Hack 22 Display Active Directory Information
| < Day Day Up > |
| Here are five sample scripts that can be used to display information about computers, domains, sites, and trusts in Active Directory . Scripts are a quick way to drill down into Active Directory to display information you'd otherwise have to hunt for using the GUI. These five sample scripts can be used by themselves or as starting points for developing more sophisticated scripts. Just type them into Notepad (with Word Wrap turned off) and save them with a .vbs extension. Then, type cscript.exe scriptname .vbs to run them from a command prompt. Enjoy! List All Computers in the DomainThe following VBScript retrieves a list of all computers in a given domain (or Active Directory container). Modify the Domain to your company's NT/2000 domain name or Active Directory container, and the list of registered computers will display: Dim Container Dim ContainerName Dim Computer ContainerName = " Domain " Set Container = GetObject("WinNT://" & ContainerName) Container.Filter = Array("Computer") For Each Computer in Container Response.Write Computer.Name & "<BR>" Next Get a List of All DomainsThis VBScript enumerates and lists all domains: Dim NameSpace Dim Domain Set NameSpace = GetObject("WinNT:") For Each Domain in NameSpace Response.Write Domain.Name & "<BR>" Next Get AD SiteThis VBScript retrieves the name of the site to which the computer is assigned: Set WshShell = Wscript.CreateObject("Wscript.Shell") On Error Resume Next Site = "Not Assigned" Site = WshShell.RegRead( "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\" & _ "Services\Netlogon\Parameters\SiteName" ) If Err.Number=-2147024894 Then Site = WshShell.RegRead( "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\" & _ "Services\Netlogon\Parameters\DynamicSiteName" ) End If If Site = "Not Assigned" Then WScript.Echo "This computer is not assigned to an Active Directory site." Else WScript.Echo "This computer is assigned to Active Directory site: " & site End If Find a DC in a SiteUse this VBScript to verify that a specific domain controller (DC) exists in a site. Just replace the items in double quotes in the first two lines with your values: strDcName = " DCName " strSiteName = " SiteName " Set objADSysInfo = CreateObject("ADSystemInfo") strDcSiteName = objADSysInfo.GetDCSiteName(strDcName) If UCase(strSiteName) = UCase(strDcSiteName) Then WScript.Echo "TRUE: " & strDcName & " is in site " & strSiteName Else WScript.Echo "FALSE: " & strDcName & " is NOT in site " & strSiteName End If List Trust RelationshipsUse this script to enumerate the trust relationships for your domain and display the results: strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate}!\" & _ strComputer & "\root\MicrosoftActiveDirectory") Set colTrustList = objWMIService.ExecQuery _ ("Select * from Microsoft_DomainTrustStatus") For each objTrust in colTrustList Wscript.Echo objTrust.TrustedDomain Wscript.Echo objTrust.TrustDirection Wscript.Echo objTrust.TrustType Wscript.Echo objTrust.TrustAttributes Wscript.Echo objTrust.TrustedDCName Wscript.Echo objTrust.TrustStatus Wscript.Echo objTrust.TrustIsOK Next Rod Trent |
| < Day Day Up > |
