Discussion:
Howto count users in OU ?
(too old to reply)
Marc Martin
2003-09-18 06:50:19 UTC
Permalink
Hi NG,

I have the following code, to count all users in OU=marketing

-----BEGIN CODE-----
count=0
Set objOU = GetObject("LDAP://ou=marketing,dc=MyDomain,dc=com")
objOU.Filter = Array("user")
For Each objUser In objOU
Wscript.Echo objUser.sAMAccountName & ", " & objUser.cn
count = count + 1
Wscript.Echo "There are " & count & "users in OU marketing"
-----END CODE-------

Is there a better method to count the users as i did? The
IADsContainer::get_Count Method does not work here.

Thanks,

Marc
Max L. Vaughn [MSFT]
2003-09-18 14:22:10 UTC
Permalink
Use an LDAP ADO query.

It will be much less expensive and considerably faster. Below is a VBS that dispalys users from a specific OU.

Sincerely,
Max Vaughn [MS]
Microsoft Developer Support


Disclaimer: This posting is provided "AS IS" with no warranties, and confers no rights. You assume all risk for your use.

'<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
'
' Script created to query the Active Directory starting at a base DN to retrieve all users
' whose description attribute has a value.
'
' Test that value to see if it is numeric by looking at the first character. It it is numeric
' move the value to the SSN attribute created by using schema admin snapin for the domain.
' If the value is moved, then the description attribute is cleared.
'
'
' IMPORTANT NOTE:
' The script makes no attempt to test for error conditions and generates no additional output
' save the changes to the user objects in the AD.
'
' To add error handling, success loging and failure loging will require an additional 8 hours
' of labor to add the code and test the results.
'
Sub Usesage( )
WScript.Echo "USAGE:"&vbCrLf&"query.vbs LDAP_SERVER BASE_DN DOMAIN_USERID PASSWORD"
WScript.Echo "WHERE:"&vbCrLf&"LDAP_SERVER -> IP or DNS name for an LDAP server to hit"
WScript.Echo "BASE_DN -> Base DN for the search container"
WSCript.Echo "DOMAIN_USERID -> DOMAIN\USERID form of a user for authentication"
WScript.Echo "PASSWORD -> Password for user ID provided as second argument"
WSCript.Echo vbCrLf & "Example:"&vbCrlf&"Search for all the groups in ou "&Chr(34)&"OU=My
OU,dc=home,dc=com"&chr(34)
WScript.Echo "and display the members of the group except those" & vbCrLf & "who have the group as its
primary group"
WScript.Echo "Using the crendentials " & chr(34) & "home\JoeB" & chr(34)
WScript.Echo "With a password of " & chr(34) & "JoeB" & Chr(34)
WScript.Echo "Targeting the server " & chr(34) & "home.com" & chr(34) & vbCrlF
WScript.Echo "The command line would be:"
WScript.Echo "query.vbs " & chr(34) & "home.com" & chr(34) & " " & chr(34) & "ou=My OU,dc=home,dc=com"
& chr(34) & " " & chr(34)&"home\joeb" & chr(34) & " " & chr(34) & "JoeB" & Chr(34)
WScript.Echo
end sub
'
' Parse Command Line Arguments
' Checks for the proper number of arguments and sets
' the LDAP server on which to perform the search
' the Base DN to start the search
' the User ID to use for user crendentials for the search
' the password for the user
'
sub ParseCommandLine(ldapSvr, baseDN, UserID, Password)
dim args
set Args = WScript.Arguments
if( args.Count < 4 ) then
Call Usesage()
WScript.Quit
else
ldapSvr = args(0)
baseDN = args(1)
UserID = args(2)
Password = args(3)
end if
end sub
'*********************************************************************
' THIS SCRIPT IS PROVIDED AS AN ExAMPLE OF HOW TO QUERY THE ACTIVE DIRECTORY
' AND OBTAIN ALL OF THE USER OBJECTS WITHIN THE DIRECTORY.
' THE SAMPLE ILLUSTRATES HOW TO BIND TO THE RETURNED RESULTS
' AND DISPLAY SPECIFIC INFORMATION ABOUT EACH OBJECT
'
' THIS CODE MAKES NO ATTEMPT TO PERFORM PROPER ERROR CHECKING!
' THE SAMPLE USES THE RootDSE OBJECT TO DETERMINE THE
' DC NOMENCLATURE FOR THE LDAP SEARCH.
'
'
' strSever-> LDAP server to target
' strBaseDN -> base DN to begin search
' strUserID -> UserID portion of user crendentials for the search
' strPasswrod -> User's password
'
dim strServer, strBaseDN, strUserID, strPassword
Call ParseCommandLine (strServer, strBaseDN, strUserID, strPassword)
WScript.Echo "Preparing to query for all users: " & vbcrlf & strdn
'
' Create the objects needed to perform the ADO query
'
Set con = CreateObject("ADODB.Connection")
con.Provider = "ADsDSOObject"
con.Properties("User ID") = strUserID
con.Properties("Password") = strPassword
con.Open "Active Directory Provider"
'
'Set Query syntax
'
Set Command = CreateObject("ADODB.Command")
Set Command.ActiveConnection = con
'
' We are looking for all the user objects that have the
' description attribute set...
'
Command.CommandText = "<LDAP://" & strServer & "/" & strBaseDN &
">;(&(objectclass=user)(objectCategory=person)(description=*));AdsPath,description;subTree"
'
' With so many results to be returned, change the search to a paged search.
'
Command.Properties("Page Size") = 99
'
' Execute the query
'
Set rs = Command.Execute
'
' Loop through the result set to find
' discription attributes that begin with a numeric character.
' When a numeric description is found, move the description to
' the new SSN attribute and clear the description attribute.
'
While Not rs.EOF
strDesc = rs.Fields("description").Value
'
' Check the attribute, if its non null, then
' we need to test for numeric.
'
if( Not isNull(strDesc) ) then
'
' IT has a value, check to see if it returned it as an array...
'
If( isArray(strDesc) ) then
'
' Get the first value....
'
vStr = strDesc(0)
else
vStr = strDesc
end if
end if
rs.MoveNext
Wend
WScript.Echo "DONE............................"
'*********************************************************************
Jeff Jones [MSFT]
2003-09-18 15:37:08 UTC
Permalink
If you are running Windows Server 2003 and only need a rough estimate of how
many objects are in a container you can use the
msDS-Approx-Immed-Subordinates attribute. It is only an approximation but
is really quick. Much faster than counting the results of a query.
The down side is that you cannot specify the types of objects to count and
it isn't always exactly correct.
--
Jeff Jones [MS]
Active Directory Administration Tools Development
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
Post by Max L. Vaughn [MSFT]
Use an LDAP ADO query.
It will be much less expensive and considerably faster. Below is a VBS
that dispalys users from a specific OU.
Post by Max L. Vaughn [MSFT]
Sincerely,
Max Vaughn [MS]
Microsoft Developer Support
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights. You assume all risk for your use.
'<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Post by Max L. Vaughn [MSFT]
'
' Script created to query the Active Directory starting at a base DN to retrieve all users
' whose description attribute has a value.
'
' Test that value to see if it is numeric by looking at the first
character. It it is numeric
Post by Max L. Vaughn [MSFT]
' move the value to the SSN attribute created by using schema admin snapin for the domain.
' If the value is moved, then the description attribute is cleared.
'
'
' The script makes no attempt to test for error conditions and generates
no additional output
Post by Max L. Vaughn [MSFT]
' save the changes to the user objects in the AD.
'
' To add error handling, success loging and failure loging will require
an additional 8 hours
Post by Max L. Vaughn [MSFT]
' of labor to add the code and test the results.
'
Sub Usesage( )
WScript.Echo "USAGE:"&vbCrLf&"query.vbs LDAP_SERVER BASE_DN
DOMAIN_USERID PASSWORD"
Post by Max L. Vaughn [MSFT]
WScript.Echo "WHERE:"&vbCrLf&"LDAP_SERVER -> IP or DNS name for an LDAP server to hit"
WScript.Echo "BASE_DN -> Base DN for the search container"
WSCript.Echo "DOMAIN_USERID -> DOMAIN\USERID form of a user for authentication"
WScript.Echo "PASSWORD -> Password for user ID provided as second argument"
WSCript.Echo vbCrLf & "Example:"&vbCrlf&"Search for all the groups in ou "&Chr(34)&"OU=My
OU,dc=home,dc=com"&chr(34)
WScript.Echo "and display the members of the group except those" &
vbCrLf & "who have the group as its
Post by Max L. Vaughn [MSFT]
primary group"
WScript.Echo "Using the crendentials " & chr(34) & "home\JoeB" & chr(34)
WScript.Echo "With a password of " & chr(34) & "JoeB" & Chr(34)
WScript.Echo "Targeting the server " & chr(34) & "home.com" & chr(34) & vbCrlF
WScript.Echo "The command line would be:"
WScript.Echo "query.vbs " & chr(34) & "home.com" & chr(34) & " " &
chr(34) & "ou=My OU,dc=home,dc=com"
Post by Max L. Vaughn [MSFT]
& chr(34) & " " & chr(34)&"home\joeb" & chr(34) & " " & chr(34) & "JoeB" & Chr(34)
WScript.Echo
end sub
'
' Parse Command Line Arguments
' Checks for the proper number of arguments and sets
' the LDAP server on which to perform the search
' the Base DN to start the search
' the User ID to use for user crendentials for the search
' the password for the user
'
sub ParseCommandLine(ldapSvr, baseDN, UserID, Password)
dim args
set Args = WScript.Arguments
if( args.Count < 4 ) then
Call Usesage()
WScript.Quit
else
ldapSvr = args(0)
baseDN = args(1)
UserID = args(2)
Password = args(3)
end if
end sub
'*********************************************************************
' THIS SCRIPT IS PROVIDED AS AN ExAMPLE OF HOW TO QUERY THE ACTIVE DIRECTORY
' AND OBTAIN ALL OF THE USER OBJECTS WITHIN THE DIRECTORY.
' THE SAMPLE ILLUSTRATES HOW TO BIND TO THE RETURNED RESULTS
' AND DISPLAY SPECIFIC INFORMATION ABOUT EACH OBJECT
'
' THIS CODE MAKES NO ATTEMPT TO PERFORM PROPER ERROR CHECKING!
' THE SAMPLE USES THE RootDSE OBJECT TO DETERMINE THE
' DC NOMENCLATURE FOR THE LDAP SEARCH.
'
'
' strSever-> LDAP server to target
' strBaseDN -> base DN to begin search
' strUserID -> UserID portion of user crendentials for the search
' strPasswrod -> User's password
'
dim strServer, strBaseDN, strUserID, strPassword
Call ParseCommandLine (strServer, strBaseDN, strUserID, strPassword)
WScript.Echo "Preparing to query for all users: " & vbcrlf & strdn
'
' Create the objects needed to perform the ADO query
'
Set con = CreateObject("ADODB.Connection")
con.Provider = "ADsDSOObject"
con.Properties("User ID") = strUserID
con.Properties("Password") = strPassword
con.Open "Active Directory Provider"
'
'Set Query syntax
'
Set Command = CreateObject("ADODB.Command")
Set Command.ActiveConnection = con
'
' We are looking for all the user objects that have the
' description attribute set...
'
Command.CommandText = "<LDAP://" & strServer & "/" & strBaseDN &
">;(&(objectclass=user)(objectCategory=person)(description=*));AdsPath,descr
iption;subTree"
Post by Max L. Vaughn [MSFT]
'
' With so many results to be returned, change the search to a paged search.
'
Command.Properties("Page Size") = 99
'
' Execute the query
'
Set rs = Command.Execute
'
' Loop through the result set to find
' discription attributes that begin with a numeric character.
' When a numeric description is found, move the description to
' the new SSN attribute and clear the description attribute.
'
While Not rs.EOF
strDesc = rs.Fields("description").Value
'
' Check the attribute, if its non null, then
' we need to test for numeric.
'
if( Not isNull(strDesc) ) then
'
' IT has a value, check to see if it returned it as an array...
'
If( isArray(strDesc) ) then
'
' Get the first value....
'
vStr = strDesc(0)
else
vStr = strDesc
end if
end if
rs.MoveNext
Wend
WScript.Echo "DONE............................"
'*********************************************************************
Yaroslav Naglya
2003-09-18 15:57:49 UTC
Permalink
In my Windows 2003 domain I don't have any object with setted attribute
msDS-Approx-Immed-Subordinates :(
Why?
Post by Jeff Jones [MSFT]
If you are running Windows Server 2003 and only need a rough estimate of how
many objects are in a container you can use the
msDS-Approx-Immed-Subordinates attribute. It is only an approximation but
is really quick. Much faster than counting the results of a query.
The down side is that you cannot specify the types of objects to count and
it isn't always exactly correct.
--
Jeff Jones [MS]
Active Directory Administration Tools Development
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no rights.
Post by Max L. Vaughn [MSFT]
Use an LDAP ADO query.
It will be much less expensive and considerably faster. Below is a VBS
that dispalys users from a specific OU.
Post by Max L. Vaughn [MSFT]
Sincerely,
Max Vaughn [MS]
Microsoft Developer Support
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights. You assume all risk for your use.
'<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Post by Jeff Jones [MSFT]
Post by Max L. Vaughn [MSFT]
'
' Script created to query the Active Directory starting at a base DN to
retrieve all users
Post by Max L. Vaughn [MSFT]
' whose description attribute has a value.
'
' Test that value to see if it is numeric by looking at the first
character. It it is numeric
Post by Max L. Vaughn [MSFT]
' move the value to the SSN attribute created by using schema admin
snapin
Post by Jeff Jones [MSFT]
for the domain.
Post by Max L. Vaughn [MSFT]
' If the value is moved, then the description attribute is cleared.
'
'
' The script makes no attempt to test for error conditions and generates
no additional output
Post by Max L. Vaughn [MSFT]
' save the changes to the user objects in the AD.
'
' To add error handling, success loging and failure loging will require
an additional 8 hours
Post by Max L. Vaughn [MSFT]
' of labor to add the code and test the results.
'
Sub Usesage( )
WScript.Echo "USAGE:"&vbCrLf&"query.vbs LDAP_SERVER BASE_DN
DOMAIN_USERID PASSWORD"
Post by Max L. Vaughn [MSFT]
WScript.Echo "WHERE:"&vbCrLf&"LDAP_SERVER -> IP or DNS name for an
LDAP
Post by Jeff Jones [MSFT]
server to hit"
Post by Max L. Vaughn [MSFT]
WScript.Echo "BASE_DN -> Base DN for the search container"
WSCript.Echo "DOMAIN_USERID -> DOMAIN\USERID form of a user for
authentication"
Post by Max L. Vaughn [MSFT]
WScript.Echo "PASSWORD -> Password for user ID provided as second
argument"
Post by Max L. Vaughn [MSFT]
WSCript.Echo vbCrLf & "Example:"&vbCrlf&"Search for all the groups in
ou "&Chr(34)&"OU=My
Post by Max L. Vaughn [MSFT]
OU,dc=home,dc=com"&chr(34)
WScript.Echo "and display the members of the group except those" &
vbCrLf & "who have the group as its
Post by Max L. Vaughn [MSFT]
primary group"
WScript.Echo "Using the crendentials " & chr(34) & "home\JoeB" &
chr(34)
Post by Max L. Vaughn [MSFT]
WScript.Echo "With a password of " & chr(34) & "JoeB" & Chr(34)
WScript.Echo "Targeting the server " & chr(34) & "home.com" & chr(34)
&
Post by Jeff Jones [MSFT]
vbCrlF
Post by Max L. Vaughn [MSFT]
WScript.Echo "The command line would be:"
WScript.Echo "query.vbs " & chr(34) & "home.com" & chr(34) & " " &
chr(34) & "ou=My OU,dc=home,dc=com"
Post by Max L. Vaughn [MSFT]
& chr(34) & " " & chr(34)&"home\joeb" & chr(34) & " " & chr(34) & "JoeB"
&
Post by Jeff Jones [MSFT]
Chr(34)
Post by Max L. Vaughn [MSFT]
WScript.Echo
end sub
'
' Parse Command Line Arguments
' Checks for the proper number of arguments and sets
' the LDAP server on which to perform the search
' the Base DN to start the search
' the User ID to use for user crendentials for the search
' the password for the user
'
sub ParseCommandLine(ldapSvr, baseDN, UserID, Password)
dim args
set Args = WScript.Arguments
if( args.Count < 4 ) then
Call Usesage()
WScript.Quit
else
ldapSvr = args(0)
baseDN = args(1)
UserID = args(2)
Password = args(3)
end if
end sub
'*********************************************************************
' THIS SCRIPT IS PROVIDED AS AN ExAMPLE OF HOW TO QUERY THE ACTIVE
DIRECTORY
Post by Max L. Vaughn [MSFT]
' AND OBTAIN ALL OF THE USER OBJECTS WITHIN THE DIRECTORY.
' THE SAMPLE ILLUSTRATES HOW TO BIND TO THE RETURNED RESULTS
' AND DISPLAY SPECIFIC INFORMATION ABOUT EACH OBJECT
'
' THIS CODE MAKES NO ATTEMPT TO PERFORM PROPER ERROR CHECKING!
' THE SAMPLE USES THE RootDSE OBJECT TO DETERMINE THE
' DC NOMENCLATURE FOR THE LDAP SEARCH.
'
'
' strSever-> LDAP server to target
' strBaseDN -> base DN to begin search
' strUserID -> UserID portion of user crendentials for the search
' strPasswrod -> User's password
'
dim strServer, strBaseDN, strUserID, strPassword
Call ParseCommandLine (strServer, strBaseDN, strUserID, strPassword)
WScript.Echo "Preparing to query for all users: " & vbcrlf & strdn
'
' Create the objects needed to perform the ADO query
'
Set con = CreateObject("ADODB.Connection")
con.Provider = "ADsDSOObject"
con.Properties("User ID") = strUserID
con.Properties("Password") = strPassword
con.Open "Active Directory Provider"
'
'Set Query syntax
'
Set Command = CreateObject("ADODB.Command")
Set Command.ActiveConnection = con
'
' We are looking for all the user objects that have the
' description attribute set...
'
Command.CommandText = "<LDAP://" & strServer & "/" & strBaseDN &
">;(&(objectclass=user)(objectCategory=person)(description=*));AdsPath,descr
Post by Jeff Jones [MSFT]
iption;subTree"
Post by Max L. Vaughn [MSFT]
'
' With so many results to be returned, change the search to a paged
search.
Post by Max L. Vaughn [MSFT]
'
Command.Properties("Page Size") = 99
'
' Execute the query
'
Set rs = Command.Execute
'
' Loop through the result set to find
' discription attributes that begin with a numeric character.
' When a numeric description is found, move the description to
' the new SSN attribute and clear the description attribute.
'
While Not rs.EOF
strDesc = rs.Fields("description").Value
'
' Check the attribute, if its non null, then
' we need to test for numeric.
'
if( Not isNull(strDesc) ) then
'
' IT has a value, check to see if it returned it as an array...
'
If( isArray(strDesc) ) then
'
' Get the first value....
'
vStr = strDesc(0)
else
vStr = strDesc
end if
end if
rs.MoveNext
Wend
WScript.Echo "DONE............................"
'*********************************************************************
Robbie Allen
2003-09-19 03:02:13 UTC
Permalink
Did you look on the container or OU that contains the objects you want to
count? That is the one you want to view the msDS-Approx-Immed-Subordinates
for.

BTW, the value for that attribute will typically be correct unless you have
a container/OU with a large number of objects.

Robbie Allen
http://www.rallenhome.com/
Post by Yaroslav Naglya
In my Windows 2003 domain I don't have any object with setted attribute
msDS-Approx-Immed-Subordinates :(
Why?
Post by Jeff Jones [MSFT]
If you are running Windows Server 2003 and only need a rough estimate of
how
Post by Jeff Jones [MSFT]
many objects are in a container you can use the
msDS-Approx-Immed-Subordinates attribute. It is only an approximation but
is really quick. Much faster than counting the results of a query.
The down side is that you cannot specify the types of objects to count and
it isn't always exactly correct.
--
Jeff Jones [MS]
Active Directory Administration Tools Development
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no
rights.
Post by Jeff Jones [MSFT]
Post by Max L. Vaughn [MSFT]
Use an LDAP ADO query.
It will be much less expensive and considerably faster. Below is a VBS
that dispalys users from a specific OU.
Post by Max L. Vaughn [MSFT]
Sincerely,
Max Vaughn [MS]
Microsoft Developer Support
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights. You assume all risk for your use.
'<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Post by Yaroslav Naglya
Post by Jeff Jones [MSFT]
Post by Max L. Vaughn [MSFT]
'
' Script created to query the Active Directory starting at a base DN to
retrieve all users
Post by Max L. Vaughn [MSFT]
' whose description attribute has a value.
'
' Test that value to see if it is numeric by looking at the first
character. It it is numeric
Post by Max L. Vaughn [MSFT]
' move the value to the SSN attribute created by using schema admin
snapin
Post by Jeff Jones [MSFT]
for the domain.
Post by Max L. Vaughn [MSFT]
' If the value is moved, then the description attribute is cleared.
'
'
' The script makes no attempt to test for error conditions and
generates
Post by Jeff Jones [MSFT]
no additional output
Post by Max L. Vaughn [MSFT]
' save the changes to the user objects in the AD.
'
' To add error handling, success loging and failure loging will
require
Post by Jeff Jones [MSFT]
an additional 8 hours
Post by Max L. Vaughn [MSFT]
' of labor to add the code and test the results.
'
Sub Usesage( )
WScript.Echo "USAGE:"&vbCrLf&"query.vbs LDAP_SERVER BASE_DN
DOMAIN_USERID PASSWORD"
Post by Max L. Vaughn [MSFT]
WScript.Echo "WHERE:"&vbCrLf&"LDAP_SERVER -> IP or DNS name for an
LDAP
Post by Jeff Jones [MSFT]
server to hit"
Post by Max L. Vaughn [MSFT]
WScript.Echo "BASE_DN -> Base DN for the search container"
WSCript.Echo "DOMAIN_USERID -> DOMAIN\USERID form of a user for
authentication"
Post by Max L. Vaughn [MSFT]
WScript.Echo "PASSWORD -> Password for user ID provided as second
argument"
Post by Max L. Vaughn [MSFT]
WSCript.Echo vbCrLf & "Example:"&vbCrlf&"Search for all the groups in
ou "&Chr(34)&"OU=My
Post by Max L. Vaughn [MSFT]
OU,dc=home,dc=com"&chr(34)
WScript.Echo "and display the members of the group except those" &
vbCrLf & "who have the group as its
Post by Max L. Vaughn [MSFT]
primary group"
WScript.Echo "Using the crendentials " & chr(34) & "home\JoeB" &
chr(34)
Post by Max L. Vaughn [MSFT]
WScript.Echo "With a password of " & chr(34) & "JoeB" & Chr(34)
WScript.Echo "Targeting the server " & chr(34) & "home.com" & chr(34)
&
Post by Jeff Jones [MSFT]
vbCrlF
Post by Max L. Vaughn [MSFT]
WScript.Echo "The command line would be:"
WScript.Echo "query.vbs " & chr(34) & "home.com" & chr(34) & " " &
chr(34) & "ou=My OU,dc=home,dc=com"
Post by Max L. Vaughn [MSFT]
& chr(34) & " " & chr(34)&"home\joeb" & chr(34) & " " & chr(34) & "JoeB"
&
Post by Jeff Jones [MSFT]
Chr(34)
Post by Max L. Vaughn [MSFT]
WScript.Echo
end sub
'
' Parse Command Line Arguments
' Checks for the proper number of arguments and sets
' the LDAP server on which to perform the search
' the Base DN to start the search
' the User ID to use for user crendentials for the search
' the password for the user
'
sub ParseCommandLine(ldapSvr, baseDN, UserID, Password)
dim args
set Args = WScript.Arguments
if( args.Count < 4 ) then
Call Usesage()
WScript.Quit
else
ldapSvr = args(0)
baseDN = args(1)
UserID = args(2)
Password = args(3)
end if
end sub
'*********************************************************************
' THIS SCRIPT IS PROVIDED AS AN ExAMPLE OF HOW TO QUERY THE ACTIVE
DIRECTORY
Post by Max L. Vaughn [MSFT]
' AND OBTAIN ALL OF THE USER OBJECTS WITHIN THE DIRECTORY.
' THE SAMPLE ILLUSTRATES HOW TO BIND TO THE RETURNED RESULTS
' AND DISPLAY SPECIFIC INFORMATION ABOUT EACH OBJECT
'
' THIS CODE MAKES NO ATTEMPT TO PERFORM PROPER ERROR CHECKING!
' THE SAMPLE USES THE RootDSE OBJECT TO DETERMINE THE
' DC NOMENCLATURE FOR THE LDAP SEARCH.
'
'
' strSever-> LDAP server to target
' strBaseDN -> base DN to begin search
' strUserID -> UserID portion of user crendentials for the search
' strPasswrod -> User's password
'
dim strServer, strBaseDN, strUserID, strPassword
Call ParseCommandLine (strServer, strBaseDN, strUserID, strPassword)
WScript.Echo "Preparing to query for all users: " & vbcrlf & strdn
'
' Create the objects needed to perform the ADO query
'
Set con = CreateObject("ADODB.Connection")
con.Provider = "ADsDSOObject"
con.Properties("User ID") = strUserID
con.Properties("Password") = strPassword
con.Open "Active Directory Provider"
'
'Set Query syntax
'
Set Command = CreateObject("ADODB.Command")
Set Command.ActiveConnection = con
'
' We are looking for all the user objects that have the
' description attribute set...
'
Command.CommandText = "<LDAP://" & strServer & "/" & strBaseDN &
">;(&(objectclass=user)(objectCategory=person)(description=*));AdsPath,descr
Post by Yaroslav Naglya
Post by Jeff Jones [MSFT]
iption;subTree"
Post by Max L. Vaughn [MSFT]
'
' With so many results to be returned, change the search to a paged
search.
Post by Max L. Vaughn [MSFT]
'
Command.Properties("Page Size") = 99
'
' Execute the query
'
Set rs = Command.Execute
'
' Loop through the result set to find
' discription attributes that begin with a numeric character.
' When a numeric description is found, move the description to
' the new SSN attribute and clear the description attribute.
'
While Not rs.EOF
strDesc = rs.Fields("description").Value
'
' Check the attribute, if its non null, then
' we need to test for numeric.
'
if( Not isNull(strDesc) ) then
'
' IT has a value, check to see if it returned it as an array...
'
If( isArray(strDesc) ) then
'
' Get the first value....
'
vStr = strDesc(0)
else
vStr = strDesc
end if
end if
rs.MoveNext
Wend
WScript.Echo "DONE............................"
'*********************************************************************
Yaroslav Naglya
2003-09-19 10:26:22 UTC
Permalink
Thanks, I have already seen it!
Post by Robbie Allen
Did you look on the container or OU that contains the objects you want to
count? That is the one you want to view the
msDS-Approx-Immed-Subordinates
Post by Robbie Allen
for.
BTW, the value for that attribute will typically be correct unless you have
a container/OU with a large number of objects.
Robbie Allen
http://www.rallenhome.com/
Post by Yaroslav Naglya
In my Windows 2003 domain I don't have any object with setted attribute
msDS-Approx-Immed-Subordinates :(
Why?
Post by Jeff Jones [MSFT]
If you are running Windows Server 2003 and only need a rough estimate of
how
Post by Jeff Jones [MSFT]
many objects are in a container you can use the
msDS-Approx-Immed-Subordinates attribute. It is only an approximation
but
Post by Yaroslav Naglya
Post by Jeff Jones [MSFT]
is really quick. Much faster than counting the results of a query.
The down side is that you cannot specify the types of objects to count
and
Post by Yaroslav Naglya
Post by Jeff Jones [MSFT]
it isn't always exactly correct.
--
Jeff Jones [MS]
Active Directory Administration Tools Development
Microsoft Corporation
This posting is provided "AS IS" with no warranties, and confers no
rights.
Post by Jeff Jones [MSFT]
Post by Max L. Vaughn [MSFT]
Use an LDAP ADO query.
It will be much less expensive and considerably faster. Below is a
VBS
Post by Yaroslav Naglya
Post by Jeff Jones [MSFT]
that dispalys users from a specific OU.
Post by Max L. Vaughn [MSFT]
Sincerely,
Max Vaughn [MS]
Microsoft Developer Support
Disclaimer: This posting is provided "AS IS" with no warranties, and
confers no rights. You assume all risk for your use.
'<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>
Post by Robbie Allen
Post by Yaroslav Naglya
Post by Jeff Jones [MSFT]
Post by Max L. Vaughn [MSFT]
'
' Script created to query the Active Directory starting at a base DN
to
Post by Yaroslav Naglya
Post by Jeff Jones [MSFT]
retrieve all users
Post by Max L. Vaughn [MSFT]
' whose description attribute has a value.
'
' Test that value to see if it is numeric by looking at the first
character. It it is numeric
Post by Max L. Vaughn [MSFT]
' move the value to the SSN attribute created by using schema admin
snapin
Post by Jeff Jones [MSFT]
for the domain.
Post by Max L. Vaughn [MSFT]
' If the value is moved, then the description attribute is cleared.
'
'
' The script makes no attempt to test for error conditions and
generates
Post by Jeff Jones [MSFT]
no additional output
Post by Max L. Vaughn [MSFT]
' save the changes to the user objects in the AD.
'
' To add error handling, success loging and failure loging will
require
Post by Jeff Jones [MSFT]
an additional 8 hours
Post by Max L. Vaughn [MSFT]
' of labor to add the code and test the results.
'
Sub Usesage( )
WScript.Echo "USAGE:"&vbCrLf&"query.vbs LDAP_SERVER BASE_DN
DOMAIN_USERID PASSWORD"
Post by Max L. Vaughn [MSFT]
WScript.Echo "WHERE:"&vbCrLf&"LDAP_SERVER -> IP or DNS name for an
LDAP
Post by Jeff Jones [MSFT]
server to hit"
Post by Max L. Vaughn [MSFT]
WScript.Echo "BASE_DN -> Base DN for the search container"
WSCript.Echo "DOMAIN_USERID -> DOMAIN\USERID form of a user for
authentication"
Post by Max L. Vaughn [MSFT]
WScript.Echo "PASSWORD -> Password for user ID provided as second
argument"
Post by Max L. Vaughn [MSFT]
WSCript.Echo vbCrLf & "Example:"&vbCrlf&"Search for all the
groups
Post by Robbie Allen
in
Post by Yaroslav Naglya
Post by Jeff Jones [MSFT]
ou "&Chr(34)&"OU=My
Post by Max L. Vaughn [MSFT]
OU,dc=home,dc=com"&chr(34)
WScript.Echo "and display the members of the group except those" &
vbCrLf & "who have the group as its
Post by Max L. Vaughn [MSFT]
primary group"
WScript.Echo "Using the crendentials " & chr(34) & "home\JoeB" &
chr(34)
Post by Max L. Vaughn [MSFT]
WScript.Echo "With a password of " & chr(34) & "JoeB" & Chr(34)
WScript.Echo "Targeting the server " & chr(34) & "home.com" &
chr(34)
Post by Yaroslav Naglya
&
Post by Jeff Jones [MSFT]
vbCrlF
Post by Max L. Vaughn [MSFT]
WScript.Echo "The command line would be:"
WScript.Echo "query.vbs " & chr(34) & "home.com" & chr(34) & " " &
chr(34) & "ou=My OU,dc=home,dc=com"
Post by Max L. Vaughn [MSFT]
& chr(34) & " " & chr(34)&"home\joeb" & chr(34) & " " & chr(34) &
"JoeB"
Post by Yaroslav Naglya
&
Post by Jeff Jones [MSFT]
Chr(34)
Post by Max L. Vaughn [MSFT]
WScript.Echo
end sub
'
' Parse Command Line Arguments
' Checks for the proper number of arguments and sets
' the LDAP server on which to perform the search
' the Base DN to start the search
' the User ID to use for user crendentials for the search
' the password for the user
'
sub ParseCommandLine(ldapSvr, baseDN, UserID, Password)
dim args
set Args = WScript.Arguments
if( args.Count < 4 ) then
Call Usesage()
WScript.Quit
else
ldapSvr = args(0)
baseDN = args(1)
UserID = args(2)
Password = args(3)
end if
end sub
'*********************************************************************
Post by Robbie Allen
Post by Yaroslav Naglya
Post by Jeff Jones [MSFT]
Post by Max L. Vaughn [MSFT]
' THIS SCRIPT IS PROVIDED AS AN ExAMPLE OF HOW TO QUERY THE ACTIVE
DIRECTORY
Post by Max L. Vaughn [MSFT]
' AND OBTAIN ALL OF THE USER OBJECTS WITHIN THE DIRECTORY.
' THE SAMPLE ILLUSTRATES HOW TO BIND TO THE RETURNED RESULTS
' AND DISPLAY SPECIFIC INFORMATION ABOUT EACH OBJECT
'
' THIS CODE MAKES NO ATTEMPT TO PERFORM PROPER ERROR CHECKING!
' THE SAMPLE USES THE RootDSE OBJECT TO DETERMINE THE
' DC NOMENCLATURE FOR THE LDAP SEARCH.
'
'
' strSever-> LDAP server to target
' strBaseDN -> base DN to begin search
' strUserID -> UserID portion of user crendentials for the search
' strPasswrod -> User's password
'
dim strServer, strBaseDN, strUserID, strPassword
Call ParseCommandLine (strServer, strBaseDN, strUserID, strPassword)
WScript.Echo "Preparing to query for all users: " & vbcrlf & strdn
'
' Create the objects needed to perform the ADO query
'
Set con = CreateObject("ADODB.Connection")
con.Provider = "ADsDSOObject"
con.Properties("User ID") = strUserID
con.Properties("Password") = strPassword
con.Open "Active Directory Provider"
'
'Set Query syntax
'
Set Command = CreateObject("ADODB.Command")
Set Command.ActiveConnection = con
'
' We are looking for all the user objects that have the
' description attribute set...
'
Command.CommandText = "<LDAP://" & strServer & "/" & strBaseDN &
">;(&(objectclass=user)(objectCategory=person)(description=*));AdsPath,descr
Post by Robbie Allen
Post by Yaroslav Naglya
Post by Jeff Jones [MSFT]
iption;subTree"
Post by Max L. Vaughn [MSFT]
'
' With so many results to be returned, change the search to a paged
search.
Post by Max L. Vaughn [MSFT]
'
Command.Properties("Page Size") = 99
'
' Execute the query
'
Set rs = Command.Execute
'
' Loop through the result set to find
' discription attributes that begin with a numeric character.
' When a numeric description is found, move the description to
' the new SSN attribute and clear the description attribute.
'
While Not rs.EOF
strDesc = rs.Fields("description").Value
'
' Check the attribute, if its non null, then
' we need to test for numeric.
'
if( Not isNull(strDesc) ) then
'
' IT has a value, check to see if it returned it as an array...
'
If( isArray(strDesc) ) then
'
' Get the first value....
'
vStr = strDesc(0)
else
vStr = strDesc
end if
end if
rs.MoveNext
Wend
WScript.Echo "DONE............................"
'*********************************************************************
Loading...