ActiveXperts

---

Monitor servers, workstations, devices and applications in your network

---

Scripts to retrieve User Account Properties

List Account Page Information for a User Account
List Address Page Information for a User Account
List All the Attributes of the User Class
List Allowed User Logon Hours
List All Telephone Settings for a User Account
List Audit Permissions for a User Account
List COM+ Information for a User Account
List the Dial-In Property Configuration Settings for a User Account
List Object Page Information for a User Account
List Organization Information for a User Account
List Published Certificates for a User Account
List Security Permissions for a User Account
List User Account Account Page Properties
List User Account Address Page Attributes
List userAccountControl Values for an Active Directory User Account
List User Account General Page Properties
List User Profile Properties
Search for a User Account in Active Directory

---

You can use any of the VBScript programs below in ActiveXperts Network Monitor. Click here for an explanation about how to include scripts in ActiveXperts Network Monitor.

---

List Account Page Information for a User Account

Returns basic account information for the MyerKen Active Directory user account.

On Error Resume Next

Set objUser = GetObject _
    ("LDAP://cn=Myerken,ou=Management,dc=NA,dc=fabrikam,dc=com")
 
WScript.Echo "User Principal Name: " & objUser.userPrincipalName
WScript.Echo "SAM Account Name: " & objUser.sAMAccountName
WScript.Echo "User Workstations: " & objUser.userWorkstations

Set objDomain = GetObject("LDAP://dc=NA,dc=fabrikam,dc=com")
WScript.Echo "Domain controller: " & objDomain.dc
	

List Address Page Information for a User Account

Returns address-related attribute values for the MyerKen Active Directory user account.

On Error Resume Next
Set objUser = GetObject _
    ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
 
WScript.Echo "Street Address: " & objUser.streetAddress
WScript.Echo "Locality: " & objUser.l
WScript.Echo "State/province: " & objUser.st
WScript.Echo "Postal Code: " & objUser.postalCode
WScript.Echo "Country: " & objUser.c
 
WScript.Echo "Post Office Boxes:"
For Each strValue in objUser.postOfficeBox
    WScript.echo vbTab & vbTab & strValue
Next
	

List All the Attributes of the User Class

Returns a list of mandatory and optional attributes for the User class in Active Directory.

Set objUserClass = GetObject("LDAP://schema/user")
Set objSchemaClass = GetObject(objUserClass.Parent)
 
i = 0
WScript.Echo "Mandatory attributes:"
For Each strAttribute in objUserClass.MandatoryProperties
    i= i + 1
    WScript.Echo i & vbTab & strAttribute
    Set objAttribute = objSchemaClass.GetObject("Property",  strAttribute)
    WScript.Echo " (Syntax: " & objAttribute.Syntax & ")"
    If objAttribute.MultiValued Then
        WScript.Echo " Multivalued"
    Else
        WScript.Echo " Single-valued"
    End If
Next
 
WScript.Echo VbCrLf & "Optional attributes:"
For Each strAttribute in objUserClass.OptionalProperties
    i=i + 1
    WScript.Echo i & vbTab & strAttribute
    Set objAttribute = objSchemaClass.GetObject("Property",  strAttribute)
    WScript.Echo " [Syntax: " & objAttribute.Syntax & "]"
    If objAttribute.MultiValued Then
        WScript.Echo " Multivalued"
    Else
        WScript.Echo " Single-valued"
    End If
Next
	

List Allowed User Logon Hours

Returns the allowed logon hours for the MyerKen Active Directory user account.

On Error Resume Next
Dim arrLogonHoursBytes(20)
Dim arrLogonHoursBits(167)
arrDayOfWeek = Array _
    ("Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat")
 
Set objUser = GetObject _
    ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
arrLogonHours = objUser.Get("logonHours")
 
For i = 1 To LenB(arrLogonHours)
    arrLogonHoursBytes(i-1) = AscB(MidB(arrLogonHours, i, 1))
    WScript.Echo "MidB returns: " & MidB(arrLogonHours, i, 1)
    WScript.Echo "arrLogonHoursBytes: " & arrLogonHoursBytes(i-1)
    wscript.echo vbcrlf
Next
 
intCounter = 0
intLoopCounter = 0
WScript.echo "Day  Byte 1   Byte 2   Byte 3"
For Each LogonHourByte In arrLogonHoursBytes
    arrLogonHourBits = GetLogonHourBits(LogonHourByte)
 
    If intCounter = 0 Then
        WScript.STDOUT.Write arrDayOfWeek(intLoopCounter) & Space(2)
        intLoopCounter = intLoopCounter + 1
    End If
 
    For Each LogonHourBit In arrLogonHourBits
        WScript.STDOUT.Write LogonHourBit
        intCounter = 1 + intCounter
 
        If intCounter = 8 or intCounter = 16 Then
            Wscript.STDOUT.Write Space(1)
        End If
        
        If intCounter = 24 Then
            WScript.echo vbCr
            intCounter = 0
        End If 
    Next
Next
 
Function GetLogonHourBits(x)
    Dim arrBits(7)
    For i = 7 to 0 Step -1
        If x And 2^i Then
            arrBits(i) = 1
        Else
            arrBits(i) = 0
        End If
    Next
    GetLogonHourBits = arrBits
End Function
	

List All Telephone Settings for a User Account

Displays all the telephone attribute values for the MyerKen Active Directory user account.

On Error Resume Next

Set objUser = GetObject _
    ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
 
WScript.Echo "Home Phone: " & objUser.homePhone
WScript.Echo "Pager: " & objUser.pager
WScript.Echo "Mobile phone: " & objUser.mobile
WScript.Echo " IP Phone: " & objUser.ipPhone
WScript.Echo "Information: " & objUser.info
WScript.Echo " Fax Number: " & objUser.facsimileTelephoneNumber
 
WScript.Echo "Other Home Phone:"
For Each strValue in objUser.otherHomePhone
    WScript.Echo strValue
Next
 
WScript.Echo "Other Pager:"
For Each strValue in objUser.otherPager
    WScript.Echo strValue
Next
 
WScript.Echo "oOther Mobile Phone:"
For Each strValue in objUser.otherMobile
    WScript.Echo strValue
Next
 
WScript.Echo "Other IP Phone:"
For Each strValue in objUser.otherIpPhone
    WScript.Echo strValue
Next
 
WScript.Echo "Other Fax Number:"
For Each strValue in objUser.otherFacsimileTelephoneNumber
    WScript.Echo strValue
Next
	

List Audit Permissions for a User Account

Returns audit permissions for the MyerKen Active Directory user account.

Const SE_SACL_PROTECTED = &H2000 
Const ADS_SECURITY_INFO_OWNER = &H1 
Const ADS_SECURITY_INFO_GROUP = &H2
Const ADS_OPTION_SECURITY_MASK =&H3
Const ADS_SECURITY_INFO_DACL = &H4 
Const ADS_SECURITY_INFO_SACL = &H8
 
Set objUser = GetObject _
    ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
 
objUser.SetOption ADS_OPTION_SECURITY_MASK, ADS_SECURITY_INFO_OWNER _
    Or ADS_SECURITY_INFO_GROUP Or ADS_SECURITY_INFO_DACL _
        Or ADS_SECURITY_INFO_SACL
  
Set objNtSecurityDescriptor = objUser.Get("ntSecurityDescriptor")
 
intNtSecurityDescriptorControl = objNtSecurityDescriptor.Control
 
WScript.Echo "Auditing Tab"
strMessage = "Allow inheritable auditing entries from" & _ 
    "the parent to propogate to this object and all child objects "
If (intNtSecurityDescriptorControl And SE_SACL_PROTECTED) Then
    Wscript.Echo strMessage & "is disabled."
Else
    WScript.Echo strMessage & "is enabled."
End If
WScript.Echo 
 
Set objSacl = objNtSecurityDescriptor.SystemAcl
DisplayAceInformation objSacl, "SACL"
 
Sub DisplayAceInformation(SecurityStructure, strType)
    Const ADS_ACETYPE_SYSTEM_AUDIT = &H2 
    Const ADS_ACETYPE_SYSTEM_AUDIT_OBJECT = &H7 
  
    intAceCount = 0
    For Each objAce In SecurityStructure
        strTrustee = Mid(objAce.Trustee,1,12)
        If StrComp(strTrustee, "NT AUTHORITY", 1) <> 0 Then
            intAceCount = intAceCount + 1
            WScript.Echo strType & " permission entry: " & intAceCount
            WScript.Echo "Name: " & objAce.Trustee
 
            intAceType = objAce.AceType
            WScript.Echo "ACETYPE IS: " & intAceType
            If (intAceType = ADS_ACETYPE_SYSTEM_AUDIT or _
                intAceType = ADS_ACETYPE_SYSTEM_AUDIT_OBJECT) Then
                WScript.Echo "Type: Success or Failure Audit"
            Else
                WScript.Echo "Audit Type Unknown."
            End If
            ReadBitsInAccessMask(objAce.AccessMask)
            WScript.Echo 
        End If
    Next
End Sub
 
Sub ReadBitsInAccessMask(AccessMask)
    Const ADS_RIGHT_DELETE = &H10000
    Const ADS_RIGHT_READ_CONTROL = &H20000
    Const ADS_RIGHT_WRITE_DAC = &H40000
    Const ADS_RIGHT_WRITE_OWNER = &H80000
    Const ADS_RIGHT_DS_CREATE_CHILD = &H1
    Const ADS_RIGHT_DS_DELETE_CHILD = &H2
    Const ADS_RIGHT_ACTRL_DS_LIST = &H4
    Const ADS_RIGHT_DS_SELF = &H8
    Const ADS_RIGHT_DS_READ_PROP = &H10
    Const ADS_RIGHT_DS_WRITE_PROP = &H20
    Const ADS_RIGHT_DS_DELETE_TREE = &H40
    Const ADS_RIGHT_DS_LIST_OBJECT = &H80
    Const ADS_RIGHT_DS_CONTROL_ACCESS = &H100
 
    WScript.Echo VbCrLf & "Standard Access Rights"
    If (AccessMask And ADS_RIGHT_DELETE) Then _
        WScript.Echo vbTab & "-Delete an object."
    If (AccessMask And ADS_RIGHT_READ_CONTROL) Then _
        WScript.Echo vbTab & "-Read permissions."
    If (AccessMask And ADS_RIGHT_WRITE_DAC) Then _
        WScript.Echo vbTab & "-Write permissions."
    If (AccessMask And ADS_RIGHT_WRITE_OWNER) Then _
        WScript.Echo vbTab & "-Modify owner."
  
    WScript.Echo VbCrLf & "Directory Service Specific Access Rights"
    If (AccessMask And ADS_RIGHT_DS_CREATE_CHILD) Then _
        WScript.Echo vbTab & "-Create child objects."
    If (AccessMask And ADS_RIGHT_DS_DELETE_CHILD) Then _
        WScript.Echo vbTab & "-Delete child objects."
    If (AccessMask And ADS_RIGHT_ACTRL_DS_LIST) Then _
        WScript.Echo vbTab & "-Enumerate an object."
    If (AccessMask And ADS_RIGHT_DS_READ_PROP) Then _
        WScript.Echo vbTab & "-Read the properties of an object."
    If (AccessMask And ADS_RIGHT_DS_WRITE_PROP) Then _
        WScript.Echo vbTab & "-Write the properties of an object."
    If (AccessMask And ADS_RIGHT_DS_DELETE_TREE) Then _
        WScript.Echo vbTab & "-Delete a tree of objects"
    If (AccessMask And ADS_RIGHT_DS_LIST_OBJECT) Then _
        WScript.Echo vbTab & "-List a tree of objects."
 
    WScript.Echo VbCrLf & "Control Access Rights"
    If (AccessMask And ADS_RIGHT_DS_CONTROL_ACCESS) + _
        (AccessMask And ADS_RIGHT_DS_SELF) = 0 Then
        WScript.Echo "-None"
    Else 
        If (AccessMask And ADS_RIGHT_DS_CONTROL_ACCESS) Then _
            WScript.Echo vbTab & "-Extended access rights."
            If (AccessMask And ADS_RIGHT_DS_SELF) Then
                WScript.Echo vbTab & "-Active Directory must validate " & _
                    "a property "
                WScript.Echo vbTab & " write operation beyond the " & _
                    "schema definition "
                WScript.Echo vbTab & " for the attribute."
        End If
    End If
End Sub
	

List COM+ Information for a User Account

Returns COM+ information for the MyerKen Active Directory user account.

On Error Resume Next

Set objUser = GetObject _
    ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")

WScript.Echo "COM User Partition Set Link: " & _
    objUser.msCOM-UserPartitionSetLink
	

List the Dial-In Property Configuration Settings for a User Account

Enumerates the Dial-In configuration settings for the MyerKen Active Directory user account.

On Error Resume Next

Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D

Const FourthOctet = 1
Const ThirdOctet = 256
Const SecondOctet = 65536
Const FirstOctet = 16777216
 
Set objUser = GetObject _
    ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
 
blnMsNPAllowDialin = objUser.Get("msNPAllowDialin")
WScript.Echo "Remote Access Permission (Dial-in or VPN)"
If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
    WScript.Echo "Control access through Remote Access Policy"
    Err.Clear
Else
    If blnMsNPAllowDialin = True Then
        WScript.Echo "Allow access (msNPAllowDialin)"
    Else
        WScript.Echo "Deny access (msNPAllowDialin)"
    End If
End If
WScript.Echo 
 
arrMsNPSavedCallingStationID = objUser.GetEx("msNPSavedCallingStationID")
If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
    WScript.Echo "No Caller-ID specified."
    Err.Clear
Else
    WScript.Echo "Verify Caller ID (msNPSavedCallingStationID): "
    For Each strValue in arrMsNPSavedCallingStationID
        WScript.echo strValue
    Next
  
    objUser.GetEx "msNPCallingStationID"
    If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
        WScript.Echo "Calling station ID(s) specified but not assigned."
        Err.Clear
    Else
        WScript.echo "Calling station ID(s) assigned."
    End If
  
End If
WScript.Echo 
 
intMsRADIUSServiceType = objUser.Get("msRADIUSServiceType")
WScript.Echo "Callback Options"
If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
    WScript.Echo "No Callback"
    Err.Clear
Else
    strMsRADIUSCallbackNumber = objUser.Get("msRADIUSCallbackNumber")
    If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
        WScript.Echo "Set by caller (Routing and Remote Access Service only)"
        Err.Clear
  
    strMsRASSavedCallbackNumber = objUser.Get("msRASSavedCallbackNumber")
    If Err.Number <> E_ADS_PROPERTY_NOT_FOUND Then
        WScript.Echo "Unused value of " & strMsRASSavedCallbackNumber & _
            " appears in the Always Callback to field."
    Else
        Err.Clear
    End If  
Else
    WScript.Echo "Always Callback to: " & _
        strMsRADIUSCallbackNumber & " (msRADIUSCallbackNumber)"
    End If
End If   
WScript.Echo
 
intMsRASSavedFramedIPAddress = objUser.Get("msRASSavedFramedIPAddress")
If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
    WScript.Echo "No static IP address assigned."
    Err.Clear
Else
    If sgn(intMsRASSavedFramedIPAddress) = -1 Then
        intIP = intMsRASSavedFramedIPAddress
        WScript.StdOut.Write 256 + (int(intIP/FirstOctet)) & "."
        intFirstRemainder = intIP mod FirstOctet
        WScript.StdOut.Write 256 + (int(intFirstRemainder/SecondOctet)) & "."
        intSecondRemainder = intFirstRemainder mod SecondOctet
        WScript.StdOut.Write 256 + (int(intSecondRemainder/ThirdOctet)) & "."
        intThirdRemainder = intSecondRemainder mod ThirdOctet
        WScript.Echo 256 + (int(intThirdRemainder/FourthOctet))
    Else
        intIP = intMsRASSavedFramedIPAddress
        WScript.StdOut.Write  int(intIP/FirstOctet) & "."
        intFirstRemainder = intIP mod FirstOctet
        WScript.StdOut.Write  int(intFirstRemainder/SecondOctet) & "."
        intSecondRemainder = intFirstRemainder mod SecondOctet
        WScript.StdOut.Write  int(intSecondRemainder/ThirdOctet) & "."
        intThirdRemainder = intSecondRemainder mod ThirdOctet
        WScript.Echo int(intThirdRemainder/FourthOctet)
    End If
    
    objUser.Get "msRADIUSFramedIPAddress"
    If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
        WScript.Echo "Static IP address specified but not assigned."
        Err.Clear
    Else
        WScript.Echo "Static IP Address assigned."
    End If
 
End If
WScript.Echo 
 
arrMsRASSavedFramedRoute = objUser.GetEx("msRASSavedFramedRoute")
If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
    WScript.Echo "No static Routes specified."
    Err.Clear
Else
    WScript.echo "Static Routes (msRASSavedFramedRoute):"
    WScript.Echo vbTab & "CIDR 0.0.0.0 Metric"
    For Each strValue in arrMsRASSavedFramedRoute
        WScript.echo vbTab & strValue
    Next
  
    objUser.GetEx "msRADIUSFramedRoute"
    If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
        WScript.Echo "Static Routes specified but not assigned."
        Err.Clear
    Else
        WScript.echo "Static Routes assigned."
    End If
End If
	

List Object Page Information for a User Account

Returns information about the MyerKen user account object in Active Directory.

Set objUser = GetObject _
    ("GC://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
 
strWhenCreated = objUser.Get("whenCreated")
strWhenChanged = objUser.Get("whenChanged")
 
Set objUSNChanged = objUser.Get("uSNChanged")
dblUSNChanged = _
    Abs(objUSNChanged.HighPart * 2^32 + objUSNChanged.LowPart)
 
Set objUSNCreated = objUser.Get("uSNCreated")
dblUSNCreated = _
    Abs(objUSNCreated.HighPart * 2^32 + objUSNCreated.LowPart)
 
objUser.GetInfoEx Array("canonicalName"), 0
arrCanonicalName = objUser.GetEx("canonicalName")
 
WScript.echo "Canonical Name of object:"
For Each strValue in arrCanonicalName
    WScript.Echo vbTab & strValue
Next
WScript.Echo 
 
WScript.Echo "Object class: " & objUser.Class
WScript.echo "When Created: " & strWhenCreated & " (Created - GMT)"
WScript.echo "When Changed: " & strWhenChanged & " (Modified - GMT)"
WScript.Echo 
WScript.Echo "USN Changed: " & dblUSNChanged & " (USN Current)"
WScript.Echo "USN Created: " & dblUSNCreated & " (USN Original)"
	

List Organization Information for a User Account

Retrieves user account attributes found on the Organization page of the user account object in Active Directory Users and Computers.

On Error Resume Next

Set objUser = GetObject _
    ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")

WScript.Echo "Title: " & objUser.title
WScript.Echo "Department: " & objUser.department
WScript.Echo "Company: " & objUser.company
WScript.Echo "Manager: " & objUser.manager
 
For Each strValue in objUser.directReports
    WScript.Echo "Direct Reports: " & strValue
Next
	

List Published Certificates for a User Account

Retrieves a list of all the published certificates assigned to the MyerKen user account.

On Error Resume Next

Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D
Const ForWriting = 2
Const WshRunning = 0
 
Set objUser = GetObject _
    ("GC://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.GetInfoEx Array("userCertificate"), 0
arrUserCertificates = objUser.GetEx("userCertificate")
 
If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
    WScript.Echo "No assigned certificates"
    WScript.Quit
Else
    Set objShell = CreateObject("WScript.Shell")
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    strPath = "." 
    intFileCounter = 0
 
    For Each arrUserCertificate in arrUserCertificates
        strFileName = "file" & intFileCounter
        strFullName = objFSO.BuildPath(strPath, strFileName)
        Set objFile = objFSO.OpenTextFile(strFullName, ForWriting, True)
        
        For i = 1 To LenB(arrUserCertificate)
            ReDim Preserve arrUserCertificatesChar(i - 1)
            arrUserCertificatesChar(i-1) = _
                Hex(AscB(MidB(arrUserCertificate, i, 3)))
        Next
                
        intCounter=0
        For Each HexVal in arrUserCertificatesChar
            intCounter=intCounter + 1
            If Len(HexVal) = 1 Then 
                objFile.Write(0 & HexVal & " ")
            Else
                objFile.Write(HexVal & " ")
            End If
        Next
        objFile.Close
        Set objFile = Nothing
  
        Set objExecCmd1 = objShell.Exec _
            ("certutil -decodeHex " & strFileName & " " & strFileName & ".cer")
        Do While objExecCmd1.Status = WshRunning
            WScript.Sleep 100
        Loop
        Set objExecCmd1 = Nothing
 
        Set objExecCmd2 = objShell.Exec("certutil " & strFileName & ".cer")
        Set objStdOut = objExecCmd2.StdOut
        Set objExecCmd2 = Nothing
      
        WScript.Echo VbCrLf & "Certificate " & intFileCounter + 1
        While Not objStdOut.AtEndOfStream
            strLine = objStdOut.ReadLine
            If InStr(strLine, "Issuer:") Then
                WScript.Echo Trim(strLine)
                WScript.Echo vbTab & Trim(objStdOut.ReadLine)
            End If
            If InStr(strLine, "Subject:") Then
                Wscript.Echo Trim(strLine)
                WScript.Echo vbTab & Trim(objStdOut.ReadLine)
            End If
            If InStr(strLine, "NotAfter:") Then
                strLine = Trim(strLine)
                WScript.Echo "Expires:"
                Wscript.Echo vbTab & Mid(strLine, 11)
            End If
        Wend
 
        objFSO.DeleteFile(strFullName)
        objFSO.DeleteFile(strPath & "\" & strFileName & ".cer") 
  
        intFileCounter = intFileCounter + 1
    Next
End If
	

List Security Permissions for a User Account

Returns security permissions for the MyerKen Active Directory user account.

Const SE_DACL_PROTECTED = &H1000 
 
Set objUser = GetObject _
    ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
 
Set objNtSecurityDescriptor = objUser.Get("ntSecurityDescriptor")
intNtSecurityDescriptorControl = objNtSecurityDescriptor.Control
 
WScript.Echo "Permissions Tab"
strMessage = "Allow inheritable permissions from the parent to " & _
    "propogate to this object and all child objects "
If (intNtSecurityDescriptorControl And SE_DACL_PROTECTED) Then
    Wscript.Echo strMessage & "is disabled."
Else
    WScript.Echo strMessage & "is enabled."
End If
WScript.Echo 
 
Set objDiscretionaryAcl = objNtSecurityDescriptor.DiscretionaryAcl
DisplayAceInformation objDiscretionaryAcl, "DACL"
 
Sub DisplayAceInformation(SecurityStructure, strType)
    Const ADS_ACETYPE_ACCESS_ALLOWED = &H0 
    Const ADS_ACETYPE_ACCESS_DENIED = &H1 
    Const ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = &H5 
    Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6 
    intAceCount = 0
    For Each objAce In SecurityStructure
        strTrustee = Mid(objAce.Trustee,1,12)
        If StrComp(strTrustee, "NT AUTHORITY", 1) <> 0 Then
            intAceCount = intAceCount + 1
            WScript.Echo strType & " permission entry: " & intAceCount
            WScript.Echo "Name: " & objAce.Trustee
 
            intAceType = objAce.AceType
            If (intAceType = ADS_ACETYPE_ACCESS_ALLOWED Or _
                intAceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT) Then
                WScript.Echo "Type: Allow Access"
            ElseIf (intAceType = ADS_ACETYPE_ACCESS_DENIED Or _
                intAceType = ADS_ACETYPE_ACCESS_DENIED_OBJECT) Then
                WScript.Echo "Type: Deny Acess"
            Else
                WScript.Echo "Acess Type Unknown."
            End If
            ReadBitsInAccessMask(objAce.AccessMask)
            WScript.Echo 
        End If
    Next
End Sub
 
Sub ReadBitsInAccessMask(AccessMask)
    Const ADS_RIGHT_DELETE = &H10000
    Const ADS_RIGHT_READ_CONTROL = &H20000
    Const ADS_RIGHT_WRITE_DAC = &H40000
    Const ADS_RIGHT_WRITE_OWNER = &H80000
    Const ADS_RIGHT_DS_CREATE_CHILD = &H1
    Const ADS_RIGHT_DS_DELETE_CHILD = &H2
    Const ADS_RIGHT_ACTRL_DS_LIST = &H4
    Const ADS_RIGHT_DS_SELF = &H8
    Const ADS_RIGHT_DS_READ_PROP = &H10
    Const ADS_RIGHT_DS_WRITE_PROP = &H20
    Const ADS_RIGHT_DS_DELETE_TREE = &H40
    Const ADS_RIGHT_DS_LIST_OBJECT = &H80
    Const ADS_RIGHT_DS_CONTROL_ACCESS = &H100
 
    WScript.Echo VbCrLf & "Standard Access Rights"
    If (AccessMask And ADS_RIGHT_DELETE) Then _
        WScript.Echo vbTab & "-Delete an object."
    If (AccessMask And ADS_RIGHT_READ_CONTROL) Then _
        WScript.Echo vbTab & "-Read permissions."
    If (AccessMask And ADS_RIGHT_WRITE_DAC) Then _
        WScript.Echo vbTab & "-Write permissions."
    If (AccessMask And ADS_RIGHT_WRITE_OWNER) Then _
        WScript.Echo vbTab & "-Modify owner."
  
    WScript.Echo VbCrLf & "Directory Service Specific Access Rights"
    If (AccessMask And ADS_RIGHT_DS_CREATE_CHILD) Then _
        WScript.Echo vbTab & "-Create child objects."
    If (AccessMask And ADS_RIGHT_DS_DELETE_CHILD) Then _
        WScript.Echo vbTab & "-Delete child objects."
    If (AccessMask And ADS_RIGHT_ACTRL_DS_LIST) Then _
        WScript.Echo vbTab & "-Enumerate an object."
    If (AccessMask And ADS_RIGHT_DS_READ_PROP) Then _
        WScript.Echo vbTab & "-Read the properties of an object."
    If (AccessMask And ADS_RIGHT_DS_WRITE_PROP) Then _
        WScript.Echo vbTab & "-Write the properties of an object."
    If (AccessMask And ADS_RIGHT_DS_DELETE_TREE) Then _
        WScript.Echo vbTab & "-Delete a tree of objects"
    If (AccessMask And ADS_RIGHT_DS_LIST_OBJECT) Then _
        WScript.Echo vbTab & "-List a tree of objects."
 
    WScript.Echo VbCrLf & "Control Access Rights"
    If (AccessMask And ADS_RIGHT_DS_CONTROL_ACCESS) + _
        (AccessMask And ADS_RIGHT_DS_SELF) = 0 Then
            WScript.Echo "-None"
    Else 
        If (AccessMask And ADS_RIGHT_DS_CONTROL_ACCESS) Then _
            WScript.Echo vbTab & "-Extended access rights."
        If (AccessMask And ADS_RIGHT_DS_SELF) Then
            WScript.Echo vbTab & "-Active Directory must validate a property "
            WScript.Echo vbTab & " write operation beyond the schema " & _
                "definition "
            WScript.Echo vbTab & " for the attribute."
        End If
    End If
End Sub
	

List User Account Account Page Properties

Retrieves user account attributes found on the Account page of the user account object in Active Directory Users and Computers.

On Error Resume Next

Set objUser = GetObject _
    ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
 
WScript.Echo "User Principal Name: " & objUser.userPrincipalName
WScript.Echo "SAM Account Name: " & objUser.sAMAccountName
WScript.Echo "User Workstations: " & objUser.userWorkstations

Set objDomain = GetObject("LDAP://dc=fabrikam,dc=com")
WScript.Echo "Domain controller: " & objDomain.dc
	

List User Account Address Page Attributes

Retrieves user account attributes found on the Address page of the user account object in Active Directory Users and Computers.

On Error Resume Next
 
Set objUser = GetObject _
  ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
 
WScript.Echo "Street Address: " & objUser.streetAddress
WScript.Echo "Post Office Box: " & objUser.postOfficeBox
WScript.Echo "Locality: " & objUser.l
WScript.Echo "Street: " & objUser.st
WScript.Echo "Postal Code: " & objUser.postalCode
WScript.Echo "Country: " & objUser.c
	

List userAccountControl Values for an Active Directory User Account

Reads values from the userAccountControl of the MyerKen Active Directory user account.

Set objHash = CreateObject("Scripting.Dictionary")
 
objHash.Add "ADS_UF_SMARTCARD_REQUIRED", &h40000 
objHash.Add "ADS_UF_TRUSTED_FOR_DELEGATION", &h80000 
objHash.Add "ADS_UF_NOT_DELEGATED", &h100000 
objHash.Add "ADS_UF_USE_DES_KEY_ONLY", &h200000 
objHash.Add "ADS_UF_DONT_REQUIRE_PREAUTH", &h400000 
 
Set objUser = GetObject _
    ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
intUAC = objUser.Get("userAccountControl")
 
If objUser.IsAccountLocked = True Then
    Wscript.Echo "ADS_UF_LOCKOUT is enabled"
Else
    Wscript.Echo "ADS_UF_LOCKOUT is disabled"
End If
wscript.echo VBCRLF
 
For Each Key In objHash.Keys
    If objHash(Key) And intUAC Then 
        Wscript.Echo Key & " is enabled"
    Else
        Wscript.Echo Key & " is disabled"
  End If
Next
	

List User Account General Page Properties

Retrieves user account attributes found on the General Properties page of the user account object in Active Directory Users and Computers.

On Error Resume Next

Set objUser = GetObject _
    ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")


WScript.Echo "First Name: " & objUser.givenName
WScript.Echo "Initials: " & objUser.initials
WScript.Echo "Last Name: " & objUser.sn
WScript.Echo "Display Name: " & objUser.displayName
WScript.Echo "Office: " & _
    objUser.physicalDeliveryOfficeName
WScript.Echo "Telephone Number: " & objUser.telephoneNumber
WScript.Echo "Email: " & objUser.mail
WScript.Echo "Home Page: " & 
 
For Each strValue in objUser.description
    WScript.Echo "Description: " & strValue
Next

For Each strValue in objUser.otherTelephone
    WScript.Echo "Other Telephone: " & strValue
Next

For Each strValue in objUser.url
    WScript.Echo "URL: " & strValue
Next
	

List User Profile Properties

Retrieves user account attributes found on the Profile page of the user account object in Active Directory Users and Computers.

On Error Resume Next

Set objUser = GetObject _
    ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
 
Wscript.Echo "Profile Path: " & objUser.ProfilePath
Wscript.Echo "Script Path: " & objUser.ScriptPath
Wscript.Echo "Home Directory: " & objUser.HomeDirectory
Wscript.Echo "Home Drive: " & objUser.HomeDrive
	

Search for a User Account in Active Directory

Searches Active Directory to see if a user account with the name kenmyer already exists.

strUserName = "kenmyer"
dtStart = TimeValue(Now())
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
 
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
 
objCommand.CommandText = _
    ";(&(objectCategory=User)" & _
         "(samAccountName=" & strUserName & "));samAccountName;subtree"
  
Set objRecordSet = objCommand.Execute
 
If objRecordset.RecordCount = 0 Then
    WScript.Echo "sAMAccountName: " & strUserName & " does not exist."
Else
    WScript.Echo strUserName & " exists."
End If
 
objConnection.Close
	

Footer Navigation

• © 2012 ActiveXperts Software B.V. All rights reserved.
• Site Map
• Contact Us
• Terms of Use
• Privacy Policy