Shortcut Menu

ActiveXperts

Main Navigation

Choose your language

You are here:

ActiveXperts.com > ActiveXperts Network Monitor > WindowsManagement > Scripts > Misscellanous > Exploring ADSI

Monitor servers, workstations, devices and applications in your network

Quicklinks

Download ActiveXperts Network Monitor 7.3 (20418 KB)
Download Manual (359 KB)
Screenshots - Product image gallery

NOTE: ActiveXperts Network Monitor ships with a large collection of VBScript scripts to monitor any aspect of your network. Most VBScript scripts also have a PowerShell implementation. Download Now »

Scripts to explore ADSI

Determining the Active Directory Class Type for an Object
Determining if an Attribute is in the Global Catalog
Determining if an Attribute is Operational
Determining Whether Attributes are Indexed and/or in the Global Catalog
Determining the Parent Class of an Active Directory Object
Displaying the Six IADs Properties of a Domain Object
Enumerating All the Attributes of an Active Directory Class
Enumerating Auxiliary Classes
Enumerating the Names of Objects in the Configuration Container
Returning Active Directory System Information
Using a Search Operation to Modify Similar Active Directory Objects
Using a Search Operation to Move Similar Active Directory Objects
Reading and Using Attributes of rootDSE for AD Object Binding Operations

Determining the Active Directory Class Type for an Object

Determines the Active Directory class type for the organizational-person object.

strClassName = "cn=organizational-person"
 
Set objSchemaClass = GetObject _
    ("LDAP://" & strClassName & _
        ",cn=schema,cn=configuration,dc=fabrikam,dc=com")
 
intClassCategory = objSchemaClass.Get("objectClassCategory")
 
WScript.StdOut.Write strClassName & " is categorized as "
 
Select Case intClassCategory
    Case 0
        WScript.Echo "88"
    Case 1
        WScript.Echo "structural"
    Case 2
        WScript.Echo "abstract"
    Case 3
        WScript.Echo "auxiliary"
End Select

Determining if an Attribute is in the Global Catalog

Determines whether or not a specified attribute (given-name) is included in the Active Directory global catalog.

strAttributeName = "cn=given-name"
 
Set objSchemaAttribute = GetObject _
    ("LDAP://" & strAttributeName & _
        ",cn=schema,cn=configuration,dc=fabrikam,dc=com") 
 
blnInGC = objSchemaAttribute.Get("isMemberOfPartialAttributeSet")
 
If blnInGC Then
    WScript.Echo "The " & strAttributeName & _
        " attribute is replicated to the Global Catalog."
Else
    WScript.Echo "The " & strAttributeName & _
    " attribute is not replicated to the Global Catalog."
End If

Determining if an Attribute is Operational

Determines whether or not a specified attribute (Canonical-Name) is an operational within Active Directory.

Const ADS_SYSTEMFLAG_ATTR_IS_CONSTRUCTED = &h00000004
 
strAttributeName = "cn=Canonical-Name"
 
Set objSchemaAttribute = GetObject _
    ("LDAP://" & strAttributeName & _
        ",cn=schema,cn=configuration,dc=fabrikam,dc=com")
 
intSystemFlags = objSchemaAttribute.Get("systemFlags")
 
If intSystemFlags AND ADS_SYSTEMFLAG_ATTR_IS_CONSTRUCTED Then
    WScript.Echo strAttributeName & " is operational."
Else
    WScript.Echo strAttributeName & " is not operational."
End If

Determining Whether Attributes are Indexed and/or in the Global Catalog

Determines which Active Directory attributes are indexed and which attributes are in the global catalog.

Const IS_INDEXED = 1
 
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
 
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
 
objCommand.Properties("Sort On") = "isMemberOfPartialAttributeSet" 
 
objCommand.CommandText = _
    ";" & _
        "(objectClass=attributeSchema);" & _
            "lDAPDisplayName, isMemberOfPartialAttributeSet,searchFlags;onelevel"
 
Set objRecordSet = objCommand.Execute
 
While Not objRecordSet.EOF
    WScript.Echo objRecordset.Fields("lDAPDisplayName") 
    If objRecordset.Fields("isMemberOfPartialAttributeSet")Then
        WScript.Echo "In the global catalog."
    Else
        WScript.Echo "Not in the global catlog."
    End If
 
    If IS_INDEXED AND objRecordset.Fields("searchFlags") Then
        WScript.Echo "Is indexed."
    Else
        WScript.Echo "Is not indexed."
    End If
    Wscript.Echo VbCrLf
    objRecordSet.MoveNext
Wend
 
objConnection.Close

Determining the Parent Class of an Active Directory Object

Determines the parent class of the Computer object within Active Directory.

strClassName = "cn=computer"
 
Set objSchemaClass = GetObject _
    ("LDAP://" & strClassName & _
        ",cn=schema,cn=configuration,dc=fabrikam,dc=com")
 
strSubClassOf = objSchemaClass.Get("subClassOf")
WScript.Echo "The " & strClassName & _
    " class is a child of the " & strSubClassOf & " class."

Displaying the Six IADs Properties of a Domain Object

Retrieves the ADsPath, Class, GUID, Name, Parent, and Schema properties of the IADs core interface for a domain object.

Set objDomain = GetObject("LDAP://dc=NA,dc=fabrikam,dc=com")
WScript.Echo "ADsPath:" & objDomain.ADsPath
WScript.Echo "Class:" & objDomain.Class
WScript.Echo "GUID:" & objDomain.GUID
WScript.Echo "Name:" & objDomain.Name
WScript.Echo "Parent:" & objDomain.Parent
WScript.Echo "Schema:" & objDomain.Schema

Enumerating All the Attributes of an Active Directory Class

Returns all the attributes associated with the Computer class in Active Directory.

Set objSchemaComputer = GetObject("LDAP://schema/computer")
 
WScript.Echo "Mandatory (Must-Contain) attributes"
For Each strAttribute in objSchemaComputer.MandatoryProperties
    WScript.Echo strAttribute
Next
 
WScript.Echo VbCrLf & "Optional (May-Contain) attributes"
For Each strAttribute in objSchemaComputer.OptionalProperties
    WScript.Echo strAttribute
Next

Enumerating Auxiliary Classes

Returns a list of all the Active Directory auxiliary classes directly applied to the User class.

On Error Resume Next
strClassName = "cn=user"
 
Set objSchemaClass = GetObject _
    ("LDAP://" & strClassName & _
        ",cn=schema,cn=configuration,dc=fabrikam,dc=com")
 
arrSystemAuxiliaryClass = _
objSchemaClass.GetEx("systemAuxiliaryClass")
 
If isEmpty(arrSystemAuxiliaryClass) Then
    WScript.Echo "There are no auxiliary classes" & _
        " applied directly to this class."
    Else
        WScript.StdOut.Write "Auxiliary classes: "
    For Each strAuxiliaryClass in arrSystemAuxiliaryClass
        WScript.StdOut.Write strAuxiliaryClass & " | "
    Next
    WScript.Echo
End If

Enumerating the Names of Objects in the Configuration Container

Retrieves the names of the first level objects in the Configuration container.

Set objConfiguration = GetObject _
    ("LDAP://cn=Configuration,dc=fabrikam,dc=com")
 
For Each objContainer in objConfiguration
    WScript.Echo objContainer.Name
Next

Returning Active Directory System Information

Uses the ADSystemInfo interface to return domain information for a computer, including computer name, site name, and various domain names (short name, domain DNS name, and forest DNS name).

On Error Resume Next
Set objSysInfo = CreateObject("ADSystemInfo")
Wscript.Echo "User name: " & objSysInfo.UserName
Wscript.Echo "Computer name: " & objSysInfo.ComputerName
Wscript.Echo "Site name: " & objSysInfo.SiteName
Wscript.Echo "Domain short name: " & objSysInfo.DomainShortName
Wscript.Echo "Domain DNS name: " & objSysInfo.DomainDNSName
Wscript.Echo "Forest DNS name: " & objSysInfo.ForestDNSName
Wscript.Echo "PDC role owner: " & objSysInfo.PDCRoleOwner
Wscript.Echo "Schema role owner: " & objSysInfo.SchemaRoleOwner
Wscript.Echo "Domain is in native mode: " & objSysInfo.IsNativeMode

Using a Search Operation to Modify Similar Active Directory Objects

Searches for all computers that begin with the letters, "ATL" in a domain and any child domains. Then, modifies the location attribute of all computers in the result set.

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
 
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
 
objCommand.CommandText = _
    ";" & _
        "(&(objectCategory=Computer)(cn=ATL*));" & _
            "ADsPath;subtree"
  
Set objRecordSet = objCommand.Execute
 
While Not objRecordset.EOF
    strADsPath = objRecordset.Fields("ADsPath")
    Set objComputer = GetObject(strADsPath)
    objComputer.Put "location", "Atlanta, Georgia"
    objComputer.SetInfo
    objRecordSet.MoveNext
Wend
 
WScript.Echo objRecordSet.RecordCount & _
   " computers objects modified."
 
objConnection.Close

Using a Search Operation to Move Similar Active Directory Objects

Searches for all user account objects whose department attribute is "Human Resources in a domain and any child domains. Then, the script moves the user accounts in the result set that are not already in the HR OU of the na.fabrikam.com to this OU.

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
 
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
 
objCommand.CommandText = _
    ";" & _
        "(&(&(objectCategory=person)(objectClass=user)" & _
            "(department=Human Resources)));" & _
                "ADsPath,distinguishedName, name;subtree"
  
Set objRecordSet = objCommand.Execute
Set objOU = GetObject("LDAP://ou=HR,dc=NA,dc=fabrikam,dc=com")
 
While Not objRecordset.EOF
    strADsPath = objRecordset.Fields("ADsPath")
  
    strDNRecord=lcase(objRecordset.Fields("distinguishedName"))
    strDNCompare=lcase("cn=" & objRecordset.Fields("name") & _
        ",ou=HR,dc=NA,dc=fabrikam,dc=com")
 
    If strDNRecord <> strDNCompare Then
        objOU.MoveHere strADsPath, vbNullString
        WScript.Echo objRecordset.Fields("distinguishedName") & " Moved."
    Else
        WScript.Echo objRecordset.Fields("distinguishedName") & " Not Moved."
    End If
    objRecordSet.MoveNext
Wend
 
objConnection.Close

Reading and Using Attributes of rootDSE for AD Object Binding Operations

How to use rootDSE to perform binding operations to: The schema (schemaNamingContext attribute); The configuration container (configurationNamingContext attribute); The current domain (defaultNamingContext attribute); The root domain (rootDomainNamingContext attribute). Additional code displays selected properties of the objects created in the binding operation to the operator.

Set objRootDSE = GetObject("LDAP://rootDSE")
 
strSchema = "LDAP://" & objRootDSE.Get("schemaNamingContext")
WScript.echo "ADsPath to schema: " & strSchema
Set objSchema = GetObject(strSchema)
WScript.Echo "Schema Object:"
WScript.Echo "Name: " & objSchema.Name
WScript.Echo "Class: " & objSchema.Class & VbCrLf
 
strConfiguration = "LDAP://" & objRootDSE.Get("configurationNamingContext")
WScript.Echo "ADsPath to configuration container: " & strConfiguration
Set objConfiguration = GetObject(strConfiguration)
WScript.Echo "Configuration Object:"
WScript.Echo "Name: " & objConfiguration.Name
WScript.Echo "Class: " & objConfiguration.Class & VbCrLf
 
strDomain = "LDAP://" & objRootDSE.Get("defaultNamingContext")
WScript.Echo "ADsPath to current domain container: " & strDomain
Set objDomain = GetObject(strDomain)
WScript.Echo "Current Domain Object:"
WScript.Echo "Name: " & objDomain.Name
WScript.Echo "Class: " & objDomain.Class & VbCrLf
 
strRootDomain = "LDAP://" & objRootDSE.Get("rootDomainNamingContext")
WScript.Echo "ADsPath to root domain container: " & strDomain
Set objRootDomain = GetObject(strRootDomain)
WScript.Echo "Current Domain Object:"
WScript.Echo "Name: " & objRootDomain.Name
WScript.Echo "Class: " & objRootDomain.Class & VbCrLf

Footer Navigation

Site Map
Contact Us
Terms of Use
Privacy Policy