Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

VBScript -- Getting WinNT Domain account information

332 views
Skip to first unread message

Anthony

unread,
Oct 31, 2002, 11:21:01 PM10/31/02
to
trying to do this in a WINNT 4.0 domain... we don't have AD ... so the
following isn't working :

I actually just want all the users properties.. only through vbscript.. at a
commandprompt I would type the followingto get the information I am looking
for.. so is there another way besides reading and parsing this information?
(That's what I am about to do Alex/if your reading...with your cmdshell
function...)

c:\>net user myuserid /domain

--------- From the SysAdminScriptingGuide 1.1 --------------
Const MIN_IN_DAY = 1440, SEC_IN_MIN = 60

Set objDomain = GetObject("WinNT://fabrikam")
Set objAdS = GetObject("LDAP://dc=fabrikam,dc=com")

intMaxPwdAgeSeconds = objDomain.Get("MaxPasswordAge")
intMinPwdAgeSeconds = objDomain.Get("MinPasswordAge")
intLockOutObservationWindowSeconds =
objDomain.Get("LockoutObservationInterval")
intLockoutDurationSeconds = objDomain.Get("AutoUnlockInterval")
intMinPwdLength = objAds.Get("minPwdLength")

intPwdHistoryLength = objAds.Get("pwdHistoryLength")
intPwdProperties = objAds.Get("pwdProperties")
intLockoutThreshold = objAds.Get("lockoutThreshold")
intMaxPwdAgeDays = _
((intMaxPwdAgeSeconds/SEC_IN_MIN)/MIN_IN_DAY) & " days"
intMinPwdAgeDays = _
((intMinPwdAgeSeconds/SEC_IN_MIN)/MIN_IN_DAY) & " days"
intLockOutObservationWindowMinutes = _
(intLockOutObservationWindowSeconds/SEC_IN_MIN) & " minutes"

If intLockoutDurationSeconds <> -1 Then
intLockoutDurationMinutes = _
(intLockOutDurationSeconds/SEC_IN_MIN) & " minutes"
Else
intLockoutDurationMinutes = _
"Administrator must manually unlock locked accounts"
End If

WScript.echo "maxPwdAge = " & intMaxPwdAgeDays
WScript.echo "minPwdAge = " & intMinPwdAgeDays
WScript.echo "minPwdLength = " & intMinPwdLength
WScript.echo "pwdHistoryLength = " & intPwdHistoryLength
WScript.echo "pwdProperties = " & intPwdProperties
WScript.echo "lockOutThreshold = " & intLockoutThreshold
WScript.echo "lockOutObservationWindow = " &
intLockOutObservationWindowMinutes
WScript.echo "lockOutDuration = " & intLockoutDurationMinutes


Alex K. Angelopoulos (MVP)

unread,
Nov 2, 2002, 3:59:27 PM11/2/02
to
Anthony,

the AD functions were written for this purpose - since it is such a pain to get
the info from script.

Two possibilities come to mind besides just parsing the net user output:

(1) Install the NT ADSI extensions on a DC so you CAN use a script to get the
info.

(2) Write or acquire a custom component to do it. The APIs are fairly simple.
This is probably not realistic at this point for you, so I would lean towards
#1.

In news:UzKdnRZHxZX...@comcast.com,
Anthony typed:

--
Please respond in the newsgroup so everyone may benefit.
http://dev.remotenetworktechnology.com
----------
Subscribe to Microsoft's Security Bulletins:
http://www.microsoft.com/technet/security/bulletin/notify.asp

Torgeir Bakken (MVP)

unread,
Nov 2, 2002, 4:07:43 PM11/2/02
to
"Alex K. Angelopoulos (MVP)" wrote:

> the AD functions were written for this purpose - since it is such a pain to get
> the info from script.
>
> Two possibilities come to mind besides just parsing the net user output:
>
> (1) Install the NT ADSI extensions on a DC so you CAN use a script to get the
> info.

Shouldn't it be sufficient to install the ADSI extensions only on the computer
running the script, DC or not?

--
torgeir
Microsoft MVP Scripting and WMI
Porsgrunn Norway


Anthony

unread,
Nov 2, 2002, 4:21:19 PM11/2/02
to
Yes, this worked I've gotten most of the user properties through adsi
calls... of course in the docuementation it is leaning towards AD I figured
out which ones worked for an nt domain and got just about all of the
properties I needed.

Thank you for your help.

--
Anthony B
------------------------
O'Toole's Commentary: Murphy was an optimist.

"Torgeir Bakken (MVP)" <Torgeir.B...@hydro.com> wrote in message
news:3DC43E9F...@hydro.com...

Alex K. Angelopoulos (MVP)

unread,
Nov 2, 2002, 4:31:16 PM11/2/02
to
Ah - I didn't know about that... I guess it does drill down to the local
netapi32 functionality instead of trying to connect to a DC directly.

In news:3DC43E9F...@hydro.com,
Torgeir Bakken (MVP) typed:


> "Alex K. Angelopoulos (MVP)" wrote:
>
>> the AD functions were written for this purpose - since it is such a
>> pain to get the info from script.
>>
>> Two possibilities come to mind besides just parsing the net user
>> output:
>>
>> (1) Install the NT ADSI extensions on a DC so you CAN use a script
>> to get the info.
>
> Shouldn't it be sufficient to install the ADSI extensions only on the
> computer running the script, DC or not?

--

0 new messages