使用VBScript查詢Active Directory

Question

我想使用VBScript（傳統ASP）查詢Active Directory。 我該怎麼做到這一點？

Answer 1

看一個OU中的所有成員，試試這個...

Set objOU = GetObject("LDAP://OU=YourOU,DC=YourDomain,DC=com") 
For each objMember in ObjOU ' get all the members' 

    ' do something' 

Next 

要做到自定義搜索的DNS試試這個...

set conn = createobject("ADODB.Connection") 
Set iAdRootDSE = GetObject("LDAP://RootDSE") 
strDefaultNamingContext = iAdRootDSE.Get("defaultNamingContext") 
Conn.Provider = "ADsDSOObject" 
Conn.Open "ADs Provider" 

strQueryDL = "<LDAP://" & strDefaultNamingContext & ">;(&(objectCategory=person)(objectClass=user));distinguishedName,adspath;subtree" 
set objCmd = createobject("ADODB.Command") 
objCmd.ActiveConnection = Conn 
objCmd.Properties("SearchScope") = 2 ' we want to search everything 
objCmd.Properties("Page Size") = 500 ' and we want our records in lots of 500 

objCmd.CommandText = strQueryDL 
Set objRs = objCmd.Execute 

While Not objRS.eof 

    ' do something with objRS.Fields("distinguishedName")' 
    objRS.MoveNext 
Wend 

Answer 2

你想用Active Directory Service Interfaces (ADSI)

ADSI Scripting Primer是一個開始學習和找到示例的好地方。 （順便說一句，這些鏈接指的是Windows 2000，但也適用於後續版本的Windows）。

Answer 3

我必須通過oldskool用戶名查詢WinAD，這個.vbs腳本打印用戶帳戶。

• 查找SAM帳戶，使用通配符*
• 打印從每個用戶對象的幾個屬性
• 使用ACCOUNTTYPE過濾其最優化迭代AD用戶的方式對象

測試腳本首先得到一個用戶通過完全限定的字符串對象，它只是一個例子。第二部分通過smith *過濾器進行實際查詢。

WinADSearch.vbs

' c:> cscript -nologo script.vbs 
' c:> wscript script.vbs 
' http://msdn.microsoft.com/en-us/library/d6dw7aeh%28v=vs.85%29.aspx 

' WindowsAD queries 
' http://www.kouti.com/tables/userattributes.htm 

Option Explicit 
'On Error Resume Next 

Dim StdOut: Set StdOut = WScript.StdOut 

Dim objUser 
Set objUser = GetObject("LDAP://CN=Firstname Lastname,OU=Internal Users,OU=MyCompany,OU=Boston,OU=Root,DC=REGION1,DC=COM") 
println(objUser.givenName & " " & objUser.middleName & " " & objUser.lastName) 
println("name=" & objUser.name) 
println("displayName=" & objUser.displayName) 
println("userPrincipalName=" & objUser.userPrincipalName) 
println("sAMAccountName=" & objUser.sAMAccountName) 
println("distinguishedName=" & objUser.distinguishedName) 


println("") 
Dim conn, strQueryDL, strAttrs, objCmd, objRs, idx 

set conn = createobject("ADODB.Connection") 
conn.Provider = "ADsDSOObject" 
conn.Open "ADs Provider" 

strAttrs = "sAMAccountName,displayName,distinguishedName" ' get attributes 

'strQueryDL = "<LDAP://dc=REGION1,dc=COM>;(& (objectCategory=person));" & strAttrs & ";SubTree" 
'strQueryDL = "<LDAP://dc=REGION1,dc=COM>;(& (objectCategory=person)(objectClass=user));" & strAttrs & ";SubTree"  
'strQueryDL = "<LDAP://dc=REGION1,dc=COM>;(& (objectCategory=person)(objectClass=user)(sAMAccountName=smith*));" & strAttrs & ";SubTree" 

strQueryDL = "<LDAP://dc=REGION1,dc=COM>;(& (samAccountType=805306368)(sAMAccountName=smith*));" & strAttrs & ";SubTree" 

set objCmd = createobject("ADODB.Command") 
objCmd.ActiveConnection = Conn 
objCmd.Properties("SearchScope") = 2 ' search everything 
objCmd.Properties("Page Size") = 100 ' bulk operation 

objCmd.CommandText = strQueryDL 
println(objCmd.CommandText) 
Set objRs = objCmd.Execute 
idx=0 
do while Not objRS.eof 
    idx=idx+1 
    println(objRs.Fields("sAMAccountName") & "/" & objRs.Fields("displayName") & "/" & objRs.Fields("distinguishedName")) 
    if (idx>5) then exit do 
    objRS.MoveNext 
loop 
objRs.Close 
Conn.close 
set objRs = Nothing 
set conn = Nothing 
println("end") 


'******************************************************************** 
Sub println(ByVal str) 
    If (StdOut Is Nothing) Then Exit Sub 
    StdOut.WriteLine str 
End Sub