Retrieving Arguments from an Active Directory Container

Microsoft® Windows® 2000 Scripting Guide

« Previous | Next »   

Large organizations typically have more than one system administrator. In addition, those administrators generally are not responsible for managing the entire network; instead, they most likely have been delegated control over some subset of the network. For example, Administrator A might be responsible for managing users and computers in the Finance department, while Administrator B might be responsible for managing users and computers in the Human Resources department.

To facilitate system administration, Active Directory is often designed to mimic these management areas. Instead of placing all computer accounts in the Computers container, computer accounts might be put in organizational units (OUs) that correspond to these management areas. Thus all the accounts for computers belonging to the Finance department would be placed in the Finance OU, and all the accounts for computers belonging to the Human Resources department would be placed in the Human Resources OU.

Structuring Active Directory in this fashion not only facilitates system administration but also of benefits script writers. For example, suppose you need to write a script that takes a hardware inventory or checks the service pack version for all the computers under your control. If those computer accounts and only those computer accounts are stored in the same Active Directory container, you do not have to create a text file or database from which to extract computer names. Instead, you can simply bind to the appropriate Active Directory container and retrieve all the computer names from there.

Binding to Active Directory also ensures that you will have the most up-to-date list of computers, without having to do additional work to maintain a text file or database containing computer names.

To retrieve a list of computer names from Active Directory, use Active Directory Service Interfaces (ADSI) and:

1. Bind to the desired container.
2. Set the Filter property to Computers. This ensures that the query will return only computer accounts.
3. Use a For-Each loop to return the common name (CN) of each computer that has an account in the Active Directory container. The returned list might look similar to the following, depending on the common names of the computers:

   atl-dc-01 atl-dc-02 atl-dc-03 atl-dc-04 

Scripting Steps

Listing 17.4 contains a script that retrieves arguments from an Active Directory container. To carry out this task, the script must perform the following steps:

1. Create an instance of the Dictionary object.

   The Dictionary object will be used to store server names as those names are read from Active Directory.

2. Set the counter variable i to 0.

   The counter variable will be used as the key to each element in the Dictionary. The name of the server will be used as the item associated with each key.

3. Bind to the Computers container in Active Directory.

   Because Computers is a container, you must use the syntax CN=Computers. If you were binding to an OU (for example, the Finance OU), you would use the syntax OU=Finance OU.

4. Use the Filter property to limit data retrieval to computer accounts.

   This prevents the script from attempting to run against user accounts or any other noncomputer objects that might be stored in this container.

5. For each computer in the Computers container, use the Add method to add the counter variable i and the common name of the computer to the Dictionary.
6. Increment the value of i.
7. Repeat the process with the next computer in the container.
8. Set the value of the variable strComputer to the value of the first item in the Dictionary (for example, atl-dc-01). The variable strComputer will then represent the name of the first computer that the script must connect to.
9. Use a GetObject call to connect to the WMI namespace root\cimv2 on the remote computer (specified by strComputer), and set the impersonation level to "impersonate."
10. Use the ExecQuery method to query the Win32_Service class.

    This query returns a collection consisting of all the services installed on the computer.

11. For each server the script connects to, echo the server name and the number of installed services (determined by using the Count property).
12. Repeat the process using each server name stored in the Dictionary.

Listing 17.4   Retrieving Arguments from an Active Directory Container

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 

Set objDictionary = CreateObject("Scripting.Dictionary") i = 0 Set objOU = GetObject("LDAP://CN=Computers, DC=fabrikam, DC=com") objOU.Filter = Array("Computer") For Each objComputer in objOU     objDictionary.Add i, objComputer.CN     i = i + 1 Next For Each objItem in objDictionary     StrComputer = objDictionary.Item(objItem)     Set objWMIService = GetObject("winmgmts:" _     & "{impersonationLevel=impersonate}!\\" & strComputer& "\root\cimv2")     Set colServices = objWMIService.ExecQuery _         ("SELECT * FROM Win32_Service")     Wscript.Echo strComputer, colServices.Count Next

Send us your feedback

« Previous | Next »