有什么方法可以从对ADO Command查询的响应中获取列列表?

时间:2019-04-08 11:13:21

标签: vbscript active-directory ldap ado

我正在尝试使用VBscript获得Active Directory(AD)用户列表(以及相关信息)。 问题是我不知道如何获取已接收列的完整列表。

我试图(通过使用Visual Studio 2017的调试器)查看响应(对象“ objUser”)内部是什么,但是调试器仅显示点。

主要设置:

Set objCommand = CreateObject("ADODB.Command")

strQuery = "<LDAP://" + strDNSDomain + ">;(&(&(objectCategory=person)(objectSid=*)(!samAccountType:1.2.840.113556.1.4.804:=3)));objectGUID;subtree"
objCommand.CommandText = strQuery

Set objRecordSet = objCommand.Execute

循环处理

Do Until objRecordSet.EOF
    strLine = ""

    arrbytGuid = objRecordSet.Fields("objectGUID")
    strDN = "<GUID=" + OctetToHexStr(arrbytGuid) + ">"
    Set objUser = GetObject("LDAP://" & strDN)

    If (Not IsNull(objUser.SAMAccountName)) Then
        strLine = CStr(objUser.SAMAccountName)
    End If

    objRecordSet.MoveNext
Loop

我想了解“ objUser”中除“ SAMAccountName”之外还有哪些其他列。

1 个答案:

答案 0 :(得分:1)

It's important to note you are making an extra network request where you don't need to. I'll discuss the search first.

All the field names that you get back in the search are in objRecordSet.Fields. You only see objectGUID because that's all you asked for.

The ;objectGUID; in your query is where you list (comma-separated) the attributes you want returned.

The extra network request happens after this:

Set objUser = GetObject("LDAP://" & strDN)

You are binding to the object directly, just for the purpose of reading attributes. More specifically, once you access a property (objUser.SAMAccountName) it goes out to AD and loads the attributes. And the same principal applies here: if you don't specifically tell it which attributes you are going to want, it will load every attribute with a value. This will slow down your loop and you don't need to do it, since you can read everything you need to read from your search.

Instead, get the search to return everything you need. If you need sAMAccountName too, add it: ;objectGUID,sAMAccountName;.

The only reason to bind directly to an object after a search is if you need to update it.

But to specifically answer the question you asked, this is how you can see which attributes an object has after binding directly to it using GetObject():

Set objUser = GetObject("LDAP://" & strDN)
objUser.GetInfo() 'Retrieve all attributes with a value

For I = 0 To objUser.PropertyCount - 1
   Set pEntry = objUser.Item(I)
   Wscript.Echo pEntry.Name
Next
相关问题
最新问题