Question

任何人都可以帮助我使用Vb Script从active-directory获取给定组中给定用户的所有属性。

On Error Resume Next

Set objGroup = GetObject _
  ("LDAP://CN=Domain Admins,CN=Users,DC=IMTS,DC=TEST")
objGroup.GetInfo

arrMemberOf = objGroup.GetEx("member")

WScript.Echo "Members:"
For Each strMember in arrMemberOf
    WScript.echo strMember.distinguishedName
Next

这只给了我组中的用户，但我想要给定用户的所有属性

例如：

    Account_Expires: 
Account_Name_History: 
CS_PolicyName: 
Admin_Count: 
Admin_Description: 
Admin_DisplayName: 
AllowedAttributes: 
AllowedAttributesEffective: 
Allowed_Child_Classes: 
AllowedChildClassesEffective: 
AltSecurityIdentities: 
AttributeCertificateAttribute: 
Audio: 
Bad_Password_Time: 
Bad_Pwd_Count: 
Bridge_head_ServerListBL: 
BusinessCategory: 
C: 
canonicalName: 
carLicense: 
co:

等等谢谢

Answer 1

注意：抱歉，我不在我可以测试它的环境中，所有这些答案只是记忆练习。我希望它可以提供帮助

您可以尝试查询用户类

的LDAP架构

Set oSchema = GetObject("LDAP://schema/user")

然后，您可以迭代存储检索到的值的MandatoryProperties和OptionalProperties个集合，以便稍后检查您的用户是否有这些属性

Set oAttributesList = WScript.CreateObject("Scripting.Dictionary")
For Each strAttribute In oSchema.MandatoryProperties
    oAttributesList.Add strAttribute, ""
Next 
For Each strAttribute In oSchema.OptionalProperties
    oAttributesList.Add strAttribute, ""
Next

一旦获得完整列表，就可以使用GetEx检索（作为数组）每个用户的每个属性的值

Set objGroup = GetObject _
  ("LDAP://CN=Domain Admins,CN=Users,DC=IMTS,DC=TEST")
objGroup.GetInfo

arrMemberOf = objGroup.GetEx("member")

WScript.Echo "Members:"
For Each strMember in arrMemberOf
    Set oMember = GetObject("LDAP://" & strMember)
    For Each strAttribute in oAttributesList.Keys
        WScript.Echo strAttribute
        aData = oMember.GetEx(strAttribute)
        For i = 0 to UBound(aData)
            WScript.Echo "....: " & aData(i)
        Next 
        WScript.Echo ""
    Next
Next

如何使用VBScript从ActiveDirectory中的给定组中检索给定用户的所有属性？

1 个答案: