Locating Computer Accounts Based on Their Attributes

Microsoft® Windows® 2000 Scripting Guide

microsoft windows 2000 scripting guide

« Previous | Next »   

There are times when you need a list of specific computer accounts rather than a list of all the computer accounts in Active Directory. For example, you might want a list of all the computers located in a particular building, all the computers running a specific version of the Windows operating system, or all the computers whose computer accounts have been created in the past 30 days.

To obtain such a list, you can use a filtered search. Because each computer account has a number of attributes associated with it, you can create a search that returns only the computer accounts for which specific attributes meet specific criteria.

For example, the Department property is an attribute of the computer account. To return a list of all the computers that belong to a specific department, you can create a query that limits data retrieval only to those accounts for which the attribute value is equal to a specific value (for example, Department = "Finance"). For a list of attributes to use for searching, see Table 9.1.

Note

  • Most computer account attributes, such as Department, are optional and do not require values to be specified at the time the computer account is created. However, in order for you to be able to search by using a specific attribute, the desired accounts must have a value for that attribute. If you do not require administrators to specify the department when creating a computer account, you will have no way to search for computers based on the Department attribute. To avoid this problem, you can design a script that creates an account only if a complete set of values is assigned to the attributes.

Scripting Steps

Listing 9.11 contains a script that locates computers based on computer account attributes. To carry out this task, the script must perform the following steps:

  1. Create a constant named ADS_SCOPE_SUBTREE and set the value to 2.

    This constant is used to specify a search that begins in the Active Directory root and then proceeds to search all the child containers as well.

  2. Create an instance of the Active Directory connection object (ADODB.Connection).
  3. Create an instance of the Active Directory command object (ADODB.Command).

    The command object allows you to issue queries and other database commands through the Active Directory connection.

  4. Set the Provider property of the connection object to the Active Directory provider (ADsDSOObject), the OLE database provider for ADSI.
  5. Set the active connection to the Active Directory connection.
  6. Set the command text for the Active Directory command object to the SQL query that retrieves all the computers from fabrikam.com.

    To limit the number of computers retrieved, an additional clause is included that limits the search to computers that have a value of 5.0 (2195) for their operatingSystemVersion attributes. This is the version number for Windows 2000.

  7. Specify values for page size, time-out, search scope, and caching.

    Although optional, this step can improve the performance of your script in a domain with thousands of computer accounts.

  8. Execute the SQL query.

    This query returns a collection of all the computers in Active Directory with an operating system of version 5.0 (2195).

  9. When the set of computers is returned, use the MoveFirst method to move to the first computer in the recordset.
  10. For each computer in the recordset, echo the computer name and location.

Listing 9.11   Locating Computers Based on Computer Account Attributes

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 
Const ADS_SCOPE_SUBTREE = 2 Set objConnection = CreateObject("ADODB.Connection") Set objCommand =   CreateObject("ADODB.Command") objConnection.Provider = "ADsDSOObject" objConnection.Open "Active Directory Provider" Set objCommand.ActiveConnection = objConnection objCommand.CommandText = _     "SELECT Name, Location, operatingSystemVersion FROM " _         & "'LDAP://DC=fabrikam,DC=com' WHERE objectClass='computer' " _             & "and operatingSystemVersion = '5.0 (2195)'" objCommand.Properties("Page Size") = 1000 objCommand.Properties("Timeout") = 30 objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE objCommand.Properties("Cache Results") = False Set objRecordSet = objCommand.Execute objRecordSet.MoveFirst Do Until objRecordSet.EOF     Wscript.Echo "Computer Name: " & objRecordSet.Fields("Name").Value     Wscript.Echo "Location: " & objRecordSet.Fields("Location").Value     objRecordSet.MoveNext Loop

send us your feedback Send us your feedback « Previous | Next »   


Microsoft Windows 2000 Scripting Guide(c) Automating System Administration 2003
Microsoft Windows 2000 Scripting Guide(c) Automating System Administration 2003
ISBN: N/A
EAN: N/A
Year: 2004
Pages: 635

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net