Error while trying to access AD
JC
Active Directory and all I'm getting is the name of the domain. Does anyone
know what I'm doing wrong?
Thank you.
------- Start Code -----------------
<%@ Language=VBScript %>
<html>
<head>
<meta name="GENERATOR" Content="Microsoft Visual Studio 6.0">
<title>ADSI Domain browser</title>
</head>
<body>
<%
sDomain = Request("Domain")
sComputer = Request("Computer")
sGroup = Request("Group")
sUser = Request("User")
if len(trim(sUser)) > 0 then
Set objGroup = GetObject("WinNT://" & sDomain & "/" & sComputer & "/" &
sUser)
For Each objUser In objGroup.Groups
Response.Write objUser.Name & "<br>" & vbCrLf
Next
Response.Write "</table><p><a href=adsi.asp?Domain=" & sDomain &
"&Computer=" & sComputer & ">Back to " & sComputer & "</a></p>"
elseif len(trim(sGroup)) > 0 then
Set objGroup = GetObject("WinNT://" & sDomain & "/" & sComputer & "/" &
sGroup)
For Each objUser In objGroup.Members
Response.Write objUser.Name & "<br>" & vbCrLf
Next
Response.Write "</table><p><a href=adsi.asp?Domain=" & sDomain &
"&Computer=" & sComputer & ">Back to " & sComputer & "</a></p>"
elseif len(trim(sComputer)) > 0 then
Set objComputer = GetObject("WinNT://" & sDomain & "/" & sComputer)
Response.Write "<table border=0>"
For Each objObject In objComputer
if strcomp(objObject.Class, "group", 1) = 0 then
Response.Write "<tr><td>" & objObject.Class & "</td><td> <a
href=adsi.asp?Domain=" & sDomain & "&Computer=" & sComputer & "&Group=" &
objObject.Name & ">" & objObject.Name & "</a></td></tr>" & vbCrLf
elseif strcomp(objObject.Class, "user", 1) = 0 then
Response.Write "<tr><td>" & objObject.Class & "</td><td> <a
href=adsi.asp?Domain=" & sDomain & "&Computer=" & sComputer & "&User=" &
objObject.Name & ">" & objObject.Name & "</a></td></tr>" & vbCrLf
else
Response.Write "<tr><td>" & objObject.Class & "</td><td> " &
objObject.Name & "</td></tr>" & vbCrLf
end if
Next
Response.Write "</table><p><a href=adsi.asp?Domain=" & sDomain & ">Back to
" & sDomain & "</a></p>"
elseif len(trim(sDomain)) > 0 then
Set objDomain = GetObject("WinNT://" & sDomain)
For Each objComputer In objDomain
if strcomp(objComputer.Class, "computer", 1) = 0 then
Response.Write "<a href=adsi.asp?domain=" & sDomain & "&computer=" &
objComputer.Name & ">" & objComputer.Name & "<br>"
end if
Next
Response.Write "<p><a href=adsi.asp>Back to domain list</a></p>"
else
Set objWinNT = GetObject("WinNT:")
For Each objDomain In objWinNT
if strcomp(objDomain.Class, "domain", 1) = 0 then
Response.Write "<a href=adsi.asp?domain=" & objDomain.Name & ">" &
objDomain.Name & "<br>"
end if
Next
end if
%>
</body>
</html>
--------------End code ----------------------
Richard Mueller
Here is my best guess what the code you posted does.
If sUser has a value
Bind to user object on the computer (not the domain)
Enumerate groups user belongs to
Else if sGroup has a value
Bind to group object on the computer (not the domain)
Enumerate members of the group
Else if sComputer has a value
Bind to the computer object
List groups and users on the computer (not the domain)
Else if sDomain has a value
Bind to the domain
List all computer objects in the domain
Else list all domains.
Computers in the domain are only listed if sUser, sGroup,
and sComputer do not have values. Nowhere do I see the
code enumerate users in the domain, but you could alter it
to list the users instead of the computers in the domain.
To do this, replace the statement
If strcomp(objComputer.Class, "computer", 1) = 0 Then
with
If strcomp(objComputer.Class, "user", 1) = 0 Then
Or, remove the If statement (and it's corresponding End
If) to list all objects in the domain - users, computers,
and groups. Or, you could filter on class user. For example
Set objDomain = GetObject("WinNT://" & sDomain)
objDomain.Filter = Array("user")
For Each objUser In objDomain
Response.Write objUser.Name
Next
Richard
http://www.rlmueller.net
>.
>
JC
of WinNT and nothing happens (using the same code but changing WinNT to
LDAP) would you happen to know why?
Regards,
JC
"Richard Mueller" <RLMu...@ameritech.net> wrote in message
news:082401c30937$5f911220$3301...@phx.gbl...
Richard Mueller
I'm glad your code works now.
LDAP is preferred over WinNT because it is more efficient
and exposes more attributes. However the binding string is
different, which can cause a lot of confusion. For WinNT,
you use something like:
Set objUser = GetObject("WinNT://MyDomain/TestUser,user")
where "MyDomain" is the NetBIOS domain name and "TestUser"
is the NT name of the user (also called the "Pre-Windows
2000 logon name", or the "sAMAccountName"). To bind to the
same user with LDAP, you might use:
Set objUser = _
GetObject("LDAP://cn=Smith,ou=Sales,dc=MyDomain,dc=com")
where "Smith" is the Common Name (cn) of the user.
Sometimes the cn and sAMAccountName attributes are the
same, but often they are not, as in my example. The DNS
domain name above is "MyDomain.com". cn is "Common Name",
ou is "Organizational Unit", and dc is "Domain Component".
The first dc is usually the NetBIOS domain name, as in my
example, but this is not always the case - it can be
different.
I know this can get confusing, but it is worth
understanding since LDAP can do much more. There are ways
to convert between the two worlds, using the NameTranslate
object for example.
One big difference is that the WinNT namespace is flat -
no heirarchy. It is blind to OU's (and nested groups).
That makes your task of enumerating users in the domain
simpler with WinNT, since all users are just in the
domain - you don't have to worry about containers or OU's.
With LDAP, you must either recusively enumerate containers
and OU's, or use ADO to search for objects. A recursive
search for users could be done with this VBScript code:
Option Explicit
Dim objRootDSE, strDNSDomain, objDomain
' Retrieve DNS domain name from RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
' Bind to the domain.
Set objDomain = GetObject("LDAP://" & strDNSDomain)
' Enumerate all users in domain.
Call EnumContainer(objDomain, "")
Sub EnumContainer(objContainer, strOffset)
' Recursive subroutine to enumerate users in
' containers and OU's.
Dim objUser, objChildContainer
' Output container or OU name (optional).
Wscript.Echo strOffset & objContainer.Name
' Filter on user objects in container.
' Computer objects included. If sAMAccountName ends
' with "$", object is a computer, so skip it.
objContainer.Filter = Array("user")
For Each objUser In objContainer
If Right(objUser.sAMAccountName, 1) <> "$" Then
Wscript.Echo strOffset & "> " & objUser.cn & " ; " _
& objUser.sAMAccountName & " ; " _
& objUser.distinguishedName
End If
Next
' Repeat for all child containers and OU's,
' except built-in and system.
objContainer.Filter = _
Array("container","organizationalUnit")
For Each objChildContainer In objContainer
If UCase(objChild.Name) <> "CN=SYSTEM" Then
Call EnumContainer(objChildContainer, "--" _
& strOffset)
End If
Next
End Sub
An example of finding all users using ADO is at this link:
http://www.rlmueller.net/Create%20User%20List%202.htm
In both cases, the VBScript programs are designed to be
run at a command prompt using the cscript host (since the
output can be large). The output can be re-directed to a
text file. In the first example the code outputs
three "names" for each user, so you can see the difference.
>.
>
Richard Mueller
Sorry, a typo in the code I posted. The line:
If UCase(objChild.Name) <> "CN=SYSTEM" Then
should be:
If UCase(objChildContainer.Name) <> "CN=SYSTEM" Then
>.
>