1. 首頁
  2. 問答
  3. 使用VBScript和Active Directory通過SID查找用戶電子郵件

使用VBScript和Active Directory通過SID查找用戶電子郵件

2010-03-09 72 views
0

我正在解析有關Windows系統上用戶帳戶更改的日誌消息。 我想通知用戶有關更改,因此我需要從Active Directory檢索其個人 信息(First,Last,E-Mail)。使用VBScript和Active Directory通過SID查找用戶電子郵件

我已經找到了一種方法來獲取用戶名,但是,這只是通過WMI,而不是ADSI:

Function FindUser(Message) 
    Dim objWMIService 
    Dim strAccountRegex 
    Dim objRegex 
    Dim objMatch 
    Dim strComputer 
    Dim objUser 
    Dim objShell 


    strAccountRegex = "(\%\{[A-Z,0-9,\-]*\})" 
    strComputer = "." 

    Wscript.StdOut.writeLine "Querying WMI to retrieve user-data" 

    Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") 
    Set objShell = WScript.CreateObject("WScript.Shell") 
    Set objRegex = new RegExp 
    objRegex.Pattern= strAccountRegex 
    for each objMatch in objRegex.Execute(Message) 
      REM Wscript.StdOut.writeLine "Found an Account ID: " & objMatch.value 
      Dim strSID 
      strSID=NormalizeSID(objMatch.value) 
      REM Wscript.Echo "SID after escaping: " & strSID 
      Set objUser = objWMIService.Get _ 
      ("Win32_SID.SID='" & strSID & "'") 
    next 
    FindUser=objUser.ReferencedDomainName & "\" & objUser.AccountName 
End Function

它工作正常,但我想通過Active Directory,而不是通過WMI打算這樣做。 你能幫我嗎?

來源

2010-03-09 er4z0r

回答

0

好的。我找到了一種通過Active Directory執行此操作的方法。 對於compeleteness這裏是代碼:

REM Converts the SID into a from, that can be processed by WMI 
Function NormalizeSid(strSidToNormalize) 
    Dim regEx,strReplace 
    strReplace="" 
    ' Create regular expression. 
    Set regEx = New RegExp 
    regEx.Global = True 
    regEx.Pattern = "(%|{|})" 
    regEx.IgnoreCase = True 

    ' Make replacement. 
    NormalizeSid = regEx.Replace(strSidToNormalize, strReplace) 
End Function 

REM Searches for a SID the in the Message that was passed as argument 
REM SID returned will be of the form %{S-1-5-21-3968247570-3627839482-368725868-1110} 
REM NOTE: Neither WMI nor ADSI will accept this. Use NormalizeSid like in FindUser 
Function FindSidInMessage(Message) 
    Dim strAccountRegex 
    Dim objRegex 
    Dim objMatch 
    Dim strSID 

    strAccountRegex = "(\%\{S\-[,0-9,\-]*\})" 
    Set objRegex = new RegExp 
    objRegex.Pattern= strAccountRegex 

    for each objMatch in objRegex.Execute(Message) 
      REM Wscript.StdOut.writeLine "Found an Account ID: " & objMatch.value 
      strSID=objMatch.value 
    next 

    FindSidInMessage=strSID 
End Function 

REM Searches Directory for the User matching the SID passed as parameter 
Function FindUser(userSID) 
    Dim normalizedSID 
    Dim objUser 

    normalizedSID=NormalizeSid(userSID) 
    Wscript.Echo "SID after escaping: " & normalizedSID 

    Wscript.StdOut.writeLine "Querying AD to retrieve user-data" 
    Set objUser = GetObject("LDAP://<SID="& normalizedSID & ">") 
    FindUser=objUser.EmailAddress 
End Function

希望這將是有用的人。

來源

2010-03-09 13:39:14 er4z0r

+0

我如何得到這個工作?我需要導出Eventlog嗎?如果是這樣,我怎麼讓腳本運行通過出口。對不起,我不是程序員。我只是試圖將事件中的SID與其用戶進行匹配。 – 2010-10-06 08:43:05

+0

我使用這個: http://www.sql-und-xml.de/freeware-tools/index.html#evt-Watch 不幸的是,它是由德國開發人員編寫的,但使用谷歌翻譯可能是幸運的; - ) – er4z0r 2010-10-22 08:26:08

相關問題

 相關問題