在Active Directory中,有一个名为“拨入”的选项卡,在该选项卡下是一个带有三个设置的单选按钮控件:
Allow Access
Deny Access
Control access through remote access policy
我想编写一个VBScript来获取用户名,然后返回该用户的设置。 (我实际上正在修改现有的VBScript,这就是我被迫使用该工具的原因)。
最好的方法是什么?
答案 0 :(得分:2)
这是我能够提出的最佳解决方案。可以很容易地修改它以输出所有用户的设置。
Main
Function Main
'Usage: cscript /nologo lookup.vbs mydomain username
Wscript.Echo CanDialIn(Wscript.Arguments(0), Wscript.Arguments(1))
Main = 0
End Function
Function CanDialIn(domainname, username)
'Take a user name and query whether they have permission to Dial in or not
'http://www.microsoft.com/technet/scriptcenter/resources/qanda/aug05/hey0825.mspx
Const ADS_SCOPE_SUBTREE = 2
Dim objConnection
Dim objCommand
Dim objRecordSet
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
'Three possible values for msNPAllowDialin:
'TRUE = "Allow Access"
'FALSE = "Deny Access"
'EMPTY = "Control access through remote access policy"
objCommand.CommandText = _
"SELECT msNPAllowDialin FROM 'LDAP://dc=" & domainname & ",dc=com' WHERE objectCategory='user' AND sAMAccountName = '" & username & "'"
On Error Resume Next
Set objRecordSet = objCommand.Execute
if objRecordSet.EOF then
CanDialIn = "Could not find user " & username
else
if objRecordSet.Fields("msNPAllowDialin").Value = True then
CanDialIn = "Allow"
else
if objRecordSet.Fields("msNPAllowDialin").Value = False then
CanDialIn = "Deny"
else
CanDialIn = "Control"
end if
end if
end if
End Function