily by running the script like this:

cscript enumeratesendtorights.vbs > thefilenameofyourchoice.txt.

Follow the next steps to run the script (no admin rights needed):

* find the distinguished name of the nested group (adsiedit.msc)
* open your favorite text editor
* copy and paste the script into the editor
* change the distinguished name
* save the script (for example c:\temp\enumeratesendtorights.vbs)
* open a command prompt
* go to “c:\temp”
* give “cscript enumeratesendtorights.vbs” (without quotes) and enter

The script:

' Name : enumeratesendtorights.vbs
' Description : script to enumerate the message restrictions (send to rights) of a distributionlist
' Author : dirk adamsky - deludi bv
' Version : 2.00 added smtp input option based on input from M (see comments on previous script)
' Date : 20-08-2010 (v.1.00 date 08-02-2010)
' Level: advanced

strObject = InputBox("Please enter the smtp address")
Set objSource = GetObject("LDAP://" & GetDN(strObject))
If TypeName(objSource.authOrig) = "String" Then
	GetSendToRights ("LDAP://" & objSource.authOrig)
Else
	For Each User In objSource.authOrig
		GetSendToRights ("LDAP://" & User)
	Next
End If
If TypeName(objSource.dLMemSubmitPerms) = "String" Then
	EnumNestedgroup objSource.dLMemSubmitPerms
Else
	For Each Group in objSource.dLMemSubmitPerms
		EnumNestedgroup Group
	Next
End If
Set objSource = Nothing

Function GetDN(strMail)
	Set adoCommand = CreateObject("ADODB.Command")
	Set adoConnection = CreateObject("ADODB.Connection")
	adoConnection.Provider = "ADsDSOObject"
	adoConnection.Open "Active Directory Provider"
	adoCommand.ActiveConnection = adoConnection
	Set objRootDSE = GetObject("LDAP://RootDSE")
	strBase = "<LDAP://" & objRootDSE.Get("defaultNamingContext") & ">"

	' Filter on user objects.
	strFilter = "(mail=" &  strMail & ")"

	' Comma delimited list of attribute values to retrieve.
	strAttributes = "distinguishedName"

	' Construct the LDAP syntax query.
	strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
	adoCommand.CommandText = strQuery
	adoCommand.Properties("Page Size") = 100
	adoCommand.Properties("Timeout") = 30
	adoCommand.Properties("Cache Results") = False
	Set adoRecordset = adoCommand.Execute
	wscript.echo adoRecordset.Fields("distinguishedName").Value
	GetDN = adoRecordset.Fields("distinguishedName").Value
	adoRecordset.Close
	adoConnection.Close

	Set adoRecordset = Nothing
	Set objRootDSE = Nothing
	Set adoConnection = Nothing
	Set adoCommand = Nothing

End Function

Function GetSendToRights(strUserDN)
	On Error Resume Next
	Set objAccount = GetObject(strUserDN)
	Wscript.Echo objAccount.Mail & " ; " & objAccount.DisplayName & " ; direct send to rights"
	Set objSecurityDescriptor = objAccount.Get("ntSecurityDescriptor")
	Set objDacl = objSecurityDescriptor.DiscretionaryAcl
	Set objAce = CreateObject("AccessControlEntry")
	For Each objAce In objDacl
		If objAce.ObjectType = "{AB721A54-1E2F-11D0-9819-00AA0040529B}" Then
			If (Left(objAce.Trustee,3) <> "S-1" And objAce.Trustee <> "NT AUTHORITY\SELF") Then
				GetUserDetails Mid(objAce.Trustee,9)
			End If
		End If
	Next
End Function

Function GetUserDetails(strPreW2K)
	Set adoCommand = CreateObject("ADODB.Command")
	Set adoConnection = CreateObject("ADODB.Connection")
	adoConnection.Provider = "ADsDSOObject"
	adoConnection.Open "Active Directory Provider"
	adoCommand.ActiveConnection = adoConnection

	' Search entire Active Directory domain.
	Set objRootDSE = GetObject("LDAP://RootDSE")
	strDNSDomain = objRootDSE.Get("defaultNamingContext")
	strBase = "<LDAP://" & strDNSDomain & ">"

	' Filter on user objects.
	strFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" &  strPreW2K & "))"

	' Comma delimited list of attribute values to retrieve.
	strAttributes = "mail, displayname"

	' Construct the LDAP syntax query.
	strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
	adoCommand.CommandText = strQuery
	adoCommand.Properties("Page Size") = 100
	adoCommand.Properties("Timeout") = 30
	adoCommand.Properties("Cache Results") = False

	' Run the query.
	Set adoRecordset = adoCommand.Execute
	Wscript.Echo adoRecordset.Fields("mail").Value & " ; " & adoRecordset.Fields("displayname").Value & " ; indirect send to rights"
	' Clean up.
	adoRecordset.Close
	adoConnection.Close

	Set adoRecordset = Nothing
	Set objRootDSE = Nothing
	Set adoConnection = Nothing
	Set adoCommand = Nothing
End Function	

Sub EnumNestedgroup(strGroupDN)
	Set objGroup = GetObject("LDAP://" & strGroupDN)
	For Each objMember in objGroup.Members
		If (LCase(objMember.Class) = "group") Then
			Call EnumNestedgroup(objMember.AdsPath)
		Else
			GetSendToRights objMember.AdsPath
		End If
	Next
	Set objGroup = Nothing
End Sub

When you have problems/questions with the script please post a reply.

Happy scripting.

Best regards,

Dirk Adamsky

VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
Rating: 0 (from 0 votes)
Posted by dirk adamsky at 14:08 Tagged with: , , , , , , , , , , , , , , ,

Active Directory: Vbscript to enumerate the owa (outlook web access) settings of all users of a nested group

active directory, outlookwebaccess, vbscript No Responses »
Apr 152010

Hmmmm I’m bored of myself: today’s script is another mutation of my enumerate nested group script.
Added are the owa (outlook web access) settings of all users. When a user has owa the last value of each line is “yes”. The owa settings for win/exchange 2003 are found through the user attribute “protocolSettings”.
Default setting for owa is “on”. The array protocolsettings has no specific owa entry at that moment.
When owa is explicitely denied the setting is created, when owa is enabled again this setting is altered.

Follow the next steps to run the script (no admin rights needed):

  • copy and paste the script in your favorite text editor
  • change the distinguished name of the nested group to your group distinguished name
  • save the script (for example c:\temp\enumeratenestedgroupowa.vbs)
  • open a command prompt
  • go to “c:\temp”
  • give “cscript enumeratenestedgroupowa.vbs” (without quotes) and enter

The script:

' Name : enumeratenestedgroupowa.vbs
' Description : script to enumerate the owa (outlook web access) settings of all users of a nested group
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 15-04-2010
' Level: intermediate

strTargetGroupDN = "LDAP://CN=testgroup,OU=Groups,DC=test,DC=org"
EnumNestedgroup strTargetGroupDN
Sub EnumNestedgroup(strGroupDN)
	Set objGroup = GetObject(strGroupDN)
	For Each objMember in objGroup.Members
		If (LCase(objMember.Class) = "group") Then
			EnumNestedgroup objMember.AdsPath
		Else
			strOwa = "Yes"
			If TypeName(objMember.[protocolSettings]) = "Variant()" Then
				arrProtocolsettings = objMember.[protocolSettings]
				For Each Protocol in arrProtocolsettings
					If Protocol = "HTTP§0§1§§§§§§" Then
					strOWA = "No"
				End If
			Next
		End If
		Wscript.Echo objMember.DisplayName & " ; " & objMember.Mail & " ; " & strOWA
		End If
	Next
	Set objGroup = Nothing
End Sub

When you have problems/questions please post a reply or give a ‘star’ rating.

Happy scripting.

Best regards,

Dirk Adamsky – Deludi BV

VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
Rating: 0 (from 0 votes)
Posted by dirk adamsky at 15:23 Tagged with: , , , , , , , , ,

Active Directory: VBscript to enumerate the last logon of the members of a nested group with treshold

lastlogon No Responses »
Mar 232010

Today I had to find out the lastlogon of the members of a nested group.
Extra request was the users who’s lastlogon was longer than 90 days ago.
I solved the problem by creating a script that was a combination of earlier scripts.
The lastlogon code came from my lastlogon script, the enumeration of the group members code was taken from my enumeratenestedgroup script. The users with a lastlogon of 1-1-1601 did never log on.

Follow the next steps to run the script (no admin rights needed):

  • open your favorite text editor
  • copy and paste the script into the editor
  • change the distinguished name of strTargetGroupDN to the distinguished name of your nested group
  • optionally: change the treshold value in line 17 to the desired value (example treshold value is 90 days)
  • save the script (for example c:\temp\enumerate-lastlogon-nestedgroup-with-treshold.vbs)
  • open a command prompt
  • go to “c:\temp”
  • give “cscript enumerate-lastlogon-nestedgroup-with-treshold.vbs” (without quotes) and enter

The script:

' Name : enumerate-lastlogon-nestedgroup-with-treshold.vbs
' Description : script to enumerate the last logon of the members of a nested group with treshold
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 23-03-2010
' Level : advanced

intBias = TimeZoneBias
strTargetGroupDN = "LDAP://CN=Testgroup,OU=Groups,DC=Test,DC=org"
EnumNestedgroup strTargetGroupDN
Sub EnumNestedgroup(strGroupDN)
	Set objGroup = GetObject(strGroupDN)
	For Each objMember in objGroup.Members
		If (LCase(objMember.Class) = "group") Then
			EnumNestedgroup objMember.AdsPath
		Else
			CheckLastLoginWithTreshold objMember.AdsPath, 90
		End If
	Next
	Set objGroup = Nothing
End Sub

Sub CheckLastLoginWithTreshold(strDN,intTreshold)
	Set objUser = GetObject(strDN)
	On Error resume next
	Set objDate = objUser.Get("lastLogonTimestamp")
	If (Err.Number <> 0) Then
        dtmDate = #1/1/1601#
    Else
		dtmDate = ((((objDate.Highpart * (2^32)) + objDate.LowPart)/(600000000 - intBias))/1440) + #1/1/1601#
	End If
	Set objDate = Nothing
	If DateDiff("d",dtmDate,Date) > intTreshold Then
		Wscript.Echo objUser.Displayname & " ; " & objUser.Mail & " ; " & dtmDate
	End If
	Set objUser = Nothing
End Sub

Function TimeZoneBias
	strComputer = "."
	Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
	Set colTimeZone = objWMIService.ExecQuery("Select * from Win32_TimeZone")
	For Each objTimeZone in colTimeZone
		TimeZoneBias = objTimeZone.Bias
	Next
	Set colTimeZone = Nothing
	Set objWMIService = Nothing
End Function

When you have problems/questions please post a reply.

Happy scripting.

Best regards,

Dirk Adamsky – Deludi BV

VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
Rating: 0 (from 0 votes)
Posted by dirk adamsky at 14:29 Tagged with: , , , , , , , , , , , , , , , , , ,

Active Directory: VBscript to enumerate the roaming profile size of all users in Active Directory

roamingprofile 6 Responses »
Mar 152010

For a sysadmin roaming profiles are both a blessing and a curse.
In time they tend to grow and grow…
The roaming profile size problem results in: long logon and logoff times, corrupted profiles, etc.
This script enumerates the roaming profile size of all users in your Active Directory domain.
By adding extra attributes to the arrAttributes array you can change the output.

Follow the next steps to run the script (admin rights needed for access to the roaming profiles directory):

* open your favorite text editor
* copy and paste the script into the editor
* save the script (for example c:\temp\roamingprofilesize.vbs)
* open a command prompt
* go to “c:\temp”
* give “cscript roamingprofilesize.vbs” (without quotes) and enter

The script:

' Name : roamingprofilesize.vbs
' Description : script to enumerate the roaming profile size of all users in Active Directory
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 15-03-2010
' Level : intermediate

arrAttributes = Array("profilePath","displayname","mail") 

Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection

Set objRootDSE = GetObject("LDAP://RootDSE")
strBase = "<LDAP://" & objRootDSE.Get("defaultNamingContext") & ">"
Set objRootDSE = Nothing

strFilter = "(&(objectCategory=person)(objectClass=user)(profilePath=*))"
strAttributes = Join(arrAttributes,",")
Wscript.Echo Join(arrAttributes,";") & " ; roaming profile size in MB"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute
Do Until adoRecordset.EOF
	On Error Resume Next
	strTempOutput = ""
	For i = 1 To Ubound(arrAttributes)
		strTempOutput =  strTempOutput & " ; " & adoRecordset.Fields(arrAttributes(i)).Value
		strOutput = Mid(Ltrim(strTempOutput),3)
	Next
	Wscript.Echo strOutput & " ; " & Foldersize (adoRecordset.Fields(arrAttributes(0)).Value) & " MB"
	adoRecordset.MoveNext
Loop
adoRecordset.Close
adoConnection.Close
Set adoRecordset = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing

Function Foldersize(strPath)
	On Error Resume Next
	Set objFSO = CreateObject("scripting.filesystemobject")
	Set objFld = objFSO.GetFolder(strPath)
	Foldersize = Round(objFld.Size/1048576,2)
	Set objFld = Nothing
	Set objFSO = Nothing
End Function

When you have problems/questions please post a reply. Also can alo give a ‘star’ rating.

Happy scripting.

Best regards,

Dirk Adamsky – Deludi BV

VN:F [1.9.3_1094]
Rating: 10.0/10 (1 vote cast)
VN:F [1.9.3_1094]
Rating: 0 (from 0 votes)
Posted by dirk adamsky at 11:14 Tagged with: , , , , , , , , , , , , , , , , ,

Active Directory And WMI: VBscript to monitor all servers in Active Directory

monitoring, ping No Responses »
Mar 042010

The script for today is a monitoring script.
Basically it is a concatenation of previous scripts/functions.
The script can be run as a scheduled task (for example every half hour).

What the script does:

  • run an ado query to get all servers from Active Directory
  • the function CheckStatus does the wmi ping to the servers and returns true or false
  • the servers that do not respond are put into a variable
  • the content of the variable is mailed to a given smtp address

Follow the next steps to run the script (no admin rights needed):

  • copy and paste the script in your favorite text editor
  • save the script (for example c:\temp\serveralive.vbs)
  • open a command prompt
  • go to “c:\temp”
  • give “cscript serveralive.vbs” (without quotes) and enter

The script:

' Name : serveralive.vbs
' Description : script to monitor all servers in Active Directory
' Author : dirk adamsky - deludi bv
' Version : 1.10 changed ado filter
' Date : 17-03-2010

' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection

' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"

' Filter on user objects.
strFilter = "(&(objectCategory=computer)(operatingSystem=*server*))"

' Comma delimited list of attribute values to retrieve.
strAttributes = "name"

' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

' Run the query.
Set adoRecordset = adoCommand.Execute

' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
	'On Error Resume Next
	strHostname = adoRecordset.Fields("name").Value
	If CheckStatus(strHostname) = False Then
		strNoReply = strNoReply & " ; " & strHostname
	End If
	'Move to the next record in the recordset.
    adoRecordset.MoveNext
Loop
Sendmail "monitoring@monitoring.org", strNoReply & " are not responding!" 'change the smtp address to your monitoring mailbox or distributionlist
' Clean up.
adoRecordset.Close
adoConnection.Close

Set adoRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing

Function CheckStatus(strAddress)
	Dim objPing, objRetStatus
	Set objPing = GetObject("winmgmts:{impersonationLevel=impersonate}").ExecQuery _
      ("select * from Win32_PingStatus where address = '" & strAddress & "'")
	For Each objRetStatus In objPing
        If IsNull(objRetStatus.StatusCode) Or objRetStatus.StatusCode <> 0 Then
			CheckStatus = False
        Else
			CheckStatus = True
        End If
    Next
	Set objPing = Nothing
End Function 

Function SendMail(strRecipient, strHeader)
	Set objMessage = CreateObject("CDO.Message")
	objMessage.Subject = strHeader
	objMessage.From = "guman002@utrecht.nl"
	objMessage.To = strRecipient
	objMessage.TextBody = "This is an automated message do not repond (or else you will be punished)."
	objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
	objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "smtp.test.org" 'change to your smtp server
	objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
	objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 60
	objMessage.Configuration.Fields.Update
	objMessage.Send
	Set objMessage = Nothing
End Function

When you have problems/questions please post a reply or give a ‘star’ rating.

Happy scripting.

Best regards,

Dirk Adamsky – Deludi BV

VN:F [1.9.3_1094]
Rating: 9.0/10 (1 vote cast)
VN:F [1.9.3_1094]
Rating: 0 (from 0 votes)
Posted by dirk adamsky at 14:43 Tagged with: , , , , , , , , , , , , , , , , , ,

Active Directory: VBscript to enumerate the Outlook details of all enabled users in your company

outlook No Responses »
Feb 232010

Ok today it is modification day.
This script is a modification of the previous outlook details script.
The modification is in the filter at line number 25: the filter attribute userAccountControl with value 512 is added. A value of 512 stands for an enabled user. When you want to reverse the output to all disabled users change the value of userAccountControl to 514.

Follow the next steps to run the script (no admin rights needed):

* open your favorite text editor
* copy and paste the script into the editor
* save the script (for example c:\temp\outlookdetails-enabled-users.vbs)
* open a command prompt
* go to “c:\temp”
* give “cscript outlookdetails-enabled-users.vbs” (without quotes) and enter

The script:

' Name : outlookdetails-enabled-users.vbs
' Description : script to enumerate the Outlook details of all enabled users in your company
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 23-02-2010
' Level : intermediate

Option Explicit
Dim adoCommand, adoConnection, strBase, strFilter, strAttributes
Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strUserDN, objUser, protocolSettings, strUser

' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection

' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"

' Filter on user objects.
strFilter = "(&(objectCategory=person)(objectClass=user)(userAccountControl=512))"

' Comma delimited list of attribute values to retrieve.
strAttributes = "mail,givenname,initials,sn,displayname,mailNickname,postalAddress,title,company,l,department,
st,streetAddress,postalCode,co,telephoneNumber,mobile,info,physicalDeliveryOfficeName"

' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

' Run the query.
Set adoRecordset = adoCommand.Execute

' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
    If adoRecordset.Fields("mail").Value <> "" Then
        If Left(adoRecordset.Fields("mail").Value, 13) <> "SystemMailbox" Then
            wscript.echo adoRecordset.Fields("mail").Value &_
            ";" & adoRecordset.Fields("givenname").Value &_
            ";" & adoRecordset.Fields("initials").Value &_
            ";" & adoRecordset.Fields("sn").Value &_
            ";" & adoRecordset.Fields("displayname").Value &_
            ";" & adoRecordset.Fields("mailNickname").Value &_
            ";" & adoRecordset.Fields("postalAddress").Value &_
            ";" & adoRecordset.Fields("title").Value &_
            ";" & adoRecordset.Fields("company").Value &_
            ";" & adoRecordset.Fields("l").Value &_
            ";" & adoRecordset.Fields("department").Value &_
            ";" & adoRecordset.Fields("st").Value &_
            ";" & adoRecordset.Fields("streetAddress").Value &_
            ";" & adoRecordset.Fields("postalCode").Value &_
            ";" & adoRecordset.Fields("co").Value &_
            ";" & adoRecordset.Fields("physicalDeliveryOfficeName").Value &_
            ";" & adoRecordset.Fields("telephoneNumber").Value &_
            ";" & adoRecordset.Fields("mobile").Value &_
            ";" & adoRecordset.Fields("info").Value
		End If
	End If
	'Move to the next record in the recordset.
    adoRecordset.MoveNext
Loop
' Clean up.
adoRecordset.Close
adoConnection.Close

Set adoRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing

When you have problems/questions please post a reply.

Happy scripting.

Best regards,

Dirk Adamsky – Deludi BV

VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
Rating: 0 (from 0 votes)
Posted by dirk adamsky at 14:27 Tagged with: , , , , , , , , , , , , , ,

Active Directory: VBscript to show all groups with multiple smtp addresses

groups No Responses »
Feb 232010

This script is a mutation of yesterday’s script.
It searches Active Directory for mail enabled groups with multiple smtp addresses.
By changing the treshold value (i) in line number 39 you can broaden or narrow your searches.

Follow the next steps to run the script (no admin rights needed):

* open your favorite text editor
* copy and paste the script into the editor
* save the script (for example c:\temp\showgroupswithmultiplesmtp.vbs)
* open a command prompt
* go to “c:\temp”
* give “cscript showgroupswithmultiplesmtp.vbs” (without quotes) and enter

The script:

' Name : showgroupswithmultiplesmtp.vbs
' Description : script to show all groups with multiple smtp addresses
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 23-02-2010
' Level : intermediate

Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection

Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"

strFilter = "(&(objectCategory=group)(mail=*))"
strAttributes = "distinguishedName"

strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

Set adoRecordset = adoCommand.Execute

Do Until adoRecordset.EOF
	On Error Resume Next
	Set objGroup = GetObject ("LDAP://" & adoRecordset.Fields("distinguishedName").Value)
	arrProxy = objGroup.GetEx("proxyAddresses")
	i = 0
	For Each strMailAddress in arrProxy
		If Lcase(Left(strMailAddress,5))= "smtp:" Then
			i = i + 1
		End If
	Next
	If i >= 2 Then
		strAllMailAddresses = ""
		For Each strMailAddress in arrProxy
			If Lcase(Left(strMailAddress,5))= "smtp:" Then
				strAllMailAddresses = strAllMailAddresses & " ; "  & strMailAddress
			End If
		Next
		Wscript.Echo objGroup.DisplayName & strAllMailAddresses
	End If
	Set objGroup = Nothing
	adoRecordset.MoveNext
Loop

adoRecordset.Close
adoConnection.Close

Set adoRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing

When you have problems/questions please post a reply.
I also added a rating system yesterday, thank you in advance for your reaction.

Happy scripting.

Best regards,

Dirk Adamsky – Deludi BV

VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
Rating: 0 (from 0 votes)
Posted by dirk adamsky at 09:06 Tagged with: , , , , , , , , , , , , , ,

Active Directory: VBscript to show all users with multiple smtp addresses

email 1 Response »
Feb 222010

The best way to get rid off that monday morning feeling is to make a new script…..
Today’s script searches Active Directory for users or resource accounts with multiple smtp addresses.
By changing the treshold value (i) in line number 39 you can broaden or narrow your searches.

Follow the next steps to run the script (no admin rights needed):

* open your favorite text editor
* copy and paste the script into the editor
* save the script (for example c:\temp\showmultiplesmtp.vbs)
* open a command prompt
* go to “c:\temp”
* give “cscript showmultiplesmtp.vbs” (without quotes) and enter

The script:

' Name : showmultiplesmtp.vbs
' Description : script to show all users with multiple smtp addresses
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 22-02-2010
' Level : intermediate

Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection

Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"

strFilter = "(&(objectCategory=person)(objectClass=user)(mail=*))"
strAttributes = "distinguishedName"

strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

Set adoRecordset = adoCommand.Execute

Do Until adoRecordset.EOF
	On Error Resume Next
	Set objUser = GetObject ("LDAP://" & adoRecordset.Fields("distinguishedName").Value)
	arrProxy = objUser.GetEx("proxyAddresses")
	i = 0
	For Each strMailAddress in arrProxy
		If Lcase(Left(strMailAddress,5))= "smtp:" Then
			i = i + 1
		End If
	Next
	If i >= 4 Then
		strAllMailAddresses = ""
		For Each strMailAddress in arrProxy
			If Lcase(Left(strMailAddress,5))= "smtp:" Then
				strAllMailAddresses = strAllMailAddresses & " ; "  & strMailAddress
			End If
		Next
		Wscript.Echo objUser.DisplayName & strAllMailAddresses
	End If
	Set objUser = Nothing
	adoRecordset.MoveNext
Loop

adoRecordset.Close
adoConnection.Close

Set adoRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing

When you have problems/questions please post a reply.

Happy scripting.

Best regards,

Dirk Adamsky – Deludi BV

VN:F [1.9.3_1094]
Rating: 8.0/10 (1 vote cast)
VN:F [1.9.3_1094]
Rating: 0 (from 0 votes)
Posted by dirk adamsky at 15:24 Tagged with: , , , , , , , , , , , ,

Active Directory: VBscript to enumerate the Outlook details of all users in your company

outlook 1 Response »
Feb 092010

Today’s script gives you almost all user details that are visible in Outlook.
It is tested with Exchange-Outlook 2003.
The script itself is a regular ADO query only pimped with a lot of attributes (19 to be precisely).

Follow the next steps to run the script (no admin rights needed):

* open your favorite text editor
* copy and paste the script into the editor
* save the script (for example c:\temp\outlookdetails.vbs)
* open a command prompt
* go to “c:\temp”
* give “cscript outlookdetails.vbs” (without quotes) and enter

The script:

' Name : outlookdetails.vbs
' Description : script to enumerate the Outlook details of all users in your company
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 09-02-2010
' Level : intermediate

Option Explicit
Dim adoCommand, adoConnection, strBase, strFilter, strAttributes
Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strUserDN, objUser, protocolSettings, strUser

' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection

' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"

' Filter on user objects.
strFilter = "(&(objectCategory=person)(objectClass=user))"

' Comma delimited list of attribute values to retrieve.
strAttributes = "mail,givenname,initials,sn,displayname,mailNickname,postalAddress,title,company,l,department,
st,streetAddress,postalCode,co,telephoneNumber,mobile,info,physicalDeliveryOfficeName"

' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

' Run the query.
Set adoRecordset = adoCommand.Execute

' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
    If adoRecordset.Fields("mail").Value <> "" Then
        If Left(adoRecordset.Fields("mail").Value, 13) <> "SystemMailbox" Then
            wscript.echo adoRecordset.Fields("mail").Value &_
            ";" & adoRecordset.Fields("givenname").Value &_
            ";" & adoRecordset.Fields("initials").Value &_
            ";" & adoRecordset.Fields("sn").Value &_
            ";" & adoRecordset.Fields("displayname").Value &_
            ";" & adoRecordset.Fields("mailNickname").Value &_
            ";" & adoRecordset.Fields("postalAddress").Value &_
            ";" & adoRecordset.Fields("title").Value &_
            ";" & adoRecordset.Fields("company").Value &_
            ";" & adoRecordset.Fields("l").Value &_
            ";" & adoRecordset.Fields("department").Value &_
            ";" & adoRecordset.Fields("st").Value &_
            ";" & adoRecordset.Fields("streetAddress").Value &_
            ";" & adoRecordset.Fields("postalCode").Value &_
            ";" & adoRecordset.Fields("co").Value &_
            ";" & adoRecordset.Fields("physicalDeliveryOfficeName").Value &_
            ";" & adoRecordset.Fields("telephoneNumber").Value &_
            ";" & adoRecordset.Fields("mobile").Value &_
            ";" & adoRecordset.Fields("info").Value
		End If
	End If
	'Move to the next record in the recordset.
    adoRecordset.MoveNext
Loop
' Clean up.
adoRecordset.Close
adoConnection.Close

Set adoRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing

When you have problems/questions please post a reply.

Happy scripting.

Best regards,

Dirk Adamsky – Deludi BV

VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
Rating: 0 (from 0 votes)
Posted by dirk adamsky at 13:11 Tagged with: , , , , , , , , , , , , , , , ,

Active Directory: VBscript to enumerate the message restrictions (send to rights) of a distributionlist

messagerestrictions 5 Responses »
Feb 082010

Finally I can show you my script to enumerate the message restrictions (send to rights as I tend to call then) on a distributionlist. The send to rights consists of 2 pieces, the users and the groups rights.
The users with send to rights are enumerated in the authOrig attribute of the distribution list AD object, the groups are allocated in the dLMemSubmitPerms attribute. Both attributes are arrays.
I also found out that when a listed user or resource mailbox had send as rights on it’s Active Directory object the users listed in the send as also have send to rights on the distribution list.

Follow the next steps to run the script (no admin rights needed):

* find the distinguished name of the nested group (adsiedit.msc)
* open your favorite text editor
* copy and paste the script into the editor
* change the distinguished name
* save the script (for example c:\temp\enumeratesendtorights.vbs)
* open a command prompt
* go to “c:\temp”
* give “cscript enumeratesendtorights.vbs” (without quotes) and enter

The script:

' Name : enumeratesendtorights.vbs
' Description : script to enumerate the message restrictions (send to rights) of a distributionlist
' Author : dirk adamsky - deludi bv
' Version : 1.10 added check on attribute type based on input from Pedro (see comments)
' Date : 11-03-2010 (v.1.00 date 08-02-2010)
' Level: advanced

Set objSourceGroup = GetObject("LDAP://CN=distribution list (all members),OU=groups,DC=test,DC=org")
If objSourceGroup.authOrig <> "" Then
	If TypeName(objSourceGroup.authOrig) = "String" Then
		GetSendToRights ("LDAP://" & objSourceGroup.authOrig)
	Else
		For Each User In objSourceGroup.authOrig
			GetSendToRights ("LDAP://" & User)
		Next
	End If
End If
If objSourceGroup.dLMemSubmitPerms <> "" Then
	If TypeName(objSourceGroup.dLMemSubmitPerms) = "String" Then
		EnumNestedgroup objSourceGroup.dLMemSubmitPerms
	Else
		For Each Group in objSourceGroup.dLMemSubmitPerms
			EnumNestedgroup Group
		Next
	End If
End If
Set objSourceGroup = Nothing

Function GetSendToRights(strUserDN)
	On Error Resume Next
	Set objAccount = GetObject(strUserDN)
	Wscript.Echo objAccount.Mail & " ; " & objAccount.DisplayName & " ; direct send to rights"
	Set objSecurityDescriptor = objAccount.Get("ntSecurityDescriptor")
	Set objDacl = objSecurityDescriptor.DiscretionaryAcl
	Set objAce = CreateObject("AccessControlEntry")
	For Each objAce In objDacl
		If objAce.ObjectType = "{AB721A54-1E2F-11D0-9819-00AA0040529B}" Then
			If (Left(objAce.Trustee,3) <> "S-1" And objAce.Trustee <> "NT AUTHORITY\SELF") Then
				GetUserDetails Mid(objAce.Trustee,9)
			End If
		End If
	Next
End Function

Function GetUserDetails(strPreW2K)
	Set adoCommand = CreateObject("ADODB.Command")
	Set adoConnection = CreateObject("ADODB.Connection")
	adoConnection.Provider = "ADsDSOObject"
	adoConnection.Open "Active Directory Provider"
	adoCommand.ActiveConnection = adoConnection

	' Search entire Active Directory domain.
	Set objRootDSE = GetObject("LDAP://RootDSE")
	strDNSDomain = objRootDSE.Get("defaultNamingContext")
	strBase = "<LDAP://" & strDNSDomain & ">"

	' Filter on user objects.
	strFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" &  strPreW2K & "))"

	' Comma delimited list of attribute values to retrieve.
	strAttributes = "mail, displayname"

	' Construct the LDAP syntax query.
	strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
	adoCommand.CommandText = strQuery
	adoCommand.Properties("Page Size") = 100
	adoCommand.Properties("Timeout") = 30
	adoCommand.Properties("Cache Results") = False

	' Run the query.
	Set adoRecordset = adoCommand.Execute
	Wscript.Echo adoRecordset.Fields("mail").Value & " ; " & adoRecordset.Fields("displayname").Value & " ; indirect send to rights"
	' Clean up.
	adoRecordset.Close
	adoConnection.Close

	Set adoRecordset = Nothing
	Set objRootDSE = Nothing
	Set adoConnection = Nothing
	Set adoCommand = Nothing
End Function	

Sub EnumNestedgroup(strGroupDN)
	Set objGroup = GetObject("LDAP://" & strGroupDN)
	For Each objMember in objGroup.Members
		If (LCase(objMember.Class) = "group") Then
			Call EnumNestedgroup(objMember.AdsPath)
		Else
			GetSendToRights objMember.AdsPath
		End If
	Next
	Set objGroup = Nothing
End Sub

When you have problems/questions with the script please post a reply.

Happy scripting.

Best regards,

Dirk Adamsky

VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
Rating: 0 (from 0 votes)
Posted by dirk adamsky at 12:58 Tagged with: , , , , , , , , , , , , , , , , , , , ,
Older Entries
© 2010 Dirk Adamsky Scripting Blog Suffusion WordPress theme by Sayontan Sinha