Recipe 6.30 Viewing a User s Managed Objects | Active Directory Cookbook, 3rd Edition

Recipe 6.30 Viewing a User's Managed Objects

6.30.1 Problem

You want to view the objects owned by a user.

6.30.2 Solution

6.30.2.1 Using a graphical user interface

Open ADSI Edit.
If an entry for the naming context you want to browse is not already displayed, do the following:
Right-click on ADSI Edit in the right pane and click Connect to.
Fill in the information for the naming context, container, or OU you want to add an object to. Click on the Advanced button if you need to enter alternate credentials.
In the left pane, browse to the naming context, container, or OU the object you want to view. Once you've found the object, right-click on it and select Properties.
View the managedObjects attribute.

6.30.2.2 Using a command-line interface

> enumprop /ATTR:managedObjects "LDAP://<UserDN>"

6.30.2.3 Using VBScript

' This code displays the managed objects for a user ' ------ SCRIPT CONFIGURATION ------ strUserDN = "<UserDN>"  ' e.g. cn=jsmith,cn=Users,dc=rallencorp,dc=com ' ------ END CONFIGURATION --------- on error resume next set objUser = GetObject("LDAP://" & strUserDN) Wscript.Echo objUser.Get("cn") & "'s Managed Objects:" colObjects =  objUser.GetEx("managedObjects") if Err.Number = -2147463155 then    Wscript.Echo " none" else    for each strObjectDN in colObjects       Wscript.Echo " " & strObjectDN    next end if

6.30.3 Discussion

The managedObjects attribute is linked to the managedBy attribute that can be set on certain objects in Active Directory like computers and groups. Setting the managedBy attribute provides a quick and dirty way to define who owns an object. If you do use it, you can use the managedObjects attribute on user objects to get the list of objects the user has been configured in the managedBy attribute for.