Enumerating All the Computer Accounts in Active Directory

Microsoft® Windows® 2000 Scripting Guide

« Previous | Next »   

All computers running Windows NT, Windows 2000, and Windows XP Professional in a domain must have accounts in Active Directory. Because of this, Active Directory contains a list of all the computers in your organization that run one of these operating systems. Any time you need such a list (perhaps for inventory or planning purposes), you can retrieve this information by using ADSI to enumerate all the computer accounts in Active Directory.

Note

• In large organizations, Active Directory can contain thousands of computer accounts. Any operation that attempts to enumerate all the accounts can take a considerable amount of time to be completed. Because of that, you might want to conduct large searches at a time when user and network activity is low.

Scripting Steps

Listing 9.10 contains a script that enumerates all the computer accounts in Active Directory. To carry out this task, the script must perform the following steps:

1. Create a constant named ADS_SCOPE_SUBTREE and set the value to 2.

   This constant is used to specify a search that begins in the Active Directory root and then proceeds to search all the child containers as well.

2. Create an instance of the Active Directory connection object (ADODB.Connection).
3. Create an instance of the Active Directory command object (ADODB.Command).

   The command object allows you to issue queries and other database commands through the Active Directory connection.

4. Set the Provider property of the connection object to the Active Directory provider (ADsDSOObject), the OLE database provider for ADSI.
5. Set the active connection to the Active Directory connection.
6. Set the command text for the Active Directory command object to the SQL query that retrieves all the computers from fabrikam.com.

   In this script, the SQL query is "Select Name, Location from 'LDAP://DC=fabrikam,DC=com' where objectClass='computer'".

7. Specify values for page size, time-out, search scope, and caching.

   Although this step is optional, it can improve the performance of your script in a domain with thousands of computers.

8. Execute the SQL query.

   This query returns a recordset consisting of all the computer accounts in Active Directory.

9. When the set of computers is returned, use the MoveFirst method to move to the first computer in the recordset.
10. For each computer in the recordset, echo the computer name and location.

Listing 9.10   Enumerating All the Computer Accounts in Active Directory

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 

Const ADS_SCOPE_SUBTREE = 2 Set objConnection = CreateObject("ADODB.Connection") Set objCommand =   CreateObject("ADODB.Command") objConnection.Provider = "ADsDSOObject" objConnection.Open "Active Directory Provider" Set objCommand.ActiveConnection = objConnection objCommand.CommandText = _     "SELECT Name, Location FROM 'LDAP://DC=fabrikam,DC=com' " _         & "WHERE objectClass='computer'" objCommand.Properties("Page Size") = 1000 objCommand.Properties("Timeout") = 30 objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE objCommand.Properties("Cache Results") = False Set objRecordSet = objCommand.Execute objRecordSet.MoveFirst Do Until objRecordSet.EOF     Wscript.Echo "Computer Name: " & objRecordSet.Fields("Name").Value     Wscript.Echo "Location: " & objRecordSet.Fields("Location").Value     objRecordSet.MoveNext Loop

Send us your feedback

« Previous | Next »