Searching Active Directory with ADSI and VBScript
When I’m looking for something in the Active Directory I don’t want to spend 30 seconds clicking [+] boxes to expand trees and manually look for a user or computer object so I created this script to do the job of finding it for me and telling me exactly where I have to go to find it.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 |
'========================================================================== ' ' NAME: search_ad.vbs ' ' AUTHOR: Lewis Roberts ' ' COMMENT: Returns the full canonical name of an LDAP source if found in ' the Active Directory. You can search for anything that would ' be found in Active Directory. ' '========================================================================== On Error Resume Next ADSRoot = "DC=domain,DC=co,DC=uk" Const ADS_SCOPE_SUBTREE = 2 Set objConnection = CreateObject("ADODB.Connection") Set objCommand = CreateObject("ADODB.Command") objConnection.Provider = "ADsDSOObject" objConnection.Open "Active Directory Provider" Set objCommand.ActiveConnection = objConnection objCommand.Properties("Page Size") = 1000 objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE objCommand.CommandText = _ "SELECT * FROM 'LDAP://" & ADSRoot & "' WHERE objectCategory='user' OR objectCategory='computer'" srchTrm = LCase(InputBox("Please enter your search term.", "Active Directory Search")) i = 0 If Len(srchTrm) < 4 or Instr(srchTrm, "=") Then WScript.Echo "Please enter a search term in excess of 3 characters. Don't use ""=""" WScript.Quit End If Set objRecordSet = objCommand.Execute objRecordSet.MoveFirst Do Until objRecordSet.EOF strADPath = LCase(objRecordSet.Fields("adsPath").Value) If InStr(strADPath, srchTrm) Then Set objUser = GetObject(objRecordSet.Fields("adsPath").Value) Select Case objUser.Class Case "user" strMsg = "Type: Person" & VbCrLf strMsg = strMsg & "Name: " & objUser.DisplayName & VbCrLf strMsg = strMsg & "Email: " & objUser.mail & VbCrLf strMsg = strMsg & "Telephone: " & objUser.telephoneNumber & VbCrLf strMsg = strMsg & "Department: " & objUser.department & VbCrLf strMsg = strMsg & "Title: " & objUser.title & VbCrLf Case "computer" strMsg = "Type: Computer" & VbCrLf strMsg = strMsg & "Name: " & objUser.Get("name") & VbCrLf strMsg = strMsg & "OS: " & objUser.operatingSystem & VbCrLf Case Else strMsg = "Unidentified" & VbCrLf End Select 'strMsg = strMsg & "LDAP: " & objUser.adsPath & VbCrLf objUser.GetInfoEx Array("canonicalName"), 0 strMsg = strMsg & "AD Path: " & objUser.canonicalName WScript.Echo strMsg & VbCrLf i = i + 1 End If objRecordSet.MoveNext Loop If Not i > 0 Then WScript.Echo "No results found." End If |
Rather than explicitly referencing your domain root, you can use the following:
Set objRootDSE = GetObject(“LDAP://RootDSE”)
ADSRoot = objRootDSE.Get(“rootDomainNamingContext”)
Thanks Gary, I remember writing this as I was still exploring VBScript and you’re absolutely right, that would make the script instantly portable to other domains.
Awesome script….
important script……!
Thanks