The script for today is created for Paul.
It is an extension of the previous server uptime script.
The uptime is now formatted in: xx days, xx hours, xx minutes.
Follow the next steps to run the script (admin rights needed for the WMI connections):
- copy and paste the script in your favorite text editor
- save the script (for example c:\temp\serveruptimev2.vbs)
- open a command prompt
- go to “c:\temp”
- give “cscript serveruptimev2.vbs” (without quotes) and enter
The script:
' Name : serveruptimev2.vbs
' Description : script to enumerate the system uptime of all servers in Active Directory V2
' Author : dirk adamsky - deludi bv
' Version : 2.00
' Date : 15-07-2010
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
strFilter = "(&(objectCategory=computer)(operatingSystem=*server*))"
strAttributes = "name"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute
Do Until adoRecordset.EOF
On Error Resume Next
strHostname = adoRecordset.Fields("name").Value
If CheckStatus(strHostname) = False Then
Wscript.Echo strHostname & " does not reply"
Else
Wscript.Echo strHostname & " is up for " & GetUptime(strHostname)
End If
adoRecordset.MoveNext
Loop
adoRecordset.Close
adoConnection.Close
Set adoRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing
Function CheckStatus(strAddress)
Dim objPing, objRetStatus
Set objPing = GetObject("winmgmts:{impersonationLevel=impersonate}").ExecQuery _
("select * from Win32_PingStatus where address = '" & strAddress & "'")
For Each objRetStatus In objPing
If IsNull(objRetStatus.StatusCode) Or objRetStatus.StatusCode <> 0 Then
CheckStatus = False
Else
CheckStatus = True
End If
Next
Set objPing = Nothing
End Function
Function GetUptime(strServer)
Set objDateTime = CreateObject("WbemScripting.SWbemDateTime")
Set objWMIService = GetObject("winmgmts:\\" & strServer & "\root\cimv2")
Set colOperatingSystems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem")
For Each objOS in colOperatingSystems
objDateTime.Value = objOS.LastBootUpTime
strMinutes = DateDiff("n", objDateTime.GetVarDate, Now)
If strMinutes =< 0 Then
strUptime = "0 days, 0 hours, 0 minutes"
Else
strUptime = ""
If strMinutes >= 1440 Then
strUptime = Round(strMinutes\1440,0) & " days,"
End If
strMinutes = strMinutes Mod 1440
If strMinutes >= 60 Then
strUptime = strUptime & (strMinutes\60) & " hours,"
End If
strMinutes = strMinutes Mod 60
GetUptime = strUptime & strMinutes & " minutes"
End If
Next
Set colOperatingSystems = Nothing
Set objWMIService = Nothing
Set objDateTime = Nothing
End Function
When you have problems/questions please post a reply or give a ‘star’ rating.
Happy scripting.
Best regards,
Dirk Adamsky – Deludi BV
VN:F [1.9.4_1102]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.4_1102]
Ok let’s do another script.
The script shows you who is connected to a domain controller.
This is accomplished through the WMI class “Win32_ServerSession”.
Enumerated are: prew2k username, hostname, workstation os and the time connected.
The script needs to be run as admin because of the wmi connection to the server.
Follow the next steps to run the script (admin rights needed):
- copy and paste the script in your favorite text editor
- change the value of strServer to the name of your domain controller (example: strServer = “srv001″)
- save the script (for example c:\temp\connected.vbs)
- open a command prompt
- go to “c:\temp”
- give “cscript connected.vbs” (without quotes) and enter
The script:
' Name : connected.vbs
' Description : script to enumerate who is connected to a domain controller
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 22-04-2010
' Level: intermediate
strServer = "domaincontroller"
Set objWMI = GetObject("winmgmts://" & strServer & "/root\cimv2")
Set objInstances = objWMI.InstancesOf("Win32_ServerSession",48)
For Each objInstance in objInstances
With objInstance
WScript.Echo .UserName & " ; " & .ComputerName & " ; " & .ClientType &_
.Name & " ; " & Round(.ActiveTime/60,0) & " minutes connected"
End With
Next
Set objInstances = Nothing
Set objWMI = Nothing
When you have problems/questions please post a reply or give a ‘star’ rating.
Happy scripting.
Best regards,
Dirk Adamsky – Deludi BV
VN:F [1.9.4_1102]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.4_1102]
Today’s script is an extension of yesterday’s script.
What the script does:
- get all exchange servers from your AD domain
- make a wmi connection to each server and create a list of the mailboxes and their size
The script is tested in an win2003/exchange2003 environment.
Follow the next steps to run the script (admin rights needed):
- copy and paste the script in your favorite text editor
- save the script (for example c:\temp\listallmailboxes.vbs)
- open a command prompt
- go to “c:\temp”
- give “cscript listallmailboxes.vbs” (without quotes) and enter
The script:
' Name : listallmailboxes.vbs
' Description : script to enumerate all mailboxes and their size in your AD domain
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 07-04-2010
' Level: intermediate
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strBase = "<LDAP://" & objRootDSE.Get("configurationnamingcontext") & ">"
strFilter = "(objectCategory=msExchExchangeServer)"
strAttributes = "name"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute
Do Until adoRecordset.EOF
Set objWMIExchange = GetObject("winmgmts:{impersonationLevel=impersonate}!//"&_
adoRecordset.Fields("name").Value & "/root/MicrosoftExchangeV2")
Set colExchangeMailboxes = objWMIExchange.InstancesOf("Exchange_Mailbox")
For Each objExchangeMailbox in colExchangeMailboxes
If Left(objExchangeMailbox.StorageGroupName, 5) <> "Recov" Then
Wscript.Echo adoRecordset.Fields("name").Value & " ; " & objExchangeMailbox.MailboxDisplayName & " ; " &_
Round(objExchangeMailbox.Size/1024,0) & " MB"
End If
Next
Set colExchange_Mailboxes = Nothing
Set objWMIExchange = Nothing
adoRecordset.MoveNext
Loop
adoRecordset.Close
adoConnection.Close
Set adoRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing
When you have problems/questions please post a reply or give a ‘star’ rating.
Happy scripting.
Best regards,
Dirk Adamsky – Deludi BV
VN:F [1.9.4_1102]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.4_1102]
In large Active Directory environments it is useful to know the uptime of each server (for patches, etc.).
This script lists all servers in Active Directory, checks if they are alive and if so check their uptime.
It can be run as a scheduled task (for example every day or week).
Follow the next steps to run the script (admin rights needed for the WMI connections):
- copy and paste the script in your favorite text editor
- save the script (for example c:\temp\serveruptime.vbs)
- open a command prompt
- go to “c:\temp”
- give “cscript serveruptime.vbs” (without quotes) and enter
The script:
' Name : serveruptime.vbs
' Description : script to monitor all servers in Active Directory
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 17-03-2010
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
strFilter = "(&(objectCategory=computer)(operatingSystem=*server*))"
strAttributes = "name"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute
Do Until adoRecordset.EOF
strHostname = adoRecordset.Fields("name").Value
If CheckStatus(strHostname) = False Then
Wscript.Echo strHostname & " does not reply"
Else
Wscript.Echo strHostname & " is up for " & GetUptime(strHostname) & " days"
End If
adoRecordset.MoveNext
Loop
adoRecordset.Close
adoConnection.Close
Set adoRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing
Function CheckStatus(strAddress)
Dim objPing, objRetStatus
Set objPing = GetObject("winmgmts:{impersonationLevel=impersonate}").ExecQuery _
("select * from Win32_PingStatus where address = '" & strAddress & "'")
For Each objRetStatus In objPing
If IsNull(objRetStatus.StatusCode) Or objRetStatus.StatusCode <> 0 Then
CheckStatus = False
Else
CheckStatus = True
End If
Next
Set objPing = Nothing
End Function
Function GetUptime(strServer)
Set objDateTime = CreateObject("WbemScripting.SWbemDateTime")
Set objWMIService = GetObject("winmgmts:\\" & strServer & "\root\cimv2")
Set colOperatingSystems = objWMIService.ExecQuery("Select * from Win32_OperatingSystem")
For Each objOS in colOperatingSystems
objDateTime.Value = objOS.LastBootUpTime
GetUptime = DateDiff("d", objDateTime.GetVarDate, Now)
Next
Set colOperatingSystems = Nothing
Set objWMIService = Nothing
Set objDateTime = Nothing
End Function
When you have problems/questions please post a reply or give a ‘star’ rating.
Happy scripting.
Best regards,
Dirk Adamsky – Deludi BV
VN:F [1.9.4_1102]
Rating: 10.0/10 (1 vote cast)
VN:F [1.9.4_1102]
This script is a further development of my previous lastlogon script.
Changes are: time bias with wmi, less code, array based attributes.
By adding extra attributes to the arrAttributes array you can expand the output.
Follow the next steps to run the script (no admin rights needed):
* open your favorite text editor
* copy and paste the script into the editor
* save the script (for example c:\temp\enumerate-lastlogon-details2.vbs)
* open a command prompt
* go to “c:\temp”
* give “cscript enumerate-lastlogon-details2.vbs” (without quotes) and enter
The script:
' Name : enumerate-lastlogon-details2.vbs
' Description : script to enumerate the last logon of all AD users and a lot of user attributes V2
' Author : dirk adamsky - deludi bv
' Version : 2.00
' Date : 12-03-2010
' Level : advanced
intBias = TimeZoneBias
arrAttributes = Array("lastLogonTimeStamp","displayname","mail")
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strBase = "<LDAP://" & objRootDSE.Get("defaultNamingContext") & ">"
Set objRootDSE = Nothing
strFilter = "(&(objectCategory=person)(objectClass=user))"
strAttributes = Join(arrAttributes,",")
Wscript.Echo Join(arrAttributes,";")
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute
Do Until adoRecordset.EOF
On Error Resume Next
strTempOutput = ""
For i = 1 To Ubound(arrAttributes)
strTempOutput = strTempOutput & " ; " & adoRecordset.Fields(arrAttributes(i)).Value
strOutput = Mid(Ltrim(strTempOutput),3)
Next
Set objDate = adoRecordset.Fields(arrAttributes(0)).Value
If (Err.Number <> 0) Then
dtmDate = #1/1/1601#
Else
dtmDate = ((((objDate.Highpart * (2^32)) + objDate.LowPart)/(600000000 - intBias))/1440) + #1/1/1601#
End If
Set objDate = Nothing
Wscript.Echo strOutput & " ; " & dtmDate
adoRecordset.MoveNext
Loop
adoRecordset.Close
adoConnection.Close
Set adoRecordset = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing
Function TimeZoneBias
strComputer = "."
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colTimeZone = objWMIService.ExecQuery("Select * from Win32_TimeZone")
For Each objTimeZone in colTimeZone
TimeZoneBias = objTimeZone.Bias
Next
Set colTimeZone = Nothing
Set objWMIService = Nothing
End Function
When you have problems/questions please post a reply.
Happy scripting.
Best regards,
Dirk Adamsky – Deludi BV
VN:F [1.9.4_1102]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.4_1102]
The script for today is a monitoring script.
Basically it is a concatenation of previous scripts/functions.
The script can be run as a scheduled task (for example every half hour).
What the script does:
- run an ado query to get all servers from Active Directory
- the function CheckStatus does the wmi ping to the servers and returns true or false
- the servers that do not respond are put into a variable
- the content of the variable is mailed to a given smtp address
Follow the next steps to run the script (no admin rights needed):
- copy and paste the script in your favorite text editor
- save the script (for example c:\temp\serveralive.vbs)
- open a command prompt
- go to “c:\temp”
- give “cscript serveralive.vbs” (without quotes) and enter
The script:
' Name : serveralive.vbs
' Description : script to monitor all servers in Active Directory
' Author : dirk adamsky - deludi bv
' Version : 1.10 changed ado filter
' Date : 17-03-2010
' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
' Filter on user objects.
strFilter = "(&(objectCategory=computer)(operatingSystem=*server*))"
' Comma delimited list of attribute values to retrieve.
strAttributes = "name"
' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
' Run the query.
Set adoRecordset = adoCommand.Execute
' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
'On Error Resume Next
strHostname = adoRecordset.Fields("name").Value
If CheckStatus(strHostname) = False Then
strNoReply = strNoReply & " ; " & strHostname
End If
'Move to the next record in the recordset.
adoRecordset.MoveNext
Loop
Sendmail "monitoring@monitoring.org", strNoReply & " are not responding!" 'change the smtp address to your monitoring mailbox or distributionlist
' Clean up.
adoRecordset.Close
adoConnection.Close
Set adoRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing
Function CheckStatus(strAddress)
Dim objPing, objRetStatus
Set objPing = GetObject("winmgmts:{impersonationLevel=impersonate}").ExecQuery _
("select * from Win32_PingStatus where address = '" & strAddress & "'")
For Each objRetStatus In objPing
If IsNull(objRetStatus.StatusCode) Or objRetStatus.StatusCode <> 0 Then
CheckStatus = False
Else
CheckStatus = True
End If
Next
Set objPing = Nothing
End Function
Function SendMail(strRecipient, strHeader)
Set objMessage = CreateObject("CDO.Message")
objMessage.Subject = strHeader
objMessage.From = "guman002@utrecht.nl"
objMessage.To = strRecipient
objMessage.TextBody = "This is an automated message do not repond (or else you will be punished)."
objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2
objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserver") = "smtp.test.org" 'change to your smtp server
objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
objMessage.Configuration.Fields.Item ("http://schemas.microsoft.com/cdo/configuration/smtpconnectiontimeout") = 60
objMessage.Configuration.Fields.Update
objMessage.Send
Set objMessage = Nothing
End Function
When you have problems/questions please post a reply or give a ‘star’ rating.
Happy scripting.
Best regards,
Dirk Adamsky – Deludi BV
VN:F [1.9.4_1102]
Rating: 9.0/10 (1 vote cast)
VN:F [1.9.4_1102]
Today’s script is about Internet Information Server (IIS).
It enumerates all virtual directories on an IIS server.
The script is tested for server 2003 with IIS 6.0.
Due to the fact that most IIS servers are in a De-Militarized Zone (DMZ) the easiest way is to run the script on the server.
Follow the next steps to make and run the script (admin rights needed):
- open your favorite text editor (mine is notepad++)
- copy and paste the script into the editor (delete the line numbers)
- save the script (for example c:\temp\vdirs.vbs)
- copy the script to the webserver
- start an rdp session to the webserver
- at the webserver open a command prompt
- go to “c:\temp”
- give “cscript vdirs.vbs” (without quotes) and enter
The script:
' Name : vdirs.vbs
' Description : script to enumerate IIS virtual directories
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 25-02-2010
' Level : beginner
strComputer = "."
Set objWMIService = GetObject("winmgmts:{authenticationLevel=pktPrivacy}\\" & strComputer & "\root\microsoftiisv2")
Set colVdirs = objWMIService.ExecQuery("Select * from IIsWebVirtualDirSetting")
For Each objVdir in colVdirs
Wscript.Echo "Name: " & objVdir.Name & " ; HttpRedirect " & objVdir.HttpRedirect
Next
Set colVdirs = Nothing
Set objWMIService = Nothing
As said earlier: when you have questions/problems please give a reply.
You can also rate the script with the “star” rating below
Best regards,
Dirk Adamsky – Deludi BV
VN:F [1.9.4_1102]
Rating: 9.5/10 (2 votes cast)
VN:F [1.9.4_1102]
This script is something I wanted to do for a long time
It is a mutation of the enumeratenestedgroupV2 script.
In large organizations the main distributiongroups tend to be complex also.
Often the distributiongroups represent the organization hierarchy.
A user in general only needs his/her department distributiongroup membership.
This script checks If a user has multiple entries in the main distributiongroup, if so an entry is added to the output.
Part of the script is the use of the dictionary object, also known as “associative array” in other scripting languages.
What the script does:
- create a dictionary object
- fill a variable with the group distinguished name
- call the subroutine EnumNestedgroup
- the subroutine checks whether the member is a group or a user
- when the member is a user the smtp address is added to the dictionary object with value 1
- when the smtp address is already in the dictionary 1 is added to the value
- the last routine echoes the dictionary object keys and values
Follow the next steps to run the script (no admin rights needed):
- find the distinguished name of the nested group (adsiedit.msc)
- open your favorite text editor
- copy and paste the script into the editor
- change the distinguished name
- save the script (for example c:\temp\countmembershipnestedgroup.vbs)
- open a command prompt
- go to “c:\temp”
- give “cscript enumeratenestedgroup.vbs” (without quotes) and enter
The script:
' Name : countmembershipnestedgroup.vbs
' Description : script to count users with multiple entries in a nested distribution group
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 16-02-2010
' Level : advanced
Set objDictionary = CreateObject("Scripting.Dictionary")
strTargetGroupDN = "LDAP://CN=testgroup,OU=groups,DC=test,DC=org"
Call EnumNestedgroup(strTargetGroupDN)
Sub EnumNestedgroup(strGroupDN)
Set objGroup = GetObject(strGroupDN)
For Each objMember in objGroup.Members
If (LCase(objMember.Class) = "group") Then
Call EnumNestedgroup(objMember.AdsPath)
Else
If objDictionary.Exists(objMember.DisplayName) Then
objDictionary.Item(objMember.DisplayName) = objDictionary.Item(objMember.DisplayName) + 1
Else
objDictionary.Add objMember.DisplayName, 1
End If
End If
Next
Set objGroup = Nothing
End Sub
For Each strKey in objDictionary.Keys
If objDictionary.Item(strKey) > 1 Then
Wscript.Echo strKey & " ; " & objDictionary.Item(strKey) & " ; entries in list"
End If
Next
Set objDictionary = Nothing
When you have problems/questions please post a reply.
Happy scripting.
Dirk Adamsky – Deludi BV
VN:F [1.9.4_1102]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.4_1102]
Okido, here’s another starter script.
This script shows all network shares on your computer.
Default computer is the local machine.
When the dot is replaced by another machine name the script works against that machine.
With some additions the script can be used for a simple inventory of the pc’s in your network.
There are some conditions that must be met:
- the script must be run with administrative credentials
- the firewall of the remote machine needs the following ports opened for WMI: TCP 135, TCP 4168 and
UDP 9256
Follow the next steps to make and run the script (admin rights needed):
- open your favorite text editor (mine is notepad++)
- copy and paste the script into the editor (delete the line numbers)
- save the script (for example c:\temp\enumerateshares.vbs)
- open a command prompt
- go to “c:\temp”
- give “cscript enumerateshares.vbs” (without quotes) and enter
The script:
' Name : enumerateshares.vbs
' Description : script to show the model of a computer
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 09-02-2010
' Level : beginner
strComputer = "."
Set objWMIService = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colShares = objWMIService.ExecQuery("Select * from Win32_Share")
Wscript.Echo "name ; path ; caption"
For each objShare in colShares
Wscript.Echo objShare.Name & " ; " & objShare.Path & " ; " & objShare.Caption
Next
Set colShares = Nothing
Set objWMIService = Nothing
As said earlier: when you have questions/problems please give a reply.
Best regards,
Dirk Adamsky – Deludi BV
VN:F [1.9.4_1102]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.4_1102]
Finally I can show you my script to enumerate the message restrictions (send to rights as I tend to call then) on a distributionlist. The send to rights consists of 2 pieces, the users and the groups rights.
The users with send to rights are enumerated in the authOrig attribute of the distribution list AD object, the groups are allocated in the dLMemSubmitPerms attribute. Both attributes are arrays.
I also found out that when a listed user or resource mailbox had send as rights on it’s Active Directory object the users listed in the send as also have send to rights on the distribution list.
Follow the next steps to run the script (no admin rights needed):
* find the distinguished name of the nested group (adsiedit.msc)
* open your favorite text editor
* copy and paste the script into the editor
* change the distinguished name
* save the script (for example c:\temp\enumeratesendtorights.vbs)
* open a command prompt
* go to “c:\temp”
* give “cscript enumeratesendtorights.vbs” (without quotes) and enter
The script:
' Name : enumeratesendtorights.vbs
' Description : script to enumerate the message restrictions (send to rights) of a distributionlist
' Author : dirk adamsky - deludi bv
' Version : 1.10 added check on attribute type based on input from Pedro (see comments)
' Date : 11-03-2010 (v.1.00 date 08-02-2010)
' Level: advanced
Set objSourceGroup = GetObject("LDAP://CN=distribution list (all members),OU=groups,DC=test,DC=org")
If objSourceGroup.authOrig <> "" Then
If TypeName(objSourceGroup.authOrig) = "String" Then
GetSendToRights ("LDAP://" & objSourceGroup.authOrig)
Else
For Each User In objSourceGroup.authOrig
GetSendToRights ("LDAP://" & User)
Next
End If
End If
If objSourceGroup.dLMemSubmitPerms <> "" Then
If TypeName(objSourceGroup.dLMemSubmitPerms) = "String" Then
EnumNestedgroup objSourceGroup.dLMemSubmitPerms
Else
For Each Group in objSourceGroup.dLMemSubmitPerms
EnumNestedgroup Group
Next
End If
End If
Set objSourceGroup = Nothing
Function GetSendToRights(strUserDN)
On Error Resume Next
Set objAccount = GetObject(strUserDN)
Wscript.Echo objAccount.Mail & " ; " & objAccount.DisplayName & " ; direct send to rights"
Set objSecurityDescriptor = objAccount.Get("ntSecurityDescriptor")
Set objDacl = objSecurityDescriptor.DiscretionaryAcl
Set objAce = CreateObject("AccessControlEntry")
For Each objAce In objDacl
If objAce.ObjectType = "{AB721A54-1E2F-11D0-9819-00AA0040529B}" Then
If (Left(objAce.Trustee,3) <> "S-1" And objAce.Trustee <> "NT AUTHORITY\SELF") Then
GetUserDetails Mid(objAce.Trustee,9)
End If
End If
Next
End Function
Function GetUserDetails(strPreW2K)
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
' Filter on user objects.
strFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & strPreW2K & "))"
' Comma delimited list of attribute values to retrieve.
strAttributes = "mail, displayname"
' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
' Run the query.
Set adoRecordset = adoCommand.Execute
Wscript.Echo adoRecordset.Fields("mail").Value & " ; " & adoRecordset.Fields("displayname").Value & " ; indirect send to rights"
' Clean up.
adoRecordset.Close
adoConnection.Close
Set adoRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing
End Function
Sub EnumNestedgroup(strGroupDN)
Set objGroup = GetObject("LDAP://" & strGroupDN)
For Each objMember in objGroup.Members
If (LCase(objMember.Class) = "group") Then
Call EnumNestedgroup(objMember.AdsPath)
Else
GetSendToRights objMember.AdsPath
End If
Next
Set objGroup = Nothing
End Sub
When you have problems/questions with the script please post a reply.
Happy scripting.
Best regards,
Dirk Adamsky
VN:F [1.9.4_1102]
Rating: 0.0/10 (0 votes cast)
VN:F [1.9.4_1102]
Recent Comments