Immediate Solutions

Managing Computer Accounts with the NET Command

The built-in NET.EXE command allows you to manage computer accounts from the command line on any domain controller. The basic syntax of the NET command to add computer accounts is:

 NET COMPUTER \  compname  /  commands  

Here, compname is the computer account to manage, and the available commands are:

• /ADD ”Adds a computer account to the domain

• /DELETE ” Removes a computer account from the domain

Managing Computer Accounts with the NETDOM Utility

NETDOM is a Windows 2000 Resource Kit Utility/Windows XP Support Tool used to manage computer accounts from the command line. The basic syntax of NETDOM is:

 NETDOM MEMBER \\  computer  /D:  domain  /U:  domain  \  user  /P:  password  /commands 

Here, computer is the computer account to manage; password is the password of the domain\user account with privileges to manage computer accounts on the specified domain ; and the available commands are as follows :

• /ADD ”Adds a computer account to the domain

• /DELETE ”Removes a computer account from the domain

• /JOINDOMAIN ”Joins the computer to the domain

• /QUERY ”Retrieves information on an existing computer account

To connect to the domain and add a computer account, you would enter:

 NETDOM MEMBER \\  computer  /D:  domain  /U:  domain  \  user  /P:  password  /JOINDOMAIN NETDOM MEMBER \\  computer  /D:  domain  /U:  domain  \  user  /P:  password  /ADD 

To connect to the domain and remove a computer account, you would enter:

 NETDOM MEMBER \\  computer  /D:  domain  /U:  domain  \  user  /P:  password  /JOINDOMAIN NETDOM MEMBER \\  computer  /D:  domain  /U:  domain  \  user  /P:  password  /DELETE 

Managing Computer Accounts with the NET Command

One of the most unused command-line utilities to manage user accounts is the NET command. The basic syntax of the NET command to manage user accounts is:

 NET USER  USERNAME PASSWORD  /  commands  

Here, username is the user account to manage; password is either the password of the account or an asterisk (*) to be prompted for a password; and the available commands are as follows:

• /ACTIVE: X ”Controls the activation of an account where X is YES or NO.

• /ADD ”Adds a user account.

• /DELETE ”Removes a user account.

• /DOMAIN ”Creates the account in the currently active domain.

• /COMMENT : " X " ”Sets the account description where X is the comment.

• /COUNTRYCODE: X ”Sets the account's country code.

• /USERCOMMENT: " X " ”Sets the user comment where X is the comment.

• / EXPIRES : X ”Sets the expiration date of the account where X is either NEVER or a date in the format of MM/DD/YY. This format may differ depending on your country code.

• / FULLNAME : " X " ”Sets the full account name where X is the name.

• /HOMEDIR: X ”Sets the home directory where X is the path .

• /PASSWORDCHG: X ”Controls the user's ability to change the password where X is YES or NO .

• /PASSWORDREQ: X ”Sets whether a password is required where X is YES or NO .

• /PROFILEPATH: X ”Sets the profile directory where X is the path.

• /SCRIPTPATH: X ”Sets the logon script directory where X is the path.

• / TIMES: X ”Sets the hours a user may log on where X is either ALL or days and times separated by commas.

Here is an example showing how to add an account using the NET command:

 NET USER "Tyler" TEMPPASSWORD /ADD /COMMENT:"Project Account" /ACTIVE:NO /EXPIRES:12/31/03 /FULLNAME:"Tyler Durden" /HOMEDIR:C:\ /PASSWORDCHG:NO /PASSWORDREQ:YES /PROFILEPATH:C:\PROFILES\TD /USERCOMMENT:"Corporate Sponsor" /WORKSTATIONS:STATION1 /SCRIPTPATH:SOMEWHERE\OUTTHERE /TIMES:MONDAY-THURSDAY,8AM-5PM 

Managing Computer Accounts with the ADDUSERS Utility

ADDUSERS.EXE is a Windows 2000 resource kit utility to manage user accounts from the command line. This utility reads command-delimited text files and can create or delete user accounts. The basic syntax of ADDUSERS to manage user accounts is:

 ADDUSERS \  computer commands file  

Here, computer is the computer account to manage; file is the name of the comma-delimited text file to use; and the available commands are as follows:

• /C ”Creates user accounts or groups specified in the file

• /D ”Dumps the user account or group information to the file

• /E ”Deletes user account specified in the file

• /P: X ”If combined with /C , specifies the creating parameters where X is:

  • C ”User cannot change password

  • D ”Account disabled

  • E ”Password never expires

  • L ”Do not change password at next logon

The basic syntax of the comma-delimited file is:

 [User]  UserName  ,  FullName  ,  Password  ,  Comment  ,  Home  ,  Profile  ,  Script  , 

Here, Comment is the account description; Home is the path to the user home directory; Profile is the path to the user's profile; Script is the name of the logon script to use; and UserNames are the user names (separated by commas) to add to the groups.

The following example adds a user called JFROST to the computer BOB:

 ADDUSERS \BOB/C  file  

Here, file is the full path and file name of a text file that contains the following:

 [User]  JFROST,Jack E. Frost,Password,Project Manager,\SERVER\HOME\ JFROST,\SERVER\PROFILE\JFROST,LOGON.KIX,  

Managing User Accounts with the CURSMGR Utility

CURSMGR.EXE is a Windows 2000 resource kit utility to modify current account or group properties. This utility supports many switches, all of which are case-sensitive. The basic syntax of CURSMGR is:

 CURSMGR -u  username  -m \  computer commands  

Here, username is the user account to manage; computer is the computer name on which to perform management; and the available commands are as follows:

• -C ”Sets user comment

• -D ”Deletes a user account

• -F ”Sets user full name

• -h ”Sets the path to the user's home directory

• -H ”Sets the drive letter to map the user's home directory

• -n ”Sets the path to the logon script's directory

• -p ”Sets a random password

• -P ”Sets the password to Password

• +-S ”Use the +S or -S to set or reset the following properties

  • AccountLockout ”Locks/unlocks a user account

  • MustChangePassword ”Sets/resets the User Must Change Password At Next Logon option

  • CanNotChangePassword ”Sets/resets the User Cannot Change Password option

  • PasswordNeverExpires ”Sets/resets the Password Never Expires option

  • AccountDisabled ”Disables/enables an account

  • RASUser ”Enables/disables remote access dial-in

• -U ”Sets the path to the user's profile directory

Here is an example of how to modify a user account:

 CUSRMGR -u  name  -m \\  computer  -h \\  server  \  homeshare  -f "  fullname  " -c "  description  " -H Q 

Here, name is the user name; computer is the system that holds the account; \\server\homeshare is where the user's home directory resides; fullname is the user's fullname; and description is the account description.

Managing Groups with the NET Command

The built-in NET.EXE command allows you to manage local and global groups from the command line. The basic syntax of the NET command to manage global groups is:

 NET  type name commands  

Here, type is the keyword GROUP for global or LOCALGROUP for local group management; name is the group to manage, and the available commands are as follows:

• /ADD ”Adds user accounts to the specified group where multiple user accounts are separated by spaces

• /COMMENT: " X " ”Sets the group comment

• /DELETE ”Deletes a group or removes the user account from the specified group

• /DOMAIN ”Performs the operation on the primary domain controller

• username ”Specifies a user account to add or remove from the group

Managing Groups with the ADDUSERS Utility

Earlier in this chapter, you learned how to use the resource kit utility ADDUSERS.EXE to manage user accounts from the command line. This utility can also be used to add groups and group members from the command line. The basic syntax of ADDUSERS to add groups is:

 ADDUSERS \  computer  /C  file  

Here, computer is the computer account to manage, and file is the name of the comma-delimited text file to use. The basic syntax of the comma-delimited file is:

 [Global] Name,Comment,UserNames, [Local] Name,Comment,UserNames, 

Here, the [GLOBAL] sections add global groups; name is the name of the group to add; comment is the group description; and usernames are the users, separated by commas, to add to the group.

Managing Groups with the USRTOGRP Utility

USRTOGRP.EXE is an NT resource kit utility to add user accounts to groups from the command line. The basic syntax of the USRTOGRP utility is:

 USRTOGRP file 

Here, file is a text file with the following format:

 DOMAIN:  computer grouptype  :  group users  

Here, computer is the name of the system or domain that contains the specified group; grouptype specifies the group type as either LOCALGROUP or GLOBALGROUP ; group is the name of the group; and users are the usernames, separated by spaces, to add to the group.

Here is a quick example to add two users to the Domain Admins group in the PROJECT domain:

 USRTOGRP  file  

Here, file is the full path and file name of a text file that contains the following:

 DOMAIN: PROJECT GLOBALGROUP: Domain Admins JACK TYLER 

Listing Shares

To list shares using ADSI, proceed as follows:

1. Create a new directory to store all files included in this example.

2. Download and install the latest version of ADSI and Windows Script Host, from http://www.microsoft.com, to the new directory.

3. Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next  Set  DomObj  = GetObject("WinNT://  Domain  /  Computer  /lanmanserver, FileService")  For each  Share  in  DomObj   List  =  List  &  Share  .Name & VBlF Next Wscript.echo  List  

Here, domain is the name of the domain, and computer is the computer name containing the shares to list.

Creating a Share

To create a share using ADSI, proceed as follows:

1. Create a new directory to store all files included in this example.

2. Download and install the latest version of ADSI and Windows Script Host, from http://www.microsoft.com, to the new directory.

3. Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next  Set  DomObj  = GetObject("WinNT://  Domain  /  Computer  / lanmanserver")  Set  Share  =  DomObj  .Create("fileshare", "  ShareName  ")  Share  .Path = "  SharePath  "  Share  .Description = "  ShareDescribe  "  Share  .MaxUserCount =  maxnum Share  .SetInfo 

Here, domain is the name of the domain; computer is the computer name on which you want to create shares; sharename is the name of the share to create; sharepath is the path to the new share; sharedescribe is the share comment; and maxnum is the maximum number of simultaneous connections to the share.

Deleting a Share

To delete a share using ADSI, proceed as follows:

1. Create a new directory to store all files included in this example.

2. Download and install the latest version of ADSI and Windows Script Host, from http://www.microsoft.com, to the new directory.

3. Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next Set  DomObj  = GetObject("WinNT://  Domain  /  Computer  /lanmanserver")  DomObj  .Delete "fileshare", "  ShareName  " 

Here, domain is the name of the domain; computer is the computer name on which you want to create shares; and sharename is the name of the share to delete.

Listing Computer Accounts

To list computer accounts using ADSI, proceed as follows:

1. Create a new directory to store all files included in this example.

2. Download and install the latest version of ADSI and Windows Script Host, from http://www.microsoft.com, to the new directory.

3. Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next Set  DomObj  = GetObject("WinNT://" &  Domain  )  DomObj  .Filter = Array("computer") For Each  Computer  In  DomObj  wscript.echo  Computer  .name Next 

Here, domain is the name of the domain to query.

Creating a Computer Account

To create a computer account using ADSI, proceed as follows:

1. Create a new directory to store all files included in this example.

2. Download and install the latest version of ADSI and Windows Script Host, from http://www.microsoft.com, to the new directory.

3. Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next Set  DomObj  = GetObject("WinNT://  Domain  ") Set  Computer  =  DomObj  .Create("Computer", "  name  ")  Computer  .SetInfo 

Here, domain is the name of the domain, and name is the computer name to assign to the computer account.

Deleting a Computer Account

To delete a computer account, proceed as follows:

1. Create a new directory to store all files included in this example.

2. Download and install the latest version of ADSI and Windows Script Host, from http://www.microsoft.com, to the new directory.

3. Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next Set  DomObj  = GetObject("WinNT://  Domain  ")  DomObj  .Delete "Computer", "  name  " 

Here, domain is the name of the domain, and name is the name of the computer account to delete.

Setting a User's Domain Password

To set a user's domain password using ADSI, proceed as follows:

1. Create a new directory to store all files included in this example.

2. Download and install the latest version of ADSI and Windows Script Host, from http://www.microsoft.com, to the new directory.

3. Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next Set  DomObj  = GetObject("WinNT://  Domain  /  Name  ,user")  DomObj  .SetPassword "  pswd  " 

Here, domain is the name of the domain; name is the user account to modify; and pswd is the new password to assign.

Changing the Local Administrator Password

A common administrative task is to change the local administrator password on a system. To change the local administrator password using ADSI, proceed as follows:

1. Create a new directory to store all files included in this example.

2. Download and install the latest version of ADSI and Windows Script Host, from http://www.microsoft.com, to the new directory.

3. Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next  Set  DomObj  = GetObject("WinNT://  Domain  /  Computer  /  Administrator  ,user")   DomObj  .SetPassword "  pswd  " 

Here, domain is the name of the domain; computer is the computer containing the local administrator account; Administrator is the name of the local administrator account; and pswd is the new password to assign.

Listing User Accounts

To list user accounts using ADSI, proceed as follows:

1. Create a new directory to store all files included in this example.

2. Download and install the latest version of ADSI and Windows Script Host, from http://www.microsoft.com, to the new directory.

3. Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next Set  DomObj  = GetObject("WinNT://" &  Domain  )  DomObj  .Filter = Array("user") For Each  User  In  DomObj  wscript.echo  User  .name Next 

Here, domain is the name of the domain to query.

Creating a User Account

To create a user account using ADSI, proceed as follows:

1. Create a new directory to store all files included in this example.

2. Download and install the latest version of ADSI and Windows Script Host, from http://www.microsoft.com, to the new directory.

3. Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next Set  DomObj  = GetObject("WinNT://  Domain  ") Set  User  =  DomObj  .Create("User", "  Name  ")   User  .SetPassword("  pswd  ")   User  .FullName = "  fullname  "  User  .HomeDirectory = "  homedir  "  User  .Profile = "  profiledir  "  User  .LoginScript = "  script  "  User  .Description = "  describe  "  User  .SetInfo 

Here, domain is the name of the domain; name is the name of the user account to create; pswd is the password to assign to the new account; fullname is the user's full name; homedir is the path of the user's home directory; profiledir is the path of the user's profile; script is the name of the logon script; and describe is the user description.

Deleting a User Account

To delete a user account using ADSI, proceed as follows:

1. Create a new directory to store all files included in this example.

2. Download and install the latest version of ADSI and Windows Script Host, from http://www.microsoft.com, to the new directory.

3. Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next Set  DomObj  = GetObject("WinNT://  Domain  ")  DomObj  .Delete "User", "  name  " 

Here, domain is the name of the domain, and name is the name of the user account to delete.

Unlocking a User Account

To unlock a user account using ADSI, proceed as follows:

1. Create a new directory to store all files included in this example.

2. Download and install the latest version of ADSI and Windows Script Host, from http://www.microsoft.com, to the new directory.

3. Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next Set  User  = GetObject("WinNT://  Domain  /  Name  ,User")  User  .Put "UserFlags", User.Get("UserFlags") - 16  User  .SetInfo 

Here, domain is the name of the domain, and name is the name of the user account to unlock.

Disabling a User Account

To disable an active user account using ADSI, proceed as follows:

1. Create a new directory to store all files included in this example.

2. Download and install the latest version of ADSI and Windows Script Host, from http://www.microsoft.com, to the new directory.

3. Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next Set  User  = GetObject("WinNT://  Domain  /  Name  ,User") If  User  .AccountDisabled = "False" Then  User  .Put "UserFlags", User.Get("UserFlags") + 2  User  .SetInfo End If 

Here, domain is the name of the domain, and name is the name of the user account to unlock.

Listing a User's Groups

To list the groups a user belongs to using ADSI, proceed as follows:

1. Create a new directory to store all files included in this example.

2. Download and install the latest version of ADSI and Windows Script Host, from http://www.microsoft.com, to the new directory.

3. Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next Set User = GetObject("WinNT://" &  Domain  & "/" &  Name  & ",user") For Each  Group  in User.Groups      wscript.echo  Group  .Name Next 

Here, domain is the name of the domain, and name is the name of the user account.

Listing Groups

To list user accounts using ADSI, proceed as follows:

1. Create a new directory to store all files included in this example.

2. Download and install the latest version of ADSI and Windows Script Host, from http://www.microsoft.com, to the new directory.

3. Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next Set  DomObj  = GetObject("WinNT://" &  Domain  )  DomObj  .Filter = Array("group") For Each  User  In  DomObj  wscript.echo  User  .name Next 

Here, domain is the name of the domain to query.

Creating Groups

To create a global group using ADSI, proceed as follows:

1. Create a new directory to store all files included in this example.

2. Download and install the latest version of ADSI and Windows Script Host, from http://www.microsoft.com, to the new directory.

3. Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next Set  DomObj  = GetObject("WinNT://  Domain  ") Set  Group  =  DomObj  .Create("group", "  name  ")   Group  .GroupType = 4   Group  .Description = "  describe  "  Group  .SetInfo 

Here, domain is the name of the domain; name is the name of the group to create; and describe is the group description.

Deleting Groups

To delete a group using ADSI, proceed as follows:

1. Create a new directory to store all files included in this example.

2. Download and install the latest version of ADSI and Windows Script Host, from http://www.microsoft.com, to the new directory.

3. Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next Set  DomObj  = GetObject("WinNT://  Domain  ")  DomObj  .Delete "group", "  name  " 

Here, domain is the name of the domain, and name is the name of the group to delete.

Adding a User Account to a Group

To add a user account to a group using ADSI, proceed as follows:

1. Create a new directory to store all files included in this example.

2. Download and install the latest version of ADSI and Windows Script Host, from http://www.microsoft.com, to the new directory.

3. Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next Set  Group  = GetObject("WinNT://  Gdomain  /  groupname  ,group")  Group  .Add "WinNT://  UDomain  /  useraccount  ,User" 

Here, gdomain is the name of the domain containing the specified groupname , and udomain is the domain containing the useraccount to add to the specified group.

Removing a User Account from a Group

To remove a user account from a group using ADSI, proceed as follows:

1. Create a new directory to store all files included in this example.

2. Download and install the latest version of ADSI and Windows Script Host, from http://www.microsoft.com, to the new directory.

3. Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next Set  Group  = GetObject("WinNT://  gdomain  /  groupname  ,group")  Group  .Remove "WinNT://  udomain  /  useraccount  ,User" 

Here, gdomain is the name of the domain containing the specified groupname , and udomain is the domain containing the useraccount to remove from the specified group.

Listing Groups Members

To list the user accounts that belong to a particular group using ADSI, proceed as follows:

1. Create a new directory to store all files included in this example.

2. Download and install the latest version of ADSI and Windows Script Host, from http://www.microsoft.com, to the new directory.

3. Select StartRun and enter "cscript scriptfile .vbs."

Here, scriptfile is the full path and file name of a script file that contains the following:

 On Error Resume Next Set  DomObj  = GetObject("WinNT://" &  Domain  & "/" &  Group  ) For Each  User  In  DomObj  .Members      wscript.echo  User  .name Next 

Here, domain is the name of the domain and group is the name of the group.

Managing Windows 2000/2003 through LDAP

Most of the previous ADSI examples merely need the binding statement changed in order to convert a WinNT provider script to an LDAP provider script. This section will illustrate a few of the changes you need to make to use these scripts in a Windows 2000/2003 domain.

 On Error Resume Next Set  Root  = GetObject("LDAP://RootDSE")  Set  DomObj  = GetObject( "LDAP://" & Root.Get ("defaultNamingContext"))  Set  OU  =  DomObj  .Create("organizationalUnit", "OU=  name  ")  OU  .Description = "  describe  "  OU  .SetInfo 

 On Error Resume Next Set  Root  = GetObject("LDAP://RootDSE")  Set  DomObj  = GetObject( "LDAP://" &  Root  .Get("defaultNamingContext"))   DomObj  .Delete "organizationalUnit", "OU=  name  " 

 On Error Resume Next Set  Root  = GetObject("LDAP://RootDSE")  DomObj  =  Root  .Get("DefaultNamingContext") Set  objConn  = CreateObject("ADODB.Connection")  objConn  .Provider = "ADsDSOObject"  objConn  .Open "Active Directory Provider" Set  objCMD  = CreateObject("ADODB.Command")  objCMD  .ActiveConnection =  objConn    objCMD  .CommandText = "<LDAP://" &  DomObj  & ">;(objectCategory=computer);name;subtree"   objCMD  .Properties("Page Size") = 1000  objCMD  .Properties("Timeout") = 30  objCMD  .Properties("Cache Results") = False Set  objRS  =  objCMD  .Execute  objRS  .MoveFirst While Not  objRS  .EOF     wscript.echo objRS.Fields("name")     objRS.MoveNext Wend 

 On Error Resume Next Set  Root  = GetObject("LDAP://RootDSE")  Set  DomObj  = GetObject( "LDAP://" & Root.Get ("defaultNamingContext"))  Set  Computer  =  DomObj  .Create("computer", "CN=  name  ")  Computer  .samAccountName = "  name  "  Computer  .SetInfo 

 On Error Resume Next Set  Root  = GetObject("LDAP://RootDSE")  Set  DomObj  = GetObject( "LDAP://" & Root.Get ("defaultNamingContext"))  Set  Computer  =  DomObj  .Create("computer", "CN=  name  ")  Computer  .samAccountName = "  name  "  Computer  .SetInfo 

 On Error Resume Next Set  Root  = GetObject("LDAP://RootDSE")  DomObj  =  Root  .Get("DefaultNamingContext") Set  objCon  n = CreateObject("ADODB.Connection")  objConn  .Provider = "ADsDSOObject"  objConn  .Open "Active Directory Provider" Set  objCMD  = CreateObject("ADODB.Command")  objCMD  .ActiveConnection = objConn   objCMD  .CommandText = "<LDAP://" &  DomObj  & ">; (&(objectClass=user)(objectCategory=person));name;subtree"   objCMD  .Properties("Page Size") = 1000  objCMD  .Properties("Timeout") = 30  objCMD  .Properties("Cache Results") = False Set  objRS  =  objCMD  .Execute  objRS  .MoveFirst While Not  objRS  .EOF     wscript.echo  objRS  .Fields("name")  objRS  .MoveNext Wend 

 On Error Resume Next Set  Root  = GetObject("LDAP://RootDSE")  Set  DomObj  = GetObject( "LDAP://" & Root.Get ("defaultNamingContext"))  Set  User  =  DomObj  .Create("user", "CN=  fullname  ")  User  .samAccountName = "  name  "  User  .SetInfo 

 On Error Resume Next Set  Root  = GetObject("LDAP://RootDSE")  Set  DomObj  = GetObject( "LDAP://" & Root.Get ("defaultNamingContext"))   DomObj  .Delete "user", "CN=  name  " 

 On Error Resume Next Set  Root  = GetObject("LDAP://RootDSE")  DomObj  =  Root  .Get("DefaultNamingContext") Set  objConn  = CreateObject("ADODB.Connection")  objConn  .Provider = "ADsDSOObject"  objConn  .Open "Active Directory Provider" Set  objCMD  = CreateObject("ADODB.Command")  objCMD  .ActiveConnection =  objConn    objCMD  .CommandText = "<LDAP://" &  DomObj  & ">;(objectCategory=group);name;subtree"   objCMD  .Properties("Page Size") = 1000  objCMD  .Properties("Timeout") = 30  objCMD  .Properties("Cache Results") = False Set  objRS  =  objCMD  .Execute  objRS  .MoveFirst While Not  objRS  .EOF     wscript.echo  objRS  .Fields("name")  objRS  .MoveNext Wend 

 On Error Resume Next Set  Root  = GetObject("LDAP://RootDSE")  DomObj  = Root.Get("DefaultNamingContext") Set objGroup = GetObject("LDAP://CN=Domain Admins,CN=Users," & _ DomObj) For each objMember in objGroup.Members      Wscript.Echo Replace(objMember.Name,"CN=","") Next