You are here:
ActiveXperts.com > ActiveXperts Network Monitor > WindowsManagement > Scripts > Users and Groups > OUs
Quicklinks
- Download ActiveXperts Network Monitor 7.3 (20418 KB)
- Download Manual (359 KB)
- Screenshots - Product image gallery
NOTE: ActiveXperts Network Monitor ships with a large collection of VBScript scripts to monitor any aspect of your network. Most VBScript scripts also have a PowerShell implementation. Download Now »
Scripts to manage OUs
Assigning a New Group Policy Link to an OUChanging the Manager of an OU
Clearing COM+ Attributes from a User Account
Clearing the COM+ Partition Link Set of an OU
Clearing the General Properties of an OU
Clearing the Group Policy Links Assigned to an OU
Creating an OU
Creating an OU in an Existing OU
Deleting an OU
Enumerating COM+ Partition Sets
Identifying the Owner of an OU
Modifying the COM+ Partition Set Link of an OU
Modifying the General Properties of an OU
Reading COM+ Partition Information for a Domain
Reading the COM+ Properties of an OU
Reading the Security Descriptor for an OU
Reading the System Access Control List of an OU
Removing an OU Manager
Returning the Attributes of the organizationalUnit Class
Returning the General Properties of an OU
Returning Group Policy Information for an OU
Returning Managed By Information for an OU
Returning the Properties of an OU Object
Assigning a New Group Policy Link to an OU
Assigns the Group Policy link Sales Policy to the Sales OU in Active Directory.
On Error Resume Next
Set objContainer = GetObject _
("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com")
strExistingGPLink = objContainer.Get("gPLink")
strGPODisplayName = "Sales Policy"
strGPOLinkOptions = 2
strNewGPLink = "[" & GetGPOADsPath & ";" & strGPOLinkOptions & "]"
objContainer.Put "gPLink", strExistingGPLink & strNewGPLink
objContainer.Put "gPOptions", "0"
objContainer.SetInfo
Function GetGPOADsPath
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
";;" & _
"distinguishedName,displayName;onelevel"
Set objRecordSet = objCommand.Execute
While Not objRecordSet.EOF
If objRecordSet.Fields("displayName") = strGPODisplayName Then
GetGPOADsPath = "LDAP://" & objRecordSet.Fields("distinguishedName")
objConnection.Close
Exit Function
End If
objRecordSet.MoveNext
Wend
objConnection.Close
End Function
Changing the Manager of an OU
Assigns the user account AkersKim as manager of the Sales OU in Active Directory.
Set objContainer = GetObject _
("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com")
objContainer.Put "managedBy", "cn=AkersKim,ou=Sales,dc=NA,dc=fabrikam,dc=com"
objContainer.SetInfo
Clearing COM+ Attributes from a User Account
Removes all information from the msCOM-UserPartitionSetLink attribute of the MyerKen user account in Active Directory.
Const ADS_PROPERTY_CLEAR = 1
Set objUser = GetObject _
("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.PutEx ADS_PROPERTY_CLEAR, "msCOM-UserPartitionSetLink", 0
objUser.SetInfo
Clearing the COM+ Partition Link Set of an OU
Removes the COM+ partition link set assigned to the Sales OU in Active Directory.
Const ADS_PROPERTY_CLEAR = 1
Set objContainer = GetObject _
("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com")
objContainer.PutEx ADS_PROPERTY_CLEAR, "msCOM-UserPartitionSetLink", 0
objContainer.SetInfo
Clearing the General Properties of an OU
Modifies the attribute values found on the General Properties page in Active Directory Users and Computers for an OU named Sales.
Const ADS_PROPERTY_CLEAR = 1
Set objContainer = GetObject _
("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com")
objContainer.PutEx ADS_PROPERTY_CLEAR, "description", 0
objContainer.PutEx ADS_PROPERTY_CLEAR, "street", 0
objContainer.PutEx ADS_PROPERTY_CLEAR, "l", 0
objContainer.PutEx ADS_PROPERTY_CLEAR, "st", 0
objContainer.PutEx ADS_PROPERTY_CLEAR, "postalCode", 0
objContainer.PutEx ADS_PROPERTY_CLEAR, "c", 0
objContainer.SetInfo
Clearing the Group Policy Links Assigned to an OU
Removes all the Group Policy links assigned to the Sales OU in Active Directory.
Const ADS_PROPERTY_CLEAR = 1
Set objContainer = GetObject _
("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com")
objContainer.PutEx ADS_PROPERTY_CLEAR, "gPLink", 0
objContainer.PutEx ADS_PROPERTY_CLEAR, "gPOptions", 0
objContainer.SetInfo
Creating an OU
Creates a new organizational unit within Active Directory.
Set objDomain = GetObject("LDAP://dc=fabrikam,dc=com")
Set objOU = objDomain.Create("organizationalUnit", "ou=Management")
objOU.SetInfo
Creating an OU in an Existing OU
Creates a new organizational unit (OU2) in an existing organizational unit (OU1).
Set objOU1 = GetObject("LDAP://ou=OU1,dc=na,dc=fabrikam,dc=com")
Set objOU2 = objOU1.Create("organizationalUnit", "ou=OU2")
objOU2.SetInfo
Deleting an OU
Deletes an organizational unit named HR from the hypothetical domain fabrikam.com.
Set objDomain = GetObject("LDAP://dc=fabrikam,dc=com")
objDomain.Delete "organizationalUnit", "ou=hr"
Enumerating COM+ Partition Sets
Returns a list of Active Directory COM+ partition sets.
Set objCOMPartitionSets = GetObject _
("LDAP://cn=ComPartitionSets,cn=System,dc=NA,dc=fabrikam,dc=com")
For Each objPartitionSet in objCOMPartitionSets
WScript.Echo objPartitionSet.Name
Next
Identifying the Owner of an OU
Returns the owner of the Sales OU in Active Directory.
Set objContainer = GetObject _
("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com")
Set objNtSecurityDescriptor = objContainer.Get("ntSecurityDescriptor")
WScript.Echo "Owner Tab"
WScript.Echo "Current owner of this item: " & objNtSecurityDescriptor.Owner
Modifying the COM+ Partition Set Link of an OU
Assigns the COM+ partition set PartitionSet1 to the Sales OU in Active Directory.
Set objContainer = GetObject _
("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com")
objContainer.Put "msCOM-UserPartitionSetLink", _
"cn=PartitionSet1,cn=ComPartitionSets,cn=System,dc=NA,dc=fabrikam,dc=com"
objContainer.SetInfo
Modifying the General Properties of an OU
Modifies the attribute values found on the General Properties page in Active Directory Users and Computers for an OU named Sales.
Const ADS_PROPERTY_UPDATE = 2
Set objContainer = GetObject _
("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com")
objContainer.Put "street", "Building 43" & vbCrLf & "One Microsoft Way"
objContainer.Put "l", "Redmond"
objContainer.Put "st", "Washington"
objContainer.Put "postalCode", "98053"
objContainer.Put "c", "US"
objContainer.PutEx ADS_PROPERTY_UPDATE, _
"description", Array("Sales staff")
objContainer.SetInfo
Reading COM+ Partition Information for a Domain
Returns COM+ partition information for the domain na.fabrikam.com.
Set objCOMPartitionSets = GetObject _
("LDAP://cn=ComPartitionSets,cn=System,dc=NA,dc=fabrikam,dc=com")
For Each objPartitionSet in objCOMPartitionSets
WScript.Echo objPartitionSet.Name
Next
Reading the COM+ Properties of an OU
Returns information about the COM+ properties configured for the Sales OU in Active Directory.
On Error Resume Next
Set objContainer = GetObject _
("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com")
strMsCOMUserPartitionSetLink = objContainer.Get("msCOM-UserPartitionSetLink")
WScript.Echo "ms-COMUserPartitionSetLink: " & strMsCOMUserPartitionSetLink
Reading the Security Descriptor for an OU
Returns the information found on the security descriptor for the Sales OU in Active Directory.
Const SE_DACL_PROTECTED = &H1000
Set objContainer = GetObject _
("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com")
Set objNtSecurityDescriptor = objContainer.Get("ntSecurityDescriptor")
intNtSecurityDescriptorControl = objNtSecurityDescriptor.Control
WScript.Echo "Permissions Tab"
WScript.StdOut.WriteLine "Allow inheritable permissions from the parent to"
WScript.StdOut.Write "propogate to this object and all child objects "
If (intNtSecurityDescriptorControl And SE_DACL_PROTECTED) Then
Wscript.Echo "is disabled."
Else
WScript.Echo "is enabled."
End If
WScript.Echo VbCr
Set objDiscretionaryAcl = objNtSecurityDescriptor.DiscretionaryAcl
DisplayAceInformation objDiscretionaryAcl, "DACL"
Sub DisplayAceInformation(SecurityStructure, strType)
Const ADS_ACETYPE_ACCESS_ALLOWED = &H0
Const ADS_ACETYPE_ACCESS_DENIED = &H1
Const ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = &H5
Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6
intAceCount = 0
For Each objAce In SecurityStructure
strTrustee = Mid(objAce.Trustee,1,12)
If StrComp(strTrustee, "NT AUTHORITY", 1) <> 0 Then
intAceCount = intAceCount + 1
WScript.Echo strType & " permission entry: " & intAceCount
WScript.Echo "Name: " & objAce.Trustee
intAceType = objAce.AceType
If (intAceType = ADS_ACETYPE_ACCESS_ALLOWED Or _
intAceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT) Then
WScript.Echo "Type: Allow Access"
ElseIf (intAceType = ADS_ACETYPE_ACCESS_DENIED Or _
intAceType = ADS_ACETYPE_ACCESS_DENIED_OBJECT) Then
WScript.StdOut.Write "Type: Deny Acess"
Else
WScript.Echo "Acess Type Unknown."
End If
ReadBitsInAccessMask(objAce.AccessMask)
WScript.Echo VbCr
End If
Next
End Sub
Sub ReadBitsInAccessMask(AccessMask)
Const ADS_RIGHT_DELETE = &H10000
Const ADS_RIGHT_READ_CONTROL = &H20000
Const ADS_RIGHT_WRITE_DAC = &H40000
Const ADS_RIGHT_WRITE_OWNER = &H80000
Const ADS_RIGHT_DS_CREATE_CHILD = &H1
Const ADS_RIGHT_DS_DELETE_CHILD = &H2
Const ADS_RIGHT_ACTRL_DS_LIST = &H4
Const ADS_RIGHT_DS_SELF = &H8
Const ADS_RIGHT_DS_READ_PROP = &H10
Const ADS_RIGHT_DS_WRITE_PROP = &H20
Const ADS_RIGHT_DS_DELETE_TREE = &H40
Const ADS_RIGHT_DS_LIST_OBJECT = &H80
Const ADS_RIGHT_DS_CONTROL_ACCESS = &H100
WScript.Echo VbCrLf & "Standard Access Rights"
If (AccessMask And ADS_RIGHT_DELETE) Then _
WScript.Echo vbTab & "-Delete an object."
If (AccessMask And ADS_RIGHT_READ_CONTROL) Then _
WScript.Echo vbTab & "-Read permissions."
If (AccessMask And ADS_RIGHT_WRITE_DAC) Then _
WScript.Echo vbTab & "-Write permissions."
If (AccessMask And ADS_RIGHT_WRITE_OWNER) Then _
WScript.Echo vbTab & "-Modify owner."
WScript.Echo VbCrLf & "Directory Service Specific Access Rights"
If (AccessMask And ADS_RIGHT_DS_CREATE_CHILD) Then _
WScript.Echo vbTab & "-Create child objects."
If (AccessMask And ADS_RIGHT_DS_DELETE_CHILD) Then _
WScript.Echo vbTab & "-Delete child objects."
If (AccessMask And ADS_RIGHT_ACTRL_DS_LIST) Then _
WScript.Echo vbTab & "-Enumerate an object."
If (AccessMask And ADS_RIGHT_DS_READ_PROP) Then _
WScript.Echo vbTab & "-Read the properties of an object."
If (AccessMask And ADS_RIGHT_DS_WRITE_PROP) Then _
WScript.Echo vbTab & "-Write the properties of an object."
If (AccessMask And ADS_RIGHT_DS_DELETE_TREE) Then _
WScript.Echo vbTab & "-Delete a tree of objects"
If (AccessMask And ADS_RIGHT_DS_LIST_OBJECT) Then _
WScript.Echo vbTab & "-List a tree of objects."
WScript.Echo VbCrLf & "Control Access Rights"
If (AccessMask And ADS_RIGHT_DS_CONTROL_ACCESS) + _
(AccessMask And ADS_RIGHT_DS_SELF) = 0 Then
WScript.Echo "-None"
Else
If (AccessMask And ADS_RIGHT_DS_CONTROL_ACCESS) Then _
WScript.Echo vbTab & "-Extended access rights."
If (AccessMask And ADS_RIGHT_DS_SELF) Then
WScript.Echo vbTab & "-Active Directory must validate a property "
WScript.Echo vbTab & " write operation beyond the schema definition "
WScript.Echo vbTab & " for the attribute."
End If
End If
End Sub
Reading the System Access Control List of an OU
Returns information found on the System Access Control List (SACL) for the Sales OU in Active Directory.
Const SE_SACL_PROTECTED = &H2000
Const ADS_SECURITY_INFO_OWNER = &H1
Const ADS_SECURITY_INFO_GROUP = &H2
Const ADS_OPTION_SECURITY_MASK =&H3
Const ADS_SECURITY_INFO_DACL = &H4
Const ADS_SECURITY_INFO_SACL = &H8
Set objContainer = GetObject _
("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com")
objContainer.SetOption ADS_OPTION_SECURITY_MASK, ADS_SECURITY_INFO_OWNER _
Or ADS_SECURITY_INFO_GROUP Or ADS_SECURITY_INFO_DACL _
Or ADS_SECURITY_INFO_SACL
Set objNtSecurityDescriptor = objContainer.Get("ntSecurityDescriptor")
intNtSecurityDescriptorControl = objNtSecurityDescriptor.Control
WScript.Echo "Auditing Tab"
WScript.StdOut.WriteLine "Allow inheritable auditing entries from" & _
"the parent to "
WScript.StdOut.Write "propogate to this object and all child objects "
If (intNtSecurityDescriptorControl And SE_SACL_PROTECTED) Then
Wscript.Echo "is disabled."
Else
WScript.Echo "is enabled."
End If
WScript.Echo VbCr
Set objSacl = objNtSecurityDescriptor.SystemAcl
DisplayAceInformation objSacl, "SACL"
Sub DisplayAceInformation(SecurityStructure, strType)
Const ADS_ACETYPE_SYSTEM_AUDIT = &H2
Const ADS_ACETYPE_SYSTEM_AUDIT_OBJECT = &H7
intAceCount = 0
For Each objAce In SecurityStructure
strTrustee = Mid(objAce.Trustee,1,12)
If StrComp(strTrustee, "NT AUTHORITY", 1) <> 0 Then
intAceCount = intAceCount + 1
WScript.Echo strType & " permission entry: " & intAceCount
WScript.Echo "Name: " & objAce.Trustee
intAceType = objAce.AceType
WScript.Echo "ACETYPE IS: " & intAceType
If (intAceType = ADS_ACETYPE_SYSTEM_AUDIT or _
intAceType = ADS_ACETYPE_SYSTEM_AUDIT_OBJECT) Then
WScript.StdOut.Write "Type: Success or Failure Audit"
Else
WScript.StdOut.Write "Audit Type Unknown."
End If
ReadBitsInAccessMask(objAce.AccessMask)
WScript.Echo VbCr
End If
Next
End Sub
Sub ReadBitsInAccessMask(AccessMask)
Const ADS_RIGHT_DELETE = &H10000
Const ADS_RIGHT_READ_CONTROL = &H20000
Const ADS_RIGHT_WRITE_DAC = &H40000
Const ADS_RIGHT_WRITE_OWNER = &H80000
Const ADS_RIGHT_DS_CREATE_CHILD = &H1
Const ADS_RIGHT_DS_DELETE_CHILD = &H2
Const ADS_RIGHT_ACTRL_DS_LIST = &H4
Const ADS_RIGHT_DS_SELF = &H8
Const ADS_RIGHT_DS_READ_PROP = &H10
Const ADS_RIGHT_DS_WRITE_PROP = &H20
Const ADS_RIGHT_DS_DELETE_TREE = &H40
Const ADS_RIGHT_DS_LIST_OBJECT = &H80
Const ADS_RIGHT_DS_CONTROL_ACCESS = &H100
WScript.Echo VbCrLf & "Standard Access Rights"
If (AccessMask And ADS_RIGHT_DELETE) Then _
WScript.Echo vbTab & "-Delete an object."
If (AccessMask And ADS_RIGHT_READ_CONTROL) Then _
WScript.Echo vbTab & "-Read permissions."
If (AccessMask And ADS_RIGHT_WRITE_DAC) Then _
WScript.Echo vbTab & "-Write permissions."
If (AccessMask And ADS_RIGHT_WRITE_OWNER) Then _
WScript.Echo vbTab & "-Modify owner."
WScript.Echo VbCrLf & "Directory Service Specific Access Rights"
If (AccessMask And ADS_RIGHT_DS_CREATE_CHILD) Then _
WScript.Echo vbTab & "-Create child objects."
If (AccessMask And ADS_RIGHT_DS_DELETE_CHILD) Then _
WScript.Echo vbTab & "-Delete child objects."
If (AccessMask And ADS_RIGHT_ACTRL_DS_LIST) Then _
WScript.Echo vbTab & "-Enumerate an object."
If (AccessMask And ADS_RIGHT_DS_READ_PROP) Then _
WScript.Echo vbTab & "-Read the properties of an object."
If (AccessMask And ADS_RIGHT_DS_WRITE_PROP) Then _
WScript.Echo vbTab & "-Write the properties of an object."
If (AccessMask And ADS_RIGHT_DS_DELETE_TREE) Then _
WScript.Echo vbTab & "-Delete a tree of objects"
If (AccessMask And ADS_RIGHT_DS_LIST_OBJECT) Then _
WScript.Echo vbTab & "-List a tree of objects."
WScript.Echo VbCrLf & "Control Access Rights"
If (AccessMask And ADS_RIGHT_DS_CONTROL_ACCESS) + _
(AccessMask And ADS_RIGHT_DS_SELF) = 0 Then
WScript.Echo "-None"
Else
If (AccessMask And ADS_RIGHT_DS_CONTROL_ACCESS) Then _
WScript.Echo vbTab & "-Extended access rights."
If (AccessMask And ADS_RIGHT_DS_SELF) Then
WScript.Echo vbTab & "-Active Directory must validate a property "
WScript.Echo vbTab & " write operation beyond the schema definition "
WScript.Echo vbTab & " for the attribute."
End If
End If
End Sub
Removing an OU Manager
Removes the manager entry for the Active Directory OU named Sales. When this group is run, the OU will no longer have an assigned manager.
Const ADS_PROPERTY_CLEAR = 1
Set objContainer = GetObject _
("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com")
objContainer.PutEx ADS_PROPERTY_CLEAR, "managedBy", 0
objContainer.SetInfo
Returning the Attributes of the organizationalUnit Class
Returns both the mandatory and optional attributes or the organizationalUnit class (as found in the Active Directory schema). This script must be run under CScript.
Set objOrganizationalUnitClass = _
GetObject("LDAP://schema/organizationalUnit")
Set objSchemaClass = GetObject(objOrganizationalUnitClass.Parent)
i = 0
WScript.Echo "Mandatory attributes:"
For Each strAttribute in objOrganizationalUnitClass.MandatoryProperties
i= i + 1
WScript.StdOut.Write i & vbTab & strAttribute
Set objAttribute = objSchemaClass.GetObject("Property", strAttribute)
WScript.StdOut.Write " (Syntax: " & objAttribute.Syntax & ")"
If objAttribute.MultiValued Then
WScript.Echo " Multivalued"
Else
WScript.Echo " Single-valued"
End If
Next
WScript.Echo VbCrLf & "Optional attributes:"
For Each strAttribute in objOrganizationalUnitClass.OptionalProperties
i= i + 1
WScript.StdOut.Write i & vbTab & strAttribute
Set objAttribute = objSchemaClass.GetObject("Property", strAttribute)
WScript.StdOut.Write " [Syntax: " & objAttribute.Syntax & "]"
If objAttribute.MultiValued Then
WScript.Echo " Multivalued"
Else
WScript.Echo " Single-valued"
End If
Next
Returning the General Properties of an OU
Returns information found on the General Properties page in Active Directory Users and Computers for an OU named Sales.
On Error Resume Next
Set objContainer = GetObject _
("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com")
strStreetAddress = objContainer.Get("street")
strLocalityName = objContainer.Get("l")
strStreetName = objContainer.Get("st")
strPostalCode = objContainer.Get("postalCode")
strCountryName = objContainer.Get("c")
strDescription = objContainer.GetEx("description")
For Each strValue in strDescription
WScript.echo "description: " & strValue
Next
WScript.echo "streetAddress: " & strStreetAddress
WScript.echo "l: " & strLocalityName
WScript.echo "st: " & strStreetName
WScript.echo "postalCode: " & strPostalCode
WScript.echo "c: " & strCountryName
Returning Group Policy Information for an OU
Returns the values found on the Group Policy page in Active Directory Users and Computers for the Sales OU.
On Error Resume Next
Set objContainer = GetObject _
("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com")
strGpLink = objContainer.Get("gPLink")
intGpOptions = objContainer.Get("gPOptions")
If strGpLink <> " " Then
arrGpLinkItems = Split(strGpLink,"]")
For i = UBound(arrGPLinkItems) to LBound(arrGpLinkItems) + 1 Step -1
arrGPLink = Split(arrGpLinkItems(i-1),";")
strDNGPLink = Mid(arrGPLink(0),9)
WScript.Echo GetGPOName
Select Case arrGPLink(1)
Case 0
WScript.Echo "No Override is cleared and the GPO is enabled."
Case 1
WScript.Echo "No Override is cleared and the GPO is disabled."
Case 2
WScript.Echo "No Override is checked and the GPO is enabled."
Case 3
WScript.Echo "No Override is checked and the GPO is disabled."
End Select
Next
WScript.Echo VbCrLf
End If
If intGpOptions = 1 Then
WScript.Echo "Block Policy Inheritance is checked."
Else
WScript.Echo "Block Policy Inheritance is not checked."
End If
Function GetGPOName
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
";;" & _
"distinguishedName,displayName;onelevel"
Set objRecordSet = objCommand.Execute
While Not objRecordSet.EOF
If objRecordSet.Fields("distinguishedName") = strDNGPLink Then
GetGPOName = objRecordSet.Fields("displayName")
objConnection.Close
Exit Function
End If
objRecordSet.MoveNext
Wend
objConnection.Close
End Function
Returning Managed By Information for an OU
Returns information about the account assigned as managed of the Sales OU in Active Directory.
On Error Resume Next
Set objContainer = GetObject _
("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com")
strManagedBy = objContainer.Get("managedBy")
If IsEmpty(strManagedBy) = TRUE Then
WScript.Echo "No user account is assigned to manage " & _
"this OU."
Else
Set objUser = GetObject("LDAP://" & strManagedBy)
strPhysicalDeliveryOfficeName = _
objUser.Get("physicalDeliveryOfficeName")
strStreetAddress = objUser.Get("streetAddress")
strLocalityName = objUser.Get("l")
strStateProvince = objUser.Get("st")
strCountryName = objUser.Get("c")
strTelephoneNumber = objUser.Get("telephoneNumber")
strFacsimileTelephoneNumber = _
objUser.Get("facsimileTelephoneNumber")
WScript.Echo "managedBy: " & strManagedBy
WScript.echo "physicalDeliveryOfficeName: " & _
strPhysicalDeliveryOfficeName
WScript.echo "streetAddress: " & strStreetAddress
WScript.echo "l: " & strLocalityName
WScript.echo "state/province: " & strStateProvince
WScript.echo "c: " & strCountryName
WScript.echo "telephoneNumber: " & strTelephoneNumber
WScript.echo "facsimileTelephoneNumber: " & _
strFacsimileTelephoneNumber
End If
Returning the Properties of an OU Object
Returns information found on the Object page in Active Directory Users and Computers for the Sales OU.
Set objContainer = GetObject _
("GC://ou=Sales,dc=NA,dc=fabrikam,dc=com")
strWhenCreated = objContainer.Get("whenCreated")
strWhenChanged = objContainer.Get("whenChanged")
Set objUSNChanged = objContainer.Get("uSNChanged")
dblUSNChanged = _
Abs(objUSNChanged.HighPart * 2^32 + objUSNChanged.LowPart)
Set objUSNCreated = objContainer.Get("uSNCreated")
dblUSNCreated = _
Abs(objUSNCreated.HighPart * 2^32 + objUSNCreated.LowPart)
objContainer.GetInfoEx Array("canonicalName"), 0
arrCanonicalName = objContainer.GetEx("canonicalName")
WScript.echo "CanonicalName of object:"
For Each strValue in arrCanonicalName
WScript.echo vbTab & strValue
Next
WScript.Echo vbCr
WScript.Echo "Object class: " & objContainer.Class & vbCrLf
WScript.echo "whenCreated: " & strWhenCreated & " (Created - GMT)"
WScript.echo "whenChanged: " & strWhenChanged & " (Modified - GMT)"
WScript.Echo VbCrLf
WScript.Echo "uSNChanged: " & dblUSNChanged & " (USN Current)"
WScript.Echo "uSNCreated: " & dblUSNCreated & " (USN Original)"