Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Active Directory Scripting!

118 views
Skip to first unread message

Pilot

unread,
Mar 27, 2007, 4:19:44 AM3/27/07
to
Hello;

is that possible to create a script to do the following:

1- when a new user is created in active directory the script dump the
usernames and the OU where the user is created to a file?


Please help.


Richard Mueller [MVP]

unread,
Mar 27, 2007, 9:29:54 PM3/27/07
to
Pilot wrote:

One idea is to use the whenCreated attribute to find new users created since
a given date. Best would be to save the last date, perhaps in a file, then
update the date in the file each time the program runs. The program would
document all users created since the date. The uSNCreated attribute should
not be used because it is not replicated (you would have to query every DC
in the domain). Unfortunately, whenCreated is formated as Generalized time.
An ADO query must specify the date in the format YYYYMMDDHHMMSS.0Z, for
example 20070325142309.0Z (March 25, 2007 at 2:23:09 PM in UTC). But ADO
retrieves the date in normal date format, for example 3/25/2007 2:23:09 PM.
We need to retain the largest date retrieved, but convert to the generalized
date format when we query AD for all users created since the last date. The
function DateToGeneralized below does this conversion.

The VBScript program below is an example of how to do this. It maintains the
last creation date in a file, and documents all users created since the last
date in another report file. You would run the script periodically to
document all users created since the program was last run. You could
schedule the program, but it might be better to run it manually as needed,
since as written it overwrites the previous report. In the program below I
document the NT name of the new users (the "pre-Windows 2000 logon name"),
the creation date (in UTC), and the Distinguished Name. The Distinguished
Name includes the OU information. You could modify this to document other
attributes.
============
Option Explicit

Dim objRootDSE, strDNSDomain, adoConnection
Dim strBase, strFilter, strAttributes, strQuery, adoRecordset
Dim strNTName, strDN, strWhenCreated, strLastCreated, strCreated
Dim strLastDateFile, objFSO, objDateFile, strOutputFile, objOutput

Const ForReading = 1
Const ForWriting = 2
Const OpenAsASCII = 0
Const CreateIfNotExist = True

' Specify file where last user creation date (in UTC) is saved.
strLastDateFile = "c:\scripts\LastDate.txt"

' Specify output file.
strOutputFile = "c:\scripts\NewUsers.txt"

' Retrieve last user creation date.
Set objFSO = CreateObject("Scripting.FileSystemObject")
On Error Resume Next
Set objDateFile = objFSO.OpenTextFile(strLastDateFile, ForReading)
If (Err.Number <> 0) Then
On Error GoTo 0
' Assign default date.
strLastCreated = "1/1/2006 12:00:00 AM"
Else
On Error GoTo 0
strLastCreated = objDateFile.ReadLine
objDateFile.Close
End If

' Open output file.
Set objOutput = objFSO.OpenTextFile(strOutputFile, _
ForWriting, CreateIfNotExist, OpenAsASCII)

' Convert last creation date to generalized time for query.
strWhenCreated = DateToGeneralized(CDate(strLastCreated))

' Determine DNS domain name.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")

' Use ADO to search Active Directory.
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"

Set adoRecordset = CreateObject("ADODB.Recordset")
adoRecordset.ActiveConnection = adoConnection

' Search entire domain.
strBase = "<LDAP://" & strDNSDomain & ">"

' Search for all users created after specified date.
strFilter = "(&(objectCategory=person)(objectClass=user)(whenCreated>=" _
& strWhenCreated & "))"

' Comma delimited list of attribute values to retrieve.
strAttributes = "sAMAccountName,distinguishedName,whenCreated"

' Construct the LDAP query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"

' Run the query.
adoRecordset.Source = strQuery
adoRecordset.Open

objOutput.WriteLine "Users created since: " _
& strLastCreated & " (UTC)"

' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
' Retrieve values.
strDN = adoRecordset.Fields("distinguishedName").Value
strNTName = adoRecordset.Fields("sAMAccountName").Value
strCreated = adoRecordset.Fields("whenCreated").Value
' Retain largest create date.
If (CDate(strCreated) > CDate(strLastCreated)) Then
strLastCreated = strCreated
End If
' Output values for users created after specified date.
objOutput.WriteLine strNTName & ", " & strCreated & ", " & strDN
adoRecordset.MoveNext
Loop

' Increment last creation date by one second.
strLastCreated = CStr(DateAdd("s", 1, CDate(strLastCreated)))

objOutput.WriteLine "New last creation date: " _
& strLastCreated & " (UTC)"

' Save last creation date.
Set objDateFile = objFSO.OpenTextFile(strLastDateFile, _
ForWriting, CreateIfNotExist, OpenAsASCII)
objDateFile.WriteLine strLastCreated

' Clean up.
adoRecordset.Close
adoConnection.Close
objDateFile.Close
objOutput.Close

Function DateToGeneralized(dtmDate)
' Function to convert a date value (in UTC) to a string
' in generalized date format, which is YYYYMMDDHHMMSS.0Z.

DateToGeneralized = CStr(Year(dtmDate)) _
& Right("0" & CStr(Month(dtmDate)), 2) _
& Right("0" & CStr(Day(dtmDate)), 2) _
& Right("0" & CStr(Hour(dtmDate)), 2) _
& Right("0" & CStr(Minute(dtmDate)), 2) _
& Right("0" & CStr(Second(dtmDate)), 2) _
& ".0Z"

End Function

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--


0 new messages