使用VBScript查询Active Directory

Question

I want to query Active Directory using VBScript (classic ASP). How can I accomplish that?

Answer 1

To look at all the members of an OU, try this...

Set objOU = GetObject("LDAP://OU=YourOU,DC=YourDomain,DC=com")
For each objMember in ObjOU  ' get all the members'

    ' do something'

Next

To do a custom search for DNs try this...

set conn = createobject("ADODB.Connection")
Set iAdRootDSE = GetObject("LDAP://RootDSE")
strDefaultNamingContext = iAdRootDSE.Get("defaultNamingContext")
Conn.Provider = "ADsDSOObject"
Conn.Open "ADs Provider"

strQueryDL = "<LDAP://" & strDefaultNamingContext & ">;(&(objectCategory=person)(objectClass=user));distinguishedName,adspath;subtree"
set objCmd = createobject("ADODB.Command")
objCmd.ActiveConnection = Conn
objCmd.Properties("SearchScope") = 2 ' we want to search everything
objCmd.Properties("Page Size") = 500 ' and we want our records in lots of 500 

objCmd.CommandText = strQueryDL
Set objRs = objCmd.Execute

While Not objRS.eof

    ' do something with objRS.Fields("distinguishedName")'
    objRS.MoveNext
Wend

Answer 2

I had to query WinAD by oldskool username, this .vbs script prints user accounts.

• find by sAMAccountname, use * wildcard
• print few attributes from each user object
• use AccountType filter its most optimized way of iterating AD user objects

Test script first gets an user object by fully qualified string, its just an example. Second part does actual query by smith* filter.

WinADSearch.vbs

' c:> cscript -nologo script.vbs
' c:> wscript script.vbs
' http://msdn.microsoft.com/en-us/library/d6dw7aeh%28v=vs.85%29.aspx

' WindowsAD queries
' http://www.kouti.com/tables/userattributes.htm

Option Explicit
'On Error Resume Next

Dim StdOut: Set StdOut = WScript.StdOut

Dim objUser
Set objUser = GetObject("LDAP://CN=Firstname Lastname,OU=Internal Users,OU=MyCompany,OU=Boston,OU=Root,DC=REGION1,DC=COM")
println(objUser.givenName & " " & objUser.middleName & " " & objUser.lastName) 
println("name=" & objUser.name)
println("displayName=" & objUser.displayName)
println("userPrincipalName=" & objUser.userPrincipalName)
println("sAMAccountName=" & objUser.sAMAccountName)
println("distinguishedName=" & objUser.distinguishedName)


println("")
Dim conn, strQueryDL, strAttrs, objCmd, objRs, idx

set conn = createobject("ADODB.Connection")
conn.Provider = "ADsDSOObject"
conn.Open "ADs Provider"

strAttrs = "sAMAccountName,displayName,distinguishedName" ' get attributes

'strQueryDL = "<LDAP://dc=REGION1,dc=COM>;(& (objectCategory=person) );" & strAttrs & ";SubTree"
'strQueryDL = "<LDAP://dc=REGION1,dc=COM>;(& (objectCategory=person)(objectClass=user) );" & strAttrs & ";SubTree"    
'strQueryDL = "<LDAP://dc=REGION1,dc=COM>;(& (objectCategory=person)(objectClass=user)(sAMAccountName=smith*) );" & strAttrs & ";SubTree"

strQueryDL = "<LDAP://dc=REGION1,dc=COM>;(& (samAccountType=805306368)(sAMAccountName=smith*) );" & strAttrs & ";SubTree"

set objCmd = createobject("ADODB.Command")
objCmd.ActiveConnection = Conn
objCmd.Properties("SearchScope") = 2 ' search everything
objCmd.Properties("Page Size") = 100 ' bulk operation

objCmd.CommandText = strQueryDL
println(objCmd.CommandText)
Set objRs = objCmd.Execute
idx=0
do while Not objRS.eof
  idx=idx+1
  println( objRs.Fields("sAMAccountName") & " / " & objRs.Fields("displayName") & " / " & objRs.Fields("distinguishedName") )
  if (idx>5) then exit do
  objRS.MoveNext
loop
objRs.Close
Conn.close
set objRs = Nothing
set conn = Nothing
println("end")


'********************************************************************
Sub println(ByVal str) 
    If (StdOut Is Nothing) Then Exit Sub
    StdOut.WriteLine str
End Sub

Answer 3

You want to use Active Directory Service Interfaces (ADSI)

The ADSI Scripting Primer is a good place to start learning and find examples. (btw, these links refer to Windows 2000, but are valid for subsequent versions of Windows as well).