ADSI scripts
Bind to Active Directory using rootDSEList All the Attributes of an Active Directory Class
List Active Directory Auxiliary Classes
List the Active Directory Class Type for an Object
List Active Directory System Information
List Domain Object Property Values
List the Names of All Objects in the Configuration Container
List the Parent Class of an Active Directory Object
Use a Search to Modify Similar Active Directory Objects
Verify That an Attribute is in the Global Catalog
Verify That an Attribute is Operational
Verify Whether Attributes are Indexed and-or in the Global Catalog
You can use any of the VBScript programs below in ActiveXperts Network Monitor. Click here for an explanation about how to include scripts in ActiveXperts Network Monitor.
Bind to Active Directory using rootDSE
Demonstration script that uses rootDSE to bind to various objects in the local Active Directory domain.
Set objRootDSE = GetObject("LDAP://rootDSE")
strSchema = "LDAP://" & objRootDSE.Get("schemaNamingContext")
WScript.echo "ADsPath to schema: " & strSchema
Set objSchema = GetObject(strSchema)
WScript.Echo "Schema Object:"
WScript.Echo "Name: " & objSchema.Name
WScript.Echo "Class: " & objSchema.Class & VbCrLf
strConfiguration = "LDAP://" & objRootDSE.Get("configurationNamingContext")
WScript.Echo "ADsPath to configuration container: " & strConfiguration
Set objConfiguration = GetObject(strConfiguration)
WScript.Echo "Configuration Object:"
WScript.Echo "Name: " & objConfiguration.Name
WScript.Echo "Class: " & objConfiguration.Class & VbCrLf
strDomain = "LDAP://" & objRootDSE.Get("defaultNamingContext")
WScript.Echo "ADsPath to current domain container: " & strDomain
Set objDomain = GetObject(strDomain)
WScript.Echo "Current Domain Object:"
WScript.Echo "Name: " & objDomain.Name
WScript.Echo "Class: " & objDomain.Class & VbCrLf
strRootDomain = "LDAP://" & objRootDSE.Get("rootDomainNamingContext")
WScript.Echo "ADsPath to root domain container: " & strDomain
Set objRootDomain = GetObject(strRootDomain)
WScript.Echo "Current Domain Object:"
WScript.Echo "Name: " & objRootDomain.Name
WScript.Echo "Class: " & objRootDomain.Class & VbCrLf
List All the Attributes of an Active Directory Class
Returns all the attributes associated with the Computer class in Active Directory.
Set objSchemaComputer = GetObject("LDAP://schema/computer")
WScript.Echo "Mandatory (Must-Contain) attributes"
For Each strAttribute in objSchemaComputer.MandatoryProperties
WScript.Echo strAttribute
Next
WScript.Echo VbCrLf & "Optional (May-Contain) attributes"
For Each strAttribute in objSchemaComputer.OptionalProperties
WScript.Echo strAttribute
Next
List Active Directory Auxiliary Classes
Returns a list of all the Active Directory auxiliary classes directly applied to the User class.
On Error Resume Next
strClassName = "cn=user"
Set objSchemaClass = GetObject _
("LDAP://" & strClassName & _
",cn=schema,cn=configuration,dc=fabrikam,dc=com")
arrSystemAuxiliaryClass = _
objSchemaClass.GetEx("systemAuxiliaryClass")
If isEmpty(arrSystemAuxiliaryClass) Then
WScript.Echo "There are no auxiliary classes" & _
" applied directly to this class."
Else
WScript.StdOut.Write "Auxiliary classes: "
For Each strAuxiliaryClass in arrSystemAuxiliaryClass
WScript.StdOut.Write strAuxiliaryClass & " | "
Next
WScript.Echo
End If
List the Active Directory Class Type for an Object
Determines the Active Directory class type for the organizational-person object.
strClassName = "cn=organizational-person"
Set objSchemaClass = GetObject _
("LDAP://" & strClassName & _
",cn=schema,cn=configuration,dc=fabrikam,dc=com")
intClassCategory = objSchemaClass.Get("objectClassCategory")
Select Case intClassCategory
Case 0
strCategory = "88"
Case 1
strCategory = "structural"
Case 2
strCategory = "abstract"
Case 3
strCategory = "auxiliary"
End Select
Wscript.Echo strClassName & " is categorized as " & strCategory & "."
List Active Directory System Information
Uses the ADSystemInfo interface to return domain information for a computer, including computer name, site name, and various domain names (short name, domain DNS name, and forest DNS name).
On Error Resume Next
Set objSysInfo = CreateObject("ADSystemInfo")
Wscript.Echo "User name: " & objSysInfo.UserName
Wscript.Echo "Computer name: " & objSysInfo.ComputerName
Wscript.Echo "Site name: " & objSysInfo.SiteName
Wscript.Echo "Domain short name: " & objSysInfo.DomainShortName
Wscript.Echo "Domain DNS name: " & objSysInfo.DomainDNSName
Wscript.Echo "Forest DNS name: " & objSysInfo.ForestDNSName
Wscript.Echo "PDC role owner: " & objSysInfo.PDCRoleOwner
Wscript.Echo "Schema role owner: " & objSysInfo.SchemaRoleOwner
Wscript.Echo "Domain is in native mode: " & objSysInfo.IsNativeMode
List Domain Object Property Values
Retrieves the ADsPath, Class, GUID, Name, Parent, and Schema properties for a domain.
Set objDomain = GetObject("LDAP://dc=NA,dc=fabrikam,dc=com")
WScript.Echo "Ads Path:" & objDomain.ADsPath
WScript.Echo "Class:" & objDomain.Class
WScript.Echo "GUID:" & objDomain.GUID
WScript.Echo "Name:" & objDomain.Name
WScript.Echo "Parent:" & objDomain.Parent
WScript.Echo "Schema:" & objDomain.Schema
List the Names of All Objects in the Configuration Container
Retrieves the names of the first-level objects in the Configuration container.
Set objConfiguration = GetObject _
("LDAP://cn=Configuration,dc=fabrikam,dc=com")
For Each objContainer in objConfiguration
WScript.Echo objContainer.Name
Next
List the Parent Class of an Active Directory Object
Searches for all user account objects whose department attribute is Human Resources. The script then moves the user accounts that are not already in the HR OU to this OU.
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
";" & _
"(&(&(objectCategory=person)(objectClass=user)" & _
"(department=Human Resources)));" & _
"ADsPath,distinguishedName, name;subtree"
Set objRecordSet = objCommand.Execute
Set objOU = GetObject("LDAP://ou=HR,dc=NA,dc=fabrikam,dc=com")
Do Until objRecordset.EOF
strADsPath = objRecordset.Fields("ADsPath")
strDNRecord=lcase(objRecordset.Fields("distinguishedName"))
strDNCompare=lcase("cn=" & objRecordset.Fields("name") & _
",ou=HR,dc=NA,dc=fabrikam,dc=com")
If strDNRecord <> strDNCompare Then
objOU.MoveHere strADsPath, vbNullString
WScript.Echo objRecordset.Fields("distinguishedName") & " Moved."
Else
Wscript.Echo objRecordset.Fields("distinguishedName") & " Not Moved."
End If
objRecordSet.MoveNext
Loop
objConnection.Close
Use a Search to Modify Similar Active Directory Objects
Searches for all computers that begin with the letters "ATL" in a domain and any child domain, and then modifies the location attribute of all computers found.
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
";" & _
"(&(objectCategory=Computer)(cn=ATL*));" & _
"ADsPath;subtree"
Set objRecordSet = objCommand.Execute
Do Until objRecordset.EOF
strADsPath = objRecordset.Fields("ADsPath")
Set objComputer = GetObject(strADsPath)
objComputer.Put "location", "Atlanta, Georgia"
objComputer.SetInfo
objRecordSet.MoveNext
Loop
WScript.Echo objRecordSet.RecordCount & _
" computers objects modified."
objConnection.Close
Verify That an Attribute is in the Global Catalog
Determines whether or not a specified attribute (given-name) is included in the Active Directory global catalog.
strAttributeName = "cn=given-name"
Set objSchemaAttribute = GetObject _
("LDAP://" & strAttributeName & _
",cn=schema,cn=configuration,dc=fabrikam,dc=com")
blnInGC = objSchemaAttribute.Get("isMemberOfPartialAttributeSet")
If blnInGC Then
WScript.Echo "The " & strAttributeName & _
" attribute is replicated to the Global Catalog."
Else
WScript.Echo "The " & strAttributeName & _
" attribute is not replicated to the Global Catalog."
End If
Verify That an Attribute is Operational
Determines whether or not a specified attribute (Canonical-Name) is operational within Active Directory.
Const ADS_SYSTEMFLAG_ATTR_IS_CONSTRUCTED = &h00000004
strAttributeName = "cn=Canonical-Name"
Set objSchemaAttribute = GetObject _
("LDAP://" & strAttributeName & _
",cn=schema,cn=configuration,dc=fabrikam,dc=com")
intSystemFlags = objSchemaAttribute.Get("systemFlags")
If intSystemFlags AND ADS_SYSTEMFLAG_ATTR_IS_CONSTRUCTED Then
WScript.Echo strAttributeName & " is operational."
Else
WScript.Echo strAttributeName & " is not operational."
End If
Verify Whether Attributes are Indexed and-or in the Global Catalog
Determines which Active Directory attributes are indexed and which attributes are in the global catalog.
Const IS_INDEXED = 1
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.Properties("Sort On") = "isMemberOfPartialAttributeSet"
objCommand.CommandText = _
";" & _
"(objectClass=attributeSchema);" & _
"lDAPDisplayName, isMemberOfPartialAttributeSet,searchFlags;onelevel"
Set objRecordSet = objCommand.Execute
Do Until objRecordSet.EOF
WScript.Echo objRecordset.Fields("lDAPDisplayName")
If objRecordset.Fields("isMemberOfPartialAttributeSet")Then
WScript.Echo "In the global catalog."
Else
WScript.Echo "Not in the global catlog."
End If
If IS_INDEXED AND objRecordset.Fields("searchFlags") Then
WScript.Echo "Is indexed."
Else
WScript.Echo "Is not indexed."
End If
Wscript.Echo VbCrLf
objRecordSet.MoveNext
Loop
objConnection.Close