ADSI Samples

ActiveXperts Network Monitor is an advanced and easy tool for monitoring LAN and WAN networks, network servers, workstations and TCP/IP devices. It has a large set of built-in checks, and you can add new checks by writing scripts. You can use VBScript (Windows) or RSH (UNIX) for it. VBScript checks can use WMI and ADSI. WMI is an interface to a broad range of properties of a computer/OS/application. With ADSI, you can monitor Directory Services.

Use the samples below to get used to various ADSI classes, and use these classes in your own, custom ActiveXperts Network Monitor check.
Each sample below can also be copied to a new file and then run from the command prompt (CSCRIPT.EXE <file>.vbs).

Active Directory Service Interfaces (ADSI) enable system administrators and developers of scripts or applications to easily query for and manipulate directory service objects.
ADSI present a single set of directory service interfaces for managing network resources from different directory services. Administrators and developers can use ADSI to manage the resources in a directory service, regardless of which network environment contains the resource.

Scripts written to ADSI will work with any directory service that offers an ADSI provider. For example, with ADSI, applications can access LDAP, NDS, the Active Directory service, and other directories with ADSI interfaces as long as the appropriate service providers are available.

The standard ADSI providers are found within multiple namespaces - typically directory services for various network operating systems. Providers enable communication between the server or client. ADSI includes providers for:
  - Windows NT.
  - Lightweight Directory Access Protocol (LDAP).
  - Windows 2000 Active Directory (AD).
  - Novell NetWare Directory Services (NDS) and NetWare 3 bindery (NWCOMPAT).

ActiveXperts Network Monitor provides the ability to build monitor check routines based on ADSI. ActiveXperts provides some useful ADSI scripts.
You can use these samples as a base for new check routines you can write yourself.

We've collected several ADSI based samples for you:

Check if account is disabled
Check Domain Admin- or Enterprise Admin membership
List computers that are connected to a specific domain controller
Lists all domains in the namespace
List all groups in a Windows 2000 AD domain or Windows NT4 domain
List all users and some of their properties in a Windows 2000 AD domain or Windows NT4 domain
Display password policy information of a domain
Remove a computer from a domain

Check if account is disabled

Function IsAccountDisabled( strDomain, strAccount )
    Dim objUser
    Set objUser = GetObject("WinNT://" & strDomain & "/" & strAccount & ",user")
    IsAccountDisabled = objUser.AccountDisabled
End Function 

Dim strUser, strDomain
Do
    strUsr = inputbox("Please enter the user account name", "Input")
loop until strUsr <> ""

' Request the domain name for this user
do
    strDom = inputbox("Please enter the domain for this account.", "Input")
loop until strDom <> ""


If( IsAccountDisabled( strDom, strUsr ) = True ) Then
    WScript.Echo "Account disabled"
Else
    WScript.Echo "Account enabled"
End If

Check Domain Admin- or Enterprise Admin membership

Function VerifyGroupMembers( strDomain, strGroup, strMemberList )

    VerifyGroupMembers = False
    Set objGroup = GetObject("WinNT://" & strDomain & "/" & strGroup & ",group")

    arrUsers = Split( strMemberList, "," )
    
    For Each objUser In objGroup.Members
    
        WScript.Echo "Checkiing group member " & objUser.Name
        
        bMemberFound = False
              
        For i = 0 To UBound( arrUsers )
            If( UCase( Trim( arrUsers(i) ) ) = UCase( Trim( objUser.Name ) ) ) Then
                WScript.Echo "Member found: " & objUser.Name
                bMemberFound = True
                Exit For
            End If
        Next
    	
        If( Not bMemberFound ) Then
            WScript.Echo "Member NOT found: " & objUser.Name
            VerifyGroupMembers = False
            Exit Function
        End If
    Next
    
    VerifyGroupMembers = True
End Function



' ****************************************************************************
' Main
' ****************************************************************************
Do
    strDomain = inputbox( "Please enter the domain name.", "Input" )
Loop until strDomain <> ""

Do
    strGroup = inputbox( "Please enter the name of the group you want to check (for instance: Domain Admins).", "Input" )
Loop until strGroup <> ""

Do
    strMembers = inputbox( "Please enter all domain admin members, separated by ','", "Input" )
Loop until strMembers <> "" 

If( VerifyGroupMembers( strDomain, strGroup, strMembers ) = True ) Then
    WScript.Echo "Check successfull"
Else
    WScript.Echo "Check failed"
End If

List computers that are connected to a specific domain controller

Sub ListConnectedComputers( strDomain )
    Dim objPDC
    Set objPDC = getobject("WinNT://" & strDomain )
    objPDC.filter = Array("Computer")
    For Each objComputer In objPDC
    
    WScript.Echo "Name: " & objComputer.Name
    Next
End Sub

Dim strDomain
Do
    strDomain = inputbox( "Please enter a domainname", "Input" )
Loop until strDomain <> ""
ListConnectedComputers( strDomain )

Lists all domains in the namespace

Sub ListDomains()
    Dim objNameSpace
    Dim Domain
	
    Set objNameSpace = GetObject("WinNT:")
    For Each objDomain In objNameSpace
        WScript.Echo "Name: " &  objDomain.Name
    Next
End Sub

ListDomains()

List all groups in a Windows 2000 AD domain or Windows NT4 domain

Sub ListGroups( strDomain )
    Set objComputer = GetObject("WinNT://" & strDomain )
    objComputer.Filter = Array( "Group" )
    For Each objGroup In objComputer
        WScript.Echo "Name: " & objGroup.Name
    Next
End Sub

Dim strDomain
Do
    strDomain = inputbox( "Please enter a domainname", "Input" )
Loop until strDomain <> ""

ListGroups( strDomain )

List all users and some of their properties in a Windows 2000 AD domain or Windows NT4 domain

Sub ListUsers( strDomain )
    Set objComputer = GetObject("WinNT://" & strDomain )
    objComputer.Filter = Array( "User" )
    For Each objUser In objComputer
        WScript.Echo "Name: " & objUser.Name
        WScript.Echo "Fullname: " & objUser.Fullname
        WScript.Echo "Description: " & objUser.Description
        WScript.Echo "AccountDisabled: " & objUser.AccountDisabled
        WScript.Echo "IsAccountLocked: " & objUser.IsAccountLocked
        WScript.Echo "Profile: " & objUser.Profile
        WScript.Echo "LoginScript: " & objUser.LoginScript
        WScript.Echo "HomeDirectory: " & objUser.HomeDirectory
        WScript.Echo ""	
    Next
End Sub

Dim strDomain
Do
    strDomain = inputbox( "Please enter a domainname", "Input" )
Loop until strDomain <> ""

ListUsers( strDomain )

Display password policy information of a domain

Sub ListPasswordPolicyInfo( strDomain )
    Dim objComputer
    Set objComputer = GetObject("WinNT://" & strDomain )
    WScript.Echo "MinPasswordAge: " &  ((objComputer.MinPasswordAge) / 86400)
    WScript.Echo "MinPasswordLength: " &  objComputer.MinPasswordLength
    WScript.Echo "PasswordHistoryLength: " &  objComputer.PasswordHistoryLength
    WScript.Echo "AutoUnlockInterval: " &  objComputer.AutoUnlockInterval
    WScript.Echo "LockOutObservationInterval: " &  objComputer.LockOutObservationInterval
End Sub

Dim strDomain
Do
    strDomain = inputbox( "Please enter a domainname", "Input" )
Loop until strDomain <> ""

ListPasswordPolicyInfo( strDomain )

Remove a computer from a domain

Sub RemoveComputer( strDomain, strComputer )
    Dim objDC
    Set objDC = getobject("WinNT://" & strDomain )
    objDC.Delete( "Computer", strComputer )
End Sub

Dim strDomain, strComputer
Do
    strDomain = inputbox( "Please enter a domainname", "Input" )
Loop until strDomain <> ""
Do
    strComputer = inputbox( "Please the name of the computer to be removed from the domain", "Input" )
Loop until strComputer <> ""
RemoveComputer strDomain, strComputer
WScript.Echo "Done."