Microsoft® Windows® 2000 Scripting Guide
« Previous | Next »
Enumerating the contents of an Active Directory container typically involves three basic steps:
Typically, the container is an OU.
This step is optional but should be used if you need to limit the type of objects enumerated in a container of many objects.
The script in Listing 5.39 enumerates the Configuration container and echoes the names of the child containers to the command window. The Configuration container is located in the fabrikam.com root domain. The script involves the following steps:
Listing 5.39 Enumerating the Configuration Container for Names of Objects Within It
|
|
When the script runs in the fabrikam.com forest, it echoes the name of each child container of the Configuration container to the command window, as shown:
CN=DisplaySpecifiers CN=Extended-Rights CN=ForestUpdates CN=LostAndFoundConfig CN=Partitions CN=Physical Locations CN=Services CN=Sites CN=WellKnown Security Principals
The script works from any domain in the forest.
The script in Listing 5.40 enumerates the Partitions container, which is located in the Configuration container of the fabrikam.com root domain. During enumeration, two entries in the upnSuffixes multivalued attribute are updated and the script echoes all values in the attribute to the command window.
This script demonstrates container enumeration combined with writing and reading a multivalued attribute. For more information about multivalued attributes, see "Administering Multivalued Attributes" earlier in this chapter.
Listing 5.40 Enumerating the Partitions Container to Write and Read the upnSuffixes Attribute
|
|
When this script runs in the fabrikam.com root domain, it inserts two entries in the upnSuffixes attribute and then echoes all entries in the upnSuffixes attribute to the command window, as shown:
corp.fabrikam.com sa.fabrikam.com
By default, the script in Listing 5.40 works only if your user account is a member of the Domain Admins global group or the Enterprise Admins universal group in the root domain. Both of these groups are granted the right to update attributes in the partitions container.
The script in Listing 5.41 enumerates the Users container of the na.fabrikam.com root domain and uses the Filter method to limit the enumeration to all user account objects. The script then echoes the value of the primaryGroupID attribute and all entries in the memberOf attribute to the command window. For information about the Filter method, see "ADSI Interfaces" later in this chapter.
This statement can be used to catch (or suppress) any run-time error; however, you should use it only if you are testing for and addressing errors that might occur when the script runs. In this case, the script uses the On Error Resume Next statement to catch the ADSI error that is generated if an attribute cannot be found in the local property cache.
If the memberOf attribute is present, the script does not raise the error number corresponding to E_ADS_PROPERTY_NOT_FOUND. Therefore, echo each entry in the arrMemberOf variable to the command window (lines 15 18).
Otherwise, echo a message stating that the memberOf attribute is empty, and clear the error code (lines 19 21).
Listing 5.41 Limiting Container Enumeration to User Accounts by Using the Filter Property
|
|
When this script runs in the na.fabrikam.com root domain, it echoes the primaryGroupID attribute and the entries in the memberOf attribute of user accounts to the command window, as shown in the following abbreviated list:
Administrator is a member of: Primary Group ID: 513 CN=Group Policy Creator Owners,CN=Users,DC=na,DC=fabrikam,DC=com CN=Domain Admins,CN=Users,DC=na,DC=fabrikam,DC=com CN=Print Operators,CN=Builtin,DC=na,DC=fabrikam,DC=com CN=Administrators,CN=Builtin,DC=na,DC=fabrikam,DC=com FABRIKAM$ is a member of: Primary Group ID: 513 memberOf attribute is not set Guest is a member of: Primary Group ID: 514 CN=Guests,CN=Builtin,DC=na,DC=fabrikam,DC=com ...
Send us your feedback | « Previous | Next » |