Searching Active Directory (VBScript)

Posted on Fri 30th September, 2005 by Lewis

If, like me, you have been left irritated by the search function in Active Directory Users and Computers simply not telling you WHERE a particular user or computer actually is, simply use this bit of code. It allows you to search through AD for users or computers and returns a list of what it finds and the FULL canonical name so you can actually find the damned thing.

You could of course expand this script to perform user modifications such as resetting passwords, without the need to use the AD MMC console.

Click the link to see the script. 

'==========================================================================
'
' NAME: search_ad.vbs
'
' AUTHOR: Lewis Roberts
' DATE  : 30/09/2005
'
' COMMENT:   Returns the full canonical name of an LDAP source if found in
'      the Active Directory. You can search for anything that would
'      be found in Active Directory.
'
'==========================================================================

On Error Resume Next

ADSRoot = "DC=domain,DC=co,DC=uk"

Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

objCommand.CommandText = _
"SELECT * FROM 'LDAP://" & ADSRoot & "' WHERE objectCategory='user' OR objectCategory='computer'"

srchTrm = LCase(InputBox("Please enter your search term.", "Active Directory Search"))
i = 0

If Len(srchTrm) < 4 or Instr(srchTrm, "=") Then
  WScript.Echo "Please enter a search term in excess of 3 characters and don't use ""="""
  WScript.Quit
End If

Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst

Do Until objRecordSet.EOF
  strADPath = LCase(objRecordSet.Fields("adsPath").Value)
  
  If InStr(strADPath, srchTrm) Then
    Set objUser = GetObject(objRecordSet.Fields("adsPath").Value)
        
    Select Case objUser.Class
      Case "user"
        strMsg = "Type: Person" & VbCrLf
        strMsg = strMsg & "Name: " & objUser.DisplayName & VbCrLf
        strMsg = strMsg & "Email: " & objUser.mail & VbCrLf
        strMsg = strMsg & "Telephone: " & objUser.telephoneNumber & VbCrLf
      Case "computer"
        strMsg = "Type: Computer" & VbCrLf
        strMsg = strMsg & "Name: " & objUser.Get("name") & VbCrLf
        strMsg = strMsg & "OS: " & objUser.operatingSystem & VbCrLf
      Case Else
        strMsg = "Unidentified" & VbCrLf
    End Select
    strMsg = strMsg & "LDAP: " & objUser.adsPath
    WScript.Echo strMsg & VbCrLf 
    i = i + 1
  End If
  objRecordSet.MoveNext
Loop

If Not i > 0 Then
  WScript.Echo "No results found."
End If

This entry was posted in Scripting. Bookmark the permalink.

One Response to Searching Active Directory (VBScript)

  1. LJR says:
    Fri 30th September, 2005 at 20:11

    Line 35 should say less than or equal to 3 but because of the way the code commenter works I’ve had to alter it.

    Sorry about this folks!

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>