Scripts to manage OUs
Assigning a New Group Policy Link to an OUChanging the Manager of an OU
Clearing COM+ Attributes from a User Account
Clearing the COM+ Partition Link Set of an OU
Clearing the General Properties of an OU
Clearing the Group Policy Links Assigned to an OU
Creating an OU
Creating an OU in an Existing OU
Deleting an OU
Enumerating COM+ Partition Sets
Identifying the Owner of an OU
Modifying the COM+ Partition Set Link of an OU
Modifying the General Properties of an OU
Reading COM+ Partition Information for a Domain
Reading the COM+ Properties of an OU
Reading the Security Descriptor for an OU
Reading the System Access Control List of an OU
Removing an OU Manager
Returning the Attributes of the organizationalUnit Class
Returning the General Properties of an OU
Returning Group Policy Information for an OU
Returning Managed By Information for an OU
Returning the Properties of an OU Object
Assigning a New Group Policy Link to an OU
Assigns the Group Policy link Sales Policy to the Sales OU in Active Directory.
On Error Resume Next Set objContainer = GetObject _ ("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com") strExistingGPLink = objContainer.Get("gPLink") strGPODisplayName = "Sales Policy" strGPOLinkOptions = 2 strNewGPLink = "[" & GetGPOADsPath & ";" & strGPOLinkOptions & "]" objContainer.Put "gPLink", strExistingGPLink & strNewGPLink objContainer.Put "gPOptions", "0" objContainer.SetInfo Function GetGPOADsPath Set objConnection = CreateObject("ADODB.Connection") objConnection.Open "Provider=ADsDSOObject;" Set objCommand = CreateObject("ADODB.Command") objCommand.ActiveConnection = objConnection objCommand.CommandText = _ "<LDAP://cn=Policies,cn=System,dc=NA,dc=fabrikam,dc=com>;;" & _ "distinguishedName,displayName;onelevel" Set objRecordSet = objCommand.Execute While Not objRecordSet.EOF If objRecordSet.Fields("displayName") = strGPODisplayName Then GetGPOADsPath = "LDAP://" & objRecordSet.Fields("distinguishedName") objConnection.Close Exit Function End If objRecordSet.MoveNext Wend objConnection.Close End Function
Changing the Manager of an OU
Assigns the user account AkersKim as manager of the Sales OU in Active Directory.
Set objContainer = GetObject _ ("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com") objContainer.Put "managedBy", "cn=AkersKim,ou=Sales,dc=NA,dc=fabrikam,dc=com" objContainer.SetInfo
Clearing COM+ Attributes from a User Account
Removes all information from the msCOM-UserPartitionSetLink attribute of the MyerKen user account in Active Directory.
Const ADS_PROPERTY_CLEAR = 1 Set objUser = GetObject _ ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com") objUser.PutEx ADS_PROPERTY_CLEAR, "msCOM-UserPartitionSetLink", 0 objUser.SetInfo
Clearing the COM+ Partition Link Set of an OU
Removes the COM+ partition link set assigned to the Sales OU in Active Directory.
Const ADS_PROPERTY_CLEAR = 1 Set objContainer = GetObject _ ("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com") objContainer.PutEx ADS_PROPERTY_CLEAR, "msCOM-UserPartitionSetLink", 0 objContainer.SetInfo
Clearing the General Properties of an OU
Modifies the attribute values found on the General Properties page in Active Directory Users and Computers for an OU named Sales.
Const ADS_PROPERTY_CLEAR = 1 Set objContainer = GetObject _ ("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com") objContainer.PutEx ADS_PROPERTY_CLEAR, "description", 0 objContainer.PutEx ADS_PROPERTY_CLEAR, "street", 0 objContainer.PutEx ADS_PROPERTY_CLEAR, "l", 0 objContainer.PutEx ADS_PROPERTY_CLEAR, "st", 0 objContainer.PutEx ADS_PROPERTY_CLEAR, "postalCode", 0 objContainer.PutEx ADS_PROPERTY_CLEAR, "c", 0 objContainer.SetInfo
Clearing the Group Policy Links Assigned to an OU
Removes all the Group Policy links assigned to the Sales OU in Active Directory.
Const ADS_PROPERTY_CLEAR = 1 Set objContainer = GetObject _ ("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com") objContainer.PutEx ADS_PROPERTY_CLEAR, "gPLink", 0 objContainer.PutEx ADS_PROPERTY_CLEAR, "gPOptions", 0 objContainer.SetInfo
Creating an OU
Creates a new organizational unit within Active Directory.
Set objDomain = GetObject("LDAP://dc=fabrikam,dc=com") Set objOU = objDomain.Create("organizationalUnit", "ou=Management") objOU.SetInfo
Creating an OU in an Existing OU
Creates a new organizational unit (OU2) in an existing organizational unit (OU1).
Set objOU1 = GetObject("LDAP://ou=OU1,dc=na,dc=fabrikam,dc=com") Set objOU2 = objOU1.Create("organizationalUnit", "ou=OU2") objOU2.SetInfo
Deleting an OU
Deletes an organizational unit named HR from the hypothetical domain fabrikam.com.
Set objDomain = GetObject("LDAP://dc=fabrikam,dc=com") objDomain.Delete "organizationalUnit", "ou=hr"
Enumerating COM+ Partition Sets
Returns a list of Active Directory COM+ partition sets.
Set objCOMPartitionSets = GetObject _ ("LDAP://cn=ComPartitionSets,cn=System,dc=NA,dc=fabrikam,dc=com") For Each objPartitionSet in objCOMPartitionSets WScript.Echo objPartitionSet.Name Next
Identifying the Owner of an OU
Returns the owner of the Sales OU in Active Directory.
Set objContainer = GetObject _ ("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com") Set objNtSecurityDescriptor = objContainer.Get("ntSecurityDescriptor") WScript.Echo "Owner Tab" WScript.Echo "Current owner of this item: " & objNtSecurityDescriptor.Owner
Modifying the COM+ Partition Set Link of an OU
Assigns the COM+ partition set PartitionSet1 to the Sales OU in Active Directory.
Set objContainer = GetObject _ ("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com") objContainer.Put "msCOM-UserPartitionSetLink", _ "cn=PartitionSet1,cn=ComPartitionSets,cn=System,dc=NA,dc=fabrikam,dc=com" objContainer.SetInfo
Modifying the General Properties of an OU
Modifies the attribute values found on the General Properties page in Active Directory Users and Computers for an OU named Sales.
Const ADS_PROPERTY_UPDATE = 2 Set objContainer = GetObject _ ("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com") objContainer.Put "street", "Building 43" & vbCrLf & "One Microsoft Way" objContainer.Put "l", "Redmond" objContainer.Put "st", "Washington" objContainer.Put "postalCode", "98053" objContainer.Put "c", "US" objContainer.PutEx ADS_PROPERTY_UPDATE, _ "description", Array("Sales staff") objContainer.SetInfo
Reading COM+ Partition Information for a Domain
Returns COM+ partition information for the domain na.fabrikam.com.
Set objCOMPartitionSets = GetObject _ ("LDAP://cn=ComPartitionSets,cn=System,dc=NA,dc=fabrikam,dc=com") For Each objPartitionSet in objCOMPartitionSets WScript.Echo objPartitionSet.Name Next
Reading the COM+ Properties of an OU
Returns information about the COM+ properties configured for the Sales OU in Active Directory.
On Error Resume Next Set objContainer = GetObject _ ("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com") strMsCOMUserPartitionSetLink = objContainer.Get("msCOM-UserPartitionSetLink") WScript.Echo "ms-COMUserPartitionSetLink: " & strMsCOMUserPartitionSetLink
Reading the Security Descriptor for an OU
Returns the information found on the security descriptor for the Sales OU in Active Directory.
Const SE_DACL_PROTECTED = &H1000 Set objContainer = GetObject _ ("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com") Set objNtSecurityDescriptor = objContainer.Get("ntSecurityDescriptor") intNtSecurityDescriptorControl = objNtSecurityDescriptor.Control WScript.Echo "Permissions Tab" WScript.StdOut.WriteLine "Allow inheritable permissions from the parent to" WScript.StdOut.Write "propogate to this object and all child objects " If (intNtSecurityDescriptorControl And SE_DACL_PROTECTED) Then Wscript.Echo "is disabled." Else WScript.Echo "is enabled." End If WScript.Echo VbCr Set objDiscretionaryAcl = objNtSecurityDescriptor.DiscretionaryAcl DisplayAceInformation objDiscretionaryAcl, "DACL" Sub DisplayAceInformation(SecurityStructure, strType) Const ADS_ACETYPE_ACCESS_ALLOWED = &H0 Const ADS_ACETYPE_ACCESS_DENIED = &H1 Const ADS_ACETYPE_ACCESS_ALLOWED_OBJECT = &H5 Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6 intAceCount = 0 For Each objAce In SecurityStructure strTrustee = Mid(objAce.Trustee,1,12) If StrComp(strTrustee, "NT AUTHORITY", 1) <> 0 Then intAceCount = intAceCount + 1 WScript.Echo strType & " permission entry: " & intAceCount WScript.Echo "Name: " & objAce.Trustee intAceType = objAce.AceType If (intAceType = ADS_ACETYPE_ACCESS_ALLOWED Or _ intAceType = ADS_ACETYPE_ACCESS_ALLOWED_OBJECT) Then WScript.Echo "Type: Allow Access" ElseIf (intAceType = ADS_ACETYPE_ACCESS_DENIED Or _ intAceType = ADS_ACETYPE_ACCESS_DENIED_OBJECT) Then WScript.StdOut.Write "Type: Deny Acess" Else WScript.Echo "Acess Type Unknown." End If ReadBitsInAccessMask(objAce.AccessMask) WScript.Echo VbCr End If Next End Sub Sub ReadBitsInAccessMask(AccessMask) Const ADS_RIGHT_DELETE = &H10000 Const ADS_RIGHT_READ_CONTROL = &H20000 Const ADS_RIGHT_WRITE_DAC = &H40000 Const ADS_RIGHT_WRITE_OWNER = &H80000 Const ADS_RIGHT_DS_CREATE_CHILD = &H1 Const ADS_RIGHT_DS_DELETE_CHILD = &H2 Const ADS_RIGHT_ACTRL_DS_LIST = &H4 Const ADS_RIGHT_DS_SELF = &H8 Const ADS_RIGHT_DS_READ_PROP = &H10 Const ADS_RIGHT_DS_WRITE_PROP = &H20 Const ADS_RIGHT_DS_DELETE_TREE = &H40 Const ADS_RIGHT_DS_LIST_OBJECT = &H80 Const ADS_RIGHT_DS_CONTROL_ACCESS = &H100 WScript.Echo VbCrLf & "Standard Access Rights" If (AccessMask And ADS_RIGHT_DELETE) Then _ WScript.Echo vbTab & "-Delete an object." If (AccessMask And ADS_RIGHT_READ_CONTROL) Then _ WScript.Echo vbTab & "-Read permissions." If (AccessMask And ADS_RIGHT_WRITE_DAC) Then _ WScript.Echo vbTab & "-Write permissions." If (AccessMask And ADS_RIGHT_WRITE_OWNER) Then _ WScript.Echo vbTab & "-Modify owner." WScript.Echo VbCrLf & "Directory Service Specific Access Rights" If (AccessMask And ADS_RIGHT_DS_CREATE_CHILD) Then _ WScript.Echo vbTab & "-Create child objects." If (AccessMask And ADS_RIGHT_DS_DELETE_CHILD) Then _ WScript.Echo vbTab & "-Delete child objects." If (AccessMask And ADS_RIGHT_ACTRL_DS_LIST) Then _ WScript.Echo vbTab & "-Enumerate an object." If (AccessMask And ADS_RIGHT_DS_READ_PROP) Then _ WScript.Echo vbTab & "-Read the properties of an object." If (AccessMask And ADS_RIGHT_DS_WRITE_PROP) Then _ WScript.Echo vbTab & "-Write the properties of an object." If (AccessMask And ADS_RIGHT_DS_DELETE_TREE) Then _ WScript.Echo vbTab & "-Delete a tree of objects" If (AccessMask And ADS_RIGHT_DS_LIST_OBJECT) Then _ WScript.Echo vbTab & "-List a tree of objects." WScript.Echo VbCrLf & "Control Access Rights" If (AccessMask And ADS_RIGHT_DS_CONTROL_ACCESS) + _ (AccessMask And ADS_RIGHT_DS_SELF) = 0 Then WScript.Echo "-None" Else If (AccessMask And ADS_RIGHT_DS_CONTROL_ACCESS) Then _ WScript.Echo vbTab & "-Extended access rights." If (AccessMask And ADS_RIGHT_DS_SELF) Then WScript.Echo vbTab & "-Active Directory must validate a property " WScript.Echo vbTab & " write operation beyond the schema definition " WScript.Echo vbTab & " for the attribute." End If End If End Sub
Reading the System Access Control List of an OU
Returns information found on the System Access Control List (SACL) for the Sales OU in Active Directory.
Const SE_SACL_PROTECTED = &H2000 Const ADS_SECURITY_INFO_OWNER = &H1 Const ADS_SECURITY_INFO_GROUP = &H2 Const ADS_OPTION_SECURITY_MASK =&H3 Const ADS_SECURITY_INFO_DACL = &H4 Const ADS_SECURITY_INFO_SACL = &H8 Set objContainer = GetObject _ ("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com") objContainer.SetOption ADS_OPTION_SECURITY_MASK, ADS_SECURITY_INFO_OWNER _ Or ADS_SECURITY_INFO_GROUP Or ADS_SECURITY_INFO_DACL _ Or ADS_SECURITY_INFO_SACL Set objNtSecurityDescriptor = objContainer.Get("ntSecurityDescriptor") intNtSecurityDescriptorControl = objNtSecurityDescriptor.Control WScript.Echo "Auditing Tab" WScript.StdOut.WriteLine "Allow inheritable auditing entries from" & _ "the parent to " WScript.StdOut.Write "propogate to this object and all child objects " If (intNtSecurityDescriptorControl And SE_SACL_PROTECTED) Then Wscript.Echo "is disabled." Else WScript.Echo "is enabled." End If WScript.Echo VbCr Set objSacl = objNtSecurityDescriptor.SystemAcl DisplayAceInformation objSacl, "SACL" Sub DisplayAceInformation(SecurityStructure, strType) Const ADS_ACETYPE_SYSTEM_AUDIT = &H2 Const ADS_ACETYPE_SYSTEM_AUDIT_OBJECT = &H7 intAceCount = 0 For Each objAce In SecurityStructure strTrustee = Mid(objAce.Trustee,1,12) If StrComp(strTrustee, "NT AUTHORITY", 1) <> 0 Then intAceCount = intAceCount + 1 WScript.Echo strType & " permission entry: " & intAceCount WScript.Echo "Name: " & objAce.Trustee intAceType = objAce.AceType WScript.Echo "ACETYPE IS: " & intAceType If (intAceType = ADS_ACETYPE_SYSTEM_AUDIT or _ intAceType = ADS_ACETYPE_SYSTEM_AUDIT_OBJECT) Then WScript.StdOut.Write "Type: Success or Failure Audit" Else WScript.StdOut.Write "Audit Type Unknown." End If ReadBitsInAccessMask(objAce.AccessMask) WScript.Echo VbCr End If Next End Sub Sub ReadBitsInAccessMask(AccessMask) Const ADS_RIGHT_DELETE = &H10000 Const ADS_RIGHT_READ_CONTROL = &H20000 Const ADS_RIGHT_WRITE_DAC = &H40000 Const ADS_RIGHT_WRITE_OWNER = &H80000 Const ADS_RIGHT_DS_CREATE_CHILD = &H1 Const ADS_RIGHT_DS_DELETE_CHILD = &H2 Const ADS_RIGHT_ACTRL_DS_LIST = &H4 Const ADS_RIGHT_DS_SELF = &H8 Const ADS_RIGHT_DS_READ_PROP = &H10 Const ADS_RIGHT_DS_WRITE_PROP = &H20 Const ADS_RIGHT_DS_DELETE_TREE = &H40 Const ADS_RIGHT_DS_LIST_OBJECT = &H80 Const ADS_RIGHT_DS_CONTROL_ACCESS = &H100 WScript.Echo VbCrLf & "Standard Access Rights" If (AccessMask And ADS_RIGHT_DELETE) Then _ WScript.Echo vbTab & "-Delete an object." If (AccessMask And ADS_RIGHT_READ_CONTROL) Then _ WScript.Echo vbTab & "-Read permissions." If (AccessMask And ADS_RIGHT_WRITE_DAC) Then _ WScript.Echo vbTab & "-Write permissions." If (AccessMask And ADS_RIGHT_WRITE_OWNER) Then _ WScript.Echo vbTab & "-Modify owner." WScript.Echo VbCrLf & "Directory Service Specific Access Rights" If (AccessMask And ADS_RIGHT_DS_CREATE_CHILD) Then _ WScript.Echo vbTab & "-Create child objects." If (AccessMask And ADS_RIGHT_DS_DELETE_CHILD) Then _ WScript.Echo vbTab & "-Delete child objects." If (AccessMask And ADS_RIGHT_ACTRL_DS_LIST) Then _ WScript.Echo vbTab & "-Enumerate an object." If (AccessMask And ADS_RIGHT_DS_READ_PROP) Then _ WScript.Echo vbTab & "-Read the properties of an object." If (AccessMask And ADS_RIGHT_DS_WRITE_PROP) Then _ WScript.Echo vbTab & "-Write the properties of an object." If (AccessMask And ADS_RIGHT_DS_DELETE_TREE) Then _ WScript.Echo vbTab & "-Delete a tree of objects" If (AccessMask And ADS_RIGHT_DS_LIST_OBJECT) Then _ WScript.Echo vbTab & "-List a tree of objects." WScript.Echo VbCrLf & "Control Access Rights" If (AccessMask And ADS_RIGHT_DS_CONTROL_ACCESS) + _ (AccessMask And ADS_RIGHT_DS_SELF) = 0 Then WScript.Echo "-None" Else If (AccessMask And ADS_RIGHT_DS_CONTROL_ACCESS) Then _ WScript.Echo vbTab & "-Extended access rights." If (AccessMask And ADS_RIGHT_DS_SELF) Then WScript.Echo vbTab & "-Active Directory must validate a property " WScript.Echo vbTab & " write operation beyond the schema definition " WScript.Echo vbTab & " for the attribute." End If End If End Sub
Removing an OU Manager
Removes the manager entry for the Active Directory OU named Sales. When this group is run, the OU will no longer have an assigned manager.
Const ADS_PROPERTY_CLEAR = 1 Set objContainer = GetObject _ ("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com") objContainer.PutEx ADS_PROPERTY_CLEAR, "managedBy", 0 objContainer.SetInfo
Returning the Attributes of the organizationalUnit Class
Returns both the mandatory and optional attributes or the organizationalUnit class (as found in the Active Directory schema). This script must be run under CScript.
Set objOrganizationalUnitClass = _ GetObject("LDAP://schema/organizationalUnit") Set objSchemaClass = GetObject(objOrganizationalUnitClass.Parent) i = 0 WScript.Echo "Mandatory attributes:" For Each strAttribute in objOrganizationalUnitClass.MandatoryProperties i= i + 1 WScript.StdOut.Write i & vbTab & strAttribute Set objAttribute = objSchemaClass.GetObject("Property", strAttribute) WScript.StdOut.Write " (Syntax: " & objAttribute.Syntax & ")" If objAttribute.MultiValued Then WScript.Echo " Multivalued" Else WScript.Echo " Single-valued" End If Next WScript.Echo VbCrLf & "Optional attributes:" For Each strAttribute in objOrganizationalUnitClass.OptionalProperties i= i + 1 WScript.StdOut.Write i & vbTab & strAttribute Set objAttribute = objSchemaClass.GetObject("Property", strAttribute) WScript.StdOut.Write " [Syntax: " & objAttribute.Syntax & "]" If objAttribute.MultiValued Then WScript.Echo " Multivalued" Else WScript.Echo " Single-valued" End If Next
Returning the General Properties of an OU
Returns information found on the General Properties page in Active Directory Users and Computers for an OU named Sales.
On Error Resume Next Set objContainer = GetObject _ ("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com") strStreetAddress = objContainer.Get("street") strLocalityName = objContainer.Get("l") strStreetName = objContainer.Get("st") strPostalCode = objContainer.Get("postalCode") strCountryName = objContainer.Get("c") strDescription = objContainer.GetEx("description") For Each strValue in strDescription WScript.echo "description: " & strValue Next WScript.echo "streetAddress: " & strStreetAddress WScript.echo "l: " & strLocalityName WScript.echo "st: " & strStreetName WScript.echo "postalCode: " & strPostalCode WScript.echo "c: " & strCountryName
Returning Group Policy Information for an OU
Returns the values found on the Group Policy page in Active Directory Users and Computers for the Sales OU.
On Error Resume Next Set objContainer = GetObject _ ("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com") strGpLink = objContainer.Get("gPLink") intGpOptions = objContainer.Get("gPOptions") If strGpLink <> " " Then arrGpLinkItems = Split(strGpLink,"]") For i = UBound(arrGPLinkItems) to LBound(arrGpLinkItems) + 1 Step -1 arrGPLink = Split(arrGpLinkItems(i-1),";") strDNGPLink = Mid(arrGPLink(0),9) WScript.Echo GetGPOName Select Case arrGPLink(1) Case 0 WScript.Echo "No Override is cleared and the GPO is enabled." Case 1 WScript.Echo "No Override is cleared and the GPO is disabled." Case 2 WScript.Echo "No Override is checked and the GPO is enabled." Case 3 WScript.Echo "No Override is checked and the GPO is disabled." End Select Next WScript.Echo VbCrLf End If If intGpOptions = 1 Then WScript.Echo "Block Policy Inheritance is checked." Else WScript.Echo "Block Policy Inheritance is not checked." End If Function GetGPOName Set objConnection = CreateObject("ADODB.Connection") objConnection.Open "Provider=ADsDSOObject;" Set objCommand = CreateObject("ADODB.Command") objCommand.ActiveConnection = objConnection objCommand.CommandText = _ "<LDAP://cn=Policies,cn=System,dc=NA,dc=fabrikam,dc=com>;;" & _ "distinguishedName,displayName;onelevel" Set objRecordSet = objCommand.Execute While Not objRecordSet.EOF If objRecordSet.Fields("distinguishedName") = strDNGPLink Then GetGPOName = objRecordSet.Fields("displayName") objConnection.Close Exit Function End If objRecordSet.MoveNext Wend objConnection.Close End Function
Returning Managed By Information for an OU
Returns information about the account assigned as managed of the Sales OU in Active Directory.
On Error Resume Next Set objContainer = GetObject _ ("LDAP://ou=Sales,dc=NA,dc=fabrikam,dc=com") strManagedBy = objContainer.Get("managedBy") If IsEmpty(strManagedBy) = TRUE Then WScript.Echo "No user account is assigned to manage " & _ "this OU." Else Set objUser = GetObject("LDAP://" & strManagedBy) strPhysicalDeliveryOfficeName = _ objUser.Get("physicalDeliveryOfficeName") strStreetAddress = objUser.Get("streetAddress") strLocalityName = objUser.Get("l") strStateProvince = objUser.Get("st") strCountryName = objUser.Get("c") strTelephoneNumber = objUser.Get("telephoneNumber") strFacsimileTelephoneNumber = _ objUser.Get("facsimileTelephoneNumber") WScript.Echo "managedBy: " & strManagedBy WScript.echo "physicalDeliveryOfficeName: " & _ strPhysicalDeliveryOfficeName WScript.echo "streetAddress: " & strStreetAddress WScript.echo "l: " & strLocalityName WScript.echo "state/province: " & strStateProvince WScript.echo "c: " & strCountryName WScript.echo "telephoneNumber: " & strTelephoneNumber WScript.echo "facsimileTelephoneNumber: " & _ strFacsimileTelephoneNumber End If
Returning the Properties of an OU Object
Returns information found on the Object page in Active Directory Users and Computers for the Sales OU.
Set objContainer = GetObject _ ("GC://ou=Sales,dc=NA,dc=fabrikam,dc=com") strWhenCreated = objContainer.Get("whenCreated") strWhenChanged = objContainer.Get("whenChanged") Set objUSNChanged = objContainer.Get("uSNChanged") dblUSNChanged = _ Abs(objUSNChanged.HighPart * 2^32 + objUSNChanged.LowPart) Set objUSNCreated = objContainer.Get("uSNCreated") dblUSNCreated = _ Abs(objUSNCreated.HighPart * 2^32 + objUSNCreated.LowPart) objContainer.GetInfoEx Array("canonicalName"), 0 arrCanonicalName = objContainer.GetEx("canonicalName") WScript.echo "CanonicalName of object:" For Each strValue in arrCanonicalName WScript.echo vbTab & strValue Next WScript.Echo vbCr WScript.Echo "Object class: " & objContainer.Class & vbCrLf WScript.echo "whenCreated: " & strWhenCreated & " (Created - GMT)" WScript.echo "whenChanged: " & strWhenChanged & " (Modified - GMT)" WScript.Echo VbCrLf WScript.Echo "uSNChanged: " & dblUSNChanged & " (USN Current)" WScript.Echo "uSNCreated: " & dblUSNCreated & " (USN Original)"