Suffering from a lack of inspiration I decided to rework a previous script.
I had a request on my previous messagerestriction script.
Added to the script is the option to enter the smtp address of
the user or group object for which the messagerestrictions are set.
I have done that by re-using code from this script.
Another question was the option to output to a file,
this can be done easily by running the script like this:
cscript enumeratesendtorights.vbs > thefilenameofyourchoice.txt.
Follow the next steps to run the script (no admin rights needed):
* find the distinguished name of the nested group (adsiedit.msc)
* open your favorite text editor
* copy and paste the script into the editor
* change the distinguished name
* save the script (for example c:\temp\enumeratesendtorights.vbs)
* open a command prompt
* go to “c:\temp”
* give “cscript enumeratesendtorights.vbs” (without quotes) and enter
The script:
' Name : enumeratesendtorights.vbs
' Description : script to enumerate the message restrictions (send to rights) of a distributionlist
' Author : dirk adamsky - deludi bv
' Version : 2.00 added smtp input option based on input from M (see comments on previous script)
' Date : 20-08-2010 (v.1.00 date 08-02-2010)
' Level: advanced
strObject = InputBox("Please enter the smtp address")
Set objSource = GetObject("LDAP://" & GetDN(strObject))
If TypeName(objSource.authOrig) = "String" Then
GetSendToRights ("LDAP://" & objSource.authOrig)
Else
For Each User In objSource.authOrig
GetSendToRights ("LDAP://" & User)
Next
End If
If TypeName(objSource.dLMemSubmitPerms) = "String" Then
EnumNestedgroup objSource.dLMemSubmitPerms
Else
For Each Group in objSource.dLMemSubmitPerms
EnumNestedgroup Group
Next
End If
Set objSource = Nothing
Function GetDN(strMail)
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strBase = "<LDAP://" & objRootDSE.Get("defaultNamingContext") & ">"
' Filter on user objects.
strFilter = "(mail=" & strMail & ")"
' Comma delimited list of attribute values to retrieve.
strAttributes = "distinguishedName"
' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute
wscript.echo adoRecordset.Fields("distinguishedName").Value
GetDN = adoRecordset.Fields("distinguishedName").Value
adoRecordset.Close
adoConnection.Close
Set adoRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing
End Function
Function GetSendToRights(strUserDN)
On Error Resume Next
Set objAccount = GetObject(strUserDN)
Wscript.Echo objAccount.Mail & " ; " & objAccount.DisplayName & " ; direct send to rights"
Set objSecurityDescriptor = objAccount.Get("ntSecurityDescriptor")
Set objDacl = objSecurityDescriptor.DiscretionaryAcl
Set objAce = CreateObject("AccessControlEntry")
For Each objAce In objDacl
If objAce.ObjectType = "{AB721A54-1E2F-11D0-9819-00AA0040529B}" Then
If (Left(objAce.Trustee,3) <> "S-1" And objAce.Trustee <> "NT AUTHORITY\SELF") Then
GetUserDetails Mid(objAce.Trustee,9)
End If
End If
Next
End Function
Function GetUserDetails(strPreW2K)
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
' Filter on user objects.
strFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & strPreW2K & "))"
' Comma delimited list of attribute values to retrieve.
strAttributes = "mail, displayname"
' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
' Run the query.
Set adoRecordset = adoCommand.Execute
Wscript.Echo adoRecordset.Fields("mail").Value & " ; " & adoRecordset.Fields("displayname").Value & " ; indirect send to rights"
' Clean up.
adoRecordset.Close
adoConnection.Close
Set adoRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing
End Function
Sub EnumNestedgroup(strGroupDN)
Set objGroup = GetObject("LDAP://" & strGroupDN)
For Each objMember in objGroup.Members
If (LCase(objMember.Class) = "group") Then
Call EnumNestedgroup(objMember.AdsPath)
Else
GetSendToRights objMember.AdsPath
End If
Next
Set objGroup = Nothing
End Sub
When you have problems/questions with the script please post a reply.
Happy scripting.
Best regards,
Dirk Adamsky
VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
The next script for today enumerates all hidden distribution groups.
This is done by an ADO query with a filter on groups, msExchHideFromAddressLists and mail property.
Follow the next steps to run the script (no admin rights needed):
- copy and paste the script in your favorite text editor
- save the script (for example c:\temp\hidden-distribution-groups.vbs)
- open a command prompt
- go to “c:\temp”
- give “cscript hidden-distribution-groups.vbs” (without quotes) and enter
The script:
' Name : hidden-distribution-groups.vbs
' Description : script to enumerate all distribution groups that are hidden in the Global Address List
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 15-07-2010
' Level: intermediate
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strBase = "<LDAP://" & objRootDSE.Get("defaultNamingContext") & ">"
strFilter = "(&(objectCategory=group)(msExchHideFromAddressLists=TRUE)(mail=*))"
strAttributes = "displayname, mail, msExchHideFromAddressLists"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set objRecordset = adoCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
Wscript.Echo objRecordSet.Fields("displayname").Value & " ; " & objRecordSet.Fields("mail").Value
objRecordSet.MoveNext
Loop
Set objRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing
When you have problems/questions please post a reply or give a ‘star’ rating.
Happy scripting.
Best regards,
Dirk Adamsky – Deludi BV
VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
Today I made a script as requested by Jamal.
It is a further development of a script to enumerate all exchange mailboxes and their size which can be found here.
What the script does:
- ask for the smtp address of the mailbox
- get the displayname and homembd properties of that mailbox
- enumerate all exchange servers
- make a wmi connection with the exchange server on which the mailbox resides
- get the size of the mailbox
The script is tested in an win2003/exchange2003 environment.
Follow the next steps to run the script (admin rights needed):
- copy and paste the script in your favorite text editor
- save the script (for example c:\temp\mailboxsize.vbs)
- open a command prompt
- go to “c:\temp”
- give “cscript mailboxsize.vbs” (without quotes) and enter
The script:
' Name : mailboxsize.vbs
' Description : script to show the size of a specific mailbox
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 18-05-2010
' Level: advanced
Dim strDisplayName, strHomeMDB
strSMTP = InputBox("Please fill in the SMTP address of the user")
GetDisplayNameAndHomeMDB(strSMTP)
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strBase = "<LDAP://" & objRootDSE.Get("configurationnamingcontext") & ">"
strFilter = "(objectCategory=msExchExchangeServer)"
strAttributes = "name"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute
Do Until adoRecordset.EOF
If Instr(strHomeMDB,adoRecordset.Fields("name").Value) > 1 Then
Set objWMIExchange = GetObject("winmgmts:{impersonationLevel=impersonate}!//"&_
adoRecordset.Fields("name").Value & "/root/MicrosoftExchangeV2")
Set colExchangeMailboxes = objWMIExchange.ExecQuery("Select * From Exchange_Mailbox Where MailboxDisplayName = '" & strDisplayName & "'")
For Each objExchangeMailbox in colExchangeMailboxes
If Left(objExchangeMailbox.StorageGroupName, 5) <> "Recov" Then
Wscript.Echo adoRecordset.Fields("name").Value & " ; " & objExchangeMailbox.MailboxDisplayName & " ; " &_
Round(objExchangeMailbox.Size/1024,0) & " MB"
End If
Next
Set colExchange_Mailboxes = Nothing
Set objWMIExchange = Nothing
End If
adoRecordset.MoveNext
Loop
adoRecordset.Close
adoConnection.Close
Set adoRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing
Function GetDisplayNameAndHomeMDB(strMail)
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
strFilter = "(&(objectCategory=person)(objectClass=user)(mail=" & strMail & "))"
strAttributes = "displayName,homeMDB"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute
strDisplayName = adoRecordset.Fields("displayName").Value
strHomeMDB = adoRecordset.Fields("homeMDB").Value
adoRecordset.Close
adoConnection.Close
Set adoRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing
End Function
When you have problems/questions please post a reply or give a ‘star’ rating.
Happy scripting.
Best regards,
Dirk Adamsky – Deludi BV
VN:F [1.9.3_1094]
Rating: 10.0/10 (1 vote cast)
VN:F [1.9.3_1094]
Ok let’s do another nested group script.
This script enumerates the lastlogon of all members of a nested group.
Attention: the lastlogontimestamp attribute has a treshold of 2 weeks, so recently added users might not occur in the output of the script.
Follow the next steps to run the script (no admin rights needed):
- copy and paste the script in your favorite text editor
- change the distinguished name of the nested group to your group distinguished name
- save the script (for example c:\temp\enumeratenestedgrouplastlogon.vbs)
- open a command prompt
- go to “c:\temp”
- give “cscript enumeratenestedgrouplastlogon.vbs” (without quotes) and enter
The script:
' Name : enumeratenestedgrouplastlogon.vbs
' Description : script to enumerate the lastlogon of all users of a nested group
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 13-04-2010
' Level: intermediate
intBias = TimeZoneBias
strTargetGroupDN = "LDAP://CN=testgroup,OU=Groups,DC=test,DC=org"
EnumNestedgroup strTargetGroupDN
Sub EnumNestedgroup(strGroupDN)
Set objGroup = GetObject(strGroupDN)
For Each objMember in objGroup.Members
If (LCase(objMember.Class) = "group") Then
EnumNestedgroup objMember.AdsPath
ElseIf TypeName(objMember.lastLogonTimeStamp) <> "Empty" Then
Set objDate = objMember.lastLogonTimeStamp
If (Err.Number <> 0) Then
dtmDate = #1/1/1601#
Else
dtmDate = ((((objDate.Highpart * (2^32)) + objDate.LowPart)/(600000000 - intBias))/1440) + #1/1/1601#
End If
Set objDate = Nothing
Wscript.Echo objMember.DisplayName & " ; " & objMember.Mail & " ; " & dtmDate
End If
Next
Set objGroup = Nothing
End Sub
Function TimeZoneBias
strComputer = "."
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colTimeZone = objWMIService.ExecQuery("Select * from Win32_TimeZone")
For Each objTimeZone in colTimeZone
TimeZoneBias = objTimeZone.Bias
Next
Set colTimeZone = Nothing
Set objWMIService = Nothing
End Function
When you have problems/questions please post a reply or give a ‘star’ rating.
Happy scripting.
Best regards,
Dirk Adamsky – Deludi BV
VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
Script for today is a mutation of my previous enumerate nested group script.
The script enumerates all nested group users with a citrix token.
Follow the next steps to run the script (no admin rights needed):
- copy and paste the script in your favorite text editor
- change the distinguished name of the nested group to your group distinguished name
- save the script (for example c:\temp\enumeratenestedgrouptokens.vbs)
- open a command prompt
- go to “c:\temp”
- give “cscript enumeratenestedgrouptokens.vbs” (without quotes) and enter
The script:
' Name : enumeratenestedgrouptokens.vbs
' Description : script to enumerate the citrix tokens of a nested group
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 13-04-2010
' Level: intermediate
strTargetGroupDN = "LDAP://CN=testgroup,OU=groups,DC=test,DC=org"
EnumNestedgroup strTargetGroupDN
Sub EnumNestedgroup(strGroupDN)
Set objGroup = GetObject(strGroupDN)
For Each objMember in objGroup.Members
If (LCase(objMember.Class) = "group") Then
EnumNestedgroup objMember.AdsPath
ElseIf objMember.[securecomputingCom2000-SafeWord-UserID] <> "" Then
Wscript.Echo objMember.DisplayName & " ; " & objMember.Mail & " ; " & objMember.[securecomputingCom2000-SafeWord-UserID]
End If
Next
Set objGroup = Nothing
End Sub
When you have problems/questions please post a reply or give a ‘star’ rating.
Happy scripting.
Best regards,
Dirk Adamsky – Deludi BV
VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
This script enables oma (outlook mobile access) based on a list of smtp addresses in an excel sheet.
What the script does:
- get the users smtp address from the excel sheet (c:\temp\oma.xls)
- the function FindDN finds the corresponding distinguished name of the user object
- the function EnableOma enables oma for the user
- the function LogPrint creates logging for all actions
Follow the next steps to run the script (admin rights needed):
- create an excel sheet with a list of smtp addresses to be oma enabled
- save the sheet as c:\temp\oma.xls
- copy and paste the script in your favorite text editor
- save the script (for example c:\temp\enableoma.vbs)
- open a command prompt
- go to “c:\temp”
- give “cscript enableoma.vbs” (without quotes) and enter
The script:
' Name : enableoma.vbs
' Description : script to enable oma (outlook mobile access) from an excel sheet
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 06-04-2010
Set objExcel = CreateObject("Excel.Application")
Set objWorkbook = objExcel.Workbooks.Open("C:\temp\oma.xls")
intRow = 2
Do Until objExcel.Cells(intRow,1).Value = ""
strSmtpAddress = objExcel.Cells(intRow, 1).Value
If strSmtpAddress <> "" Then
strDN = FindDN strSmtpAddress
EnableOma strDN
Logprint "outlook mobile access is enabled for ; " & strSmtpAddress
End If
intRow = intRow + 1
Loop
objExcel.Quit
Set objWorkbook = Nothing
Set objExcel = Nothing
Function EnableOma(strAccount)
Set objUser = GetObject ("LDAP://" & strAccount)
objUser.Put "msExchOmaAdminWirelessEnable", "0"
objUser.setinfo
Set objUser = Nothing
End Function
Function LogPrint(Message)
Const ForAppending = 8
strDate = Replace(Date,"/","-")
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = ObjFSO.OpenTextFile(strDate & "-OmaEnabledAgain.csv", ForAppending, True)
objTextFile.WriteLine Message
objTextFile.Close
Set objTextFile = Nothing
Set ObjFSO = Nothing
End Function
Function FindDN(strSmtp)
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strBase = "<LDAP://" & objRootDSE.Get("defaultNamingContext") & ">"
' Filter on user objects.
strFilter = "(mail=" & strSmtp & ")"
' Comma delimited list of attribute values to retrieve.
strAttributes = "distinguishedName"
' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
' Run the query.
Set adoRecordset = adoCommand.Execute
FindDN = adoRecordset.Fields("distinguishedName").Value
' Clean up.
adoRecordset.Close
adoConnection.Close
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing
End Function
When you have problems/questions please post a reply, you can also rate the script.
Happy scripting.
Best regards,
Dirk Adamsky – Deludi BV
VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
Last friday I got a question from Marten on the number of users that a subgroup contains.
I have made a small mutation of the previous script to achieve this. The output of the script now contains the number of users in each subgroup.
Follow the next steps to run the script (no admin rights needed):
- open your favorite text editor
- copy and paste the script into the editor
- save the script (for example c:\temp\countgroupmembershipnestedgroup.vbs)
- open a command prompt
- go to “c:\temp”
- give “cscript countgroupmembershipnestedgroup.vbs” (without quotes) and enter
The script:
' Name : countgroupmembershipnestedgroup.vbs
' Description : script to count the number of users in subgroups of a nested distribution group
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 30-03-2010
' Level : intermediate
Set objDictionary = CreateObject("Scripting.Dictionary")
strTargetGroupDN = "LDAP://CN=SW (Alle Medewerkers),OU=DistributieGroepen,OU=Groepen,DC=domstad,DC=org"
Call EnumNestedgroup(strTargetGroupDN)
Sub EnumNestedgroup(strGroupDN)
Set objGroup = GetObject(strGroupDN)
For Each objMember in objGroup.Members
If (LCase(objMember.Class) = "group") Then
Call EnumNestedgroup(objMember.AdsPath)
Else
If objDictionary.Exists(objGroup.DisplayName) Then
objDictionary.Item(objGroup.DisplayName) = objDictionary.Item(objGroup.DisplayName) + 1
Else
objDictionary.Add objGroup.DisplayName, 1
End If
End If
Next
Set objGroup = Nothing
End Sub
For Each strKey in objDictionary.Keys
If objDictionary.Item(strKey) > 1 Then
Wscript.Echo strKey & " contains ; " & objDictionary.Item(strKey) & " ; users"
End If
Next
Set objDictionary = Nothing
When you have problems/questions please post a reply.
Happy scripting.
Best regards,
Dirk Adamsky – Deludi BV
VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
Sometimes a user account is accidentally deleted. The corresponding exchange mailbox object is still there for a month.
After creating a new user object, this user object has to be connected to the old mailbox object.
In a large organization the number of exchange stores/databases is often high too. This gives you as sysadmin a lot of mouseclicks…. The next script helps you to get around this problem: it enumerates user and the store of the user’s mailbox and creates a logfile with datestamp. When you schedule this script let’s say weekly you can simple open the textfile of the week before the user account was deleted to find out in which store the old mailbox resides.
Follow the next steps to run the script (no admin rights needed):
- open your favorite text editor
- copy and paste the script into the editor
- save the script (for example c:\temp\store.vbs)
- open a command prompt
- go to “c:\temp”
- give “cscript store.vbs” (without quotes) and enter
The script:
' Name : store.vbs
' Description : script to log the mailbox store of all users
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 26-03-2010
' Level : intermediate
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strBase = "<LDAP://" & objRootDSE.Get("defaultNamingContext") & ">"
strFilter = "(&(objectCategory=person)(objectClass=user)(mail=*))"
strAttributes = "cn,mail,homemdb"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute
Do Until adoRecordset.EOF
LogPrint adoRecordset.Fields("cn").Value & ":" & adoRecordset.Fields("mail").Value &_
":" & adoRecordset.Fields("homemdb").Value
adoRecordset.MoveNext
Loop
adoRecordset.Close
adoConnection.Close
Set adoRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing
Function LogPrint(Message)
Const ForAppending = 8
strDate = Replace(Date,"/","-")
Set ObjFSO = CreateObject("Scripting.FileSystemObject")
Set objTextFile = ObjFSO.OpenTextFile(strDate & "-UsersInStore.csv", ForAppending, True)
objTextFile.WriteLine Message
objTextFile.Close
Set objTextFile = Nothing
Set ObjFSO = Nothing
End Function
When you have problems/questions please post a reply.
Happy scripting.
Best regards,
Dirk Adamsky – Deludi BV
VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
Today I had to find out the lastlogon of the members of a nested group.
Extra request was the users who’s lastlogon was longer than 90 days ago.
I solved the problem by creating a script that was a combination of earlier scripts.
The lastlogon code came from my lastlogon script, the enumeration of the group members code was taken from my enumeratenestedgroup script. The users with a lastlogon of 1-1-1601 did never log on.
Follow the next steps to run the script (no admin rights needed):
- open your favorite text editor
- copy and paste the script into the editor
- change the distinguished name of strTargetGroupDN to the distinguished name of your nested group
- optionally: change the treshold value in line 17 to the desired value (example treshold value is 90 days)
- save the script (for example c:\temp\enumerate-lastlogon-nestedgroup-with-treshold.vbs)
- open a command prompt
- go to “c:\temp”
- give “cscript enumerate-lastlogon-nestedgroup-with-treshold.vbs” (without quotes) and enter
The script:
' Name : enumerate-lastlogon-nestedgroup-with-treshold.vbs
' Description : script to enumerate the last logon of the members of a nested group with treshold
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 23-03-2010
' Level : advanced
intBias = TimeZoneBias
strTargetGroupDN = "LDAP://CN=Testgroup,OU=Groups,DC=Test,DC=org"
EnumNestedgroup strTargetGroupDN
Sub EnumNestedgroup(strGroupDN)
Set objGroup = GetObject(strGroupDN)
For Each objMember in objGroup.Members
If (LCase(objMember.Class) = "group") Then
EnumNestedgroup objMember.AdsPath
Else
CheckLastLoginWithTreshold objMember.AdsPath, 90
End If
Next
Set objGroup = Nothing
End Sub
Sub CheckLastLoginWithTreshold(strDN,intTreshold)
Set objUser = GetObject(strDN)
On Error resume next
Set objDate = objUser.Get("lastLogonTimestamp")
If (Err.Number <> 0) Then
dtmDate = #1/1/1601#
Else
dtmDate = ((((objDate.Highpart * (2^32)) + objDate.LowPart)/(600000000 - intBias))/1440) + #1/1/1601#
End If
Set objDate = Nothing
If DateDiff("d",dtmDate,Date) > intTreshold Then
Wscript.Echo objUser.Displayname & " ; " & objUser.Mail & " ; " & dtmDate
End If
Set objUser = Nothing
End Sub
Function TimeZoneBias
strComputer = "."
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colTimeZone = objWMIService.ExecQuery("Select * from Win32_TimeZone")
For Each objTimeZone in colTimeZone
TimeZoneBias = objTimeZone.Bias
Next
Set colTimeZone = Nothing
Set objWMIService = Nothing
End Function
When you have problems/questions please post a reply.
Happy scripting.
Best regards,
Dirk Adamsky – Deludi BV
VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
Outlook web access is incorporated in Active Directory through the user attribute “protocolSettings”.
Default setting is for owa is ‘enabled’. The attribute ‘protocolSettings’ has no specific entry for owa at this stage. Only when owa is explicitly denied for a specific user an entry is added, the value of this entry is:
HTTP§0§1§§§§§§. When owa is enabled again for this user the value changes to HTTP§0§0§§§§§§.
This script is tested for outlook/exchange2003.
Follow the next steps to run the script (no admin rights needed):
* open your favorite text editor
* copy and paste the script into the editor
* save the script (for example c:\temp\owausers.vbs)
* open a command prompt
* go to “c:\temp”
* give “cscript owausers.vbs” (without quotes) and enter
The script:
' Name : owausers.vbs
' Description : script to enumerate all users with Outlook Web Access (owa)
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 22-03-2010
' Level : intermediate
Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strBase = "<LDAP://" & objRootDSE.Get("defaultNamingContext") & ">"
Set objRootDSE = Nothing
strFilter = "(&(objectCategory=person)(objectClass=user)(mail=*)(!(cn=systemmailbox*)))"
strAttributes = "distinguishedname, mail, displayname, protocolSettings"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
Do Until objRecordSet.EOF
strOwa = "Yes"
If TypeName(objRecordSet.Fields("protocolSettings").value) = "Variant()" Then
arrProtocolsettings = objRecordSet.Fields("protocolSettings").value
For Each Protocol in arrProtocolsettings
If Protocol = "HTTP§0§1§§§§§§" Then
strOWA = "No"
End If
Next
End If
Wscript.Echo objRecordSet.Fields("displayname").Value & " uses outlook web access = " & strOwa
objRecordSet.MoveNext
Loop
objRecordSet.Close
objConnection.Close
Set objRecordSet = Nothing
Set objConnection = Nothing
Set objCommand = Nothing
When you have problems/questions please post a reply, you can also rate the script.
Happy scripting.
Best regards,
Dirk Adamsky – Deludi BV
VN:F [1.9.3_1094]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.3_1094]
Recent Comments