使用VBScript查询Active Directory

时间:2009-07-07 04:17:46

标签: asp-classic vbscript active-directory

我想使用VBScript(经典ASP)查询Active Directory。 我怎么能做到这一点?

3 个答案:

答案 0 :(得分:6)

要查看OU的所有成员,请尝试此操作...

Set objOU = GetObject("LDAP://OU=YourOU,DC=YourDomain,DC=com")
For each objMember in ObjOU  ' get all the members'

    ' do something'

Next

要自定义搜索DN,请尝试此操作...

set conn = createobject("ADODB.Connection")
Set iAdRootDSE = GetObject("LDAP://RootDSE")
strDefaultNamingContext = iAdRootDSE.Get("defaultNamingContext")
Conn.Provider = "ADsDSOObject"
Conn.Open "ADs Provider"

strQueryDL = "<LDAP://" & strDefaultNamingContext & ">;(&(objectCategory=person)(objectClass=user));distinguishedName,adspath;subtree"
set objCmd = createobject("ADODB.Command")
objCmd.ActiveConnection = Conn
objCmd.Properties("SearchScope") = 2 ' we want to search everything
objCmd.Properties("Page Size") = 500 ' and we want our records in lots of 500 

objCmd.CommandText = strQueryDL
Set objRs = objCmd.Execute

While Not objRS.eof

    ' do something with objRS.Fields("distinguishedName")'
    objRS.MoveNext
Wend

答案 1 :(得分:1)

我必须通过oldskool用户名查询WinAD,此.vbs脚本会打印用户帐户。

  • 通过sAMAccountname查找,使用* wildcard
  • 从每个用户对象打印少数属性
  • 使用AccountType过滤器最优化的迭代AD用户对象的方式

测试脚本首先通过完全限定的字符串获取用户对象,这只是一个例子。第二部分通过smith * filter进行实际查询。

<强> WinADSearch.vbs

' c:> cscript -nologo script.vbs
' c:> wscript script.vbs
' http://msdn.microsoft.com/en-us/library/d6dw7aeh%28v=vs.85%29.aspx

' WindowsAD queries
' http://www.kouti.com/tables/userattributes.htm

Option Explicit
'On Error Resume Next

Dim StdOut: Set StdOut = WScript.StdOut

Dim objUser
Set objUser = GetObject("LDAP://CN=Firstname Lastname,OU=Internal Users,OU=MyCompany,OU=Boston,OU=Root,DC=REGION1,DC=COM")
println(objUser.givenName & " " & objUser.middleName & " " & objUser.lastName) 
println("name=" & objUser.name)
println("displayName=" & objUser.displayName)
println("userPrincipalName=" & objUser.userPrincipalName)
println("sAMAccountName=" & objUser.sAMAccountName)
println("distinguishedName=" & objUser.distinguishedName)


println("")
Dim conn, strQueryDL, strAttrs, objCmd, objRs, idx

set conn = createobject("ADODB.Connection")
conn.Provider = "ADsDSOObject"
conn.Open "ADs Provider"

strAttrs = "sAMAccountName,displayName,distinguishedName" ' get attributes

'strQueryDL = "<LDAP://dc=REGION1,dc=COM>;(& (objectCategory=person) );" & strAttrs & ";SubTree"
'strQueryDL = "<LDAP://dc=REGION1,dc=COM>;(& (objectCategory=person)(objectClass=user) );" & strAttrs & ";SubTree"    
'strQueryDL = "<LDAP://dc=REGION1,dc=COM>;(& (objectCategory=person)(objectClass=user)(sAMAccountName=smith*) );" & strAttrs & ";SubTree"

strQueryDL = "<LDAP://dc=REGION1,dc=COM>;(& (samAccountType=805306368)(sAMAccountName=smith*) );" & strAttrs & ";SubTree"

set objCmd = createobject("ADODB.Command")
objCmd.ActiveConnection = Conn
objCmd.Properties("SearchScope") = 2 ' search everything
objCmd.Properties("Page Size") = 100 ' bulk operation

objCmd.CommandText = strQueryDL
println(objCmd.CommandText)
Set objRs = objCmd.Execute
idx=0
do while Not objRS.eof
  idx=idx+1
  println( objRs.Fields("sAMAccountName") & " / " & objRs.Fields("displayName") & " / " & objRs.Fields("distinguishedName") )
  if (idx>5) then exit do
  objRS.MoveNext
loop
objRs.Close
Conn.close
set objRs = Nothing
set conn = Nothing
println("end")


'********************************************************************
Sub println(ByVal str) 
    If (StdOut Is Nothing) Then Exit Sub
    StdOut.WriteLine str
End Sub

答案 2 :(得分:0)

您想使用Active Directory Service Interfaces (ADSI)

ADSI Scripting Primer是开始学习和寻找示例的好地方。 (顺便说一句,这些链接指的是Windows 2000,但也适用于后续版本的Windows。)