Searching Active Directory


Sometimes searching Active Directory can prove to be the most efficient way to create a list of users, groups, or computers in the organization for the purposes of administration or inventory. You can search to find a particular attribute value of an object attribute, or you can search to check whether an object already exists before attempting to create a new one. For example, if you're running a script to create several hundred users, you could use a search script to find existing user objects that already have the same logon name. A value could be returned to reference that conflicting account, and the script can run for the remaining users. As an alternative, the error generated when a user already exists could be used as a reference, but you would have to know the exact error code that would result. You can use ADSI to search Active Directory, but for faster searches within a script, you should use the ActiveX Data Object (ADO) interface and object model.

ActiveX Data Objects

ADO is a programming object model that is used to access databases and/or directories from within a script or a Web page. ADO can be used not only to access existing databases records, but also to add new records, delete records, or modify existing records. When you use ADO to search databases or directories, you should format the queries using common structured SQL queries. The particular databases being accessed will determine whether the query needs to be modified from standard SQL code.

Creating a Search Using ADO

ADO can be used to search an entire Active Directory domain or just a particular container object. As mentioned previously, the domain's or container's ADSPath attribute will be used as the root of the search. You will need to specify the data that should be returned and also use a filter for the search. You can use ADO for a variety of directory and database operations and should research ADO documentation. For connecting to Active Directory, use the following commands to call ADO and prepare to make a connection. After you define these connection settings, you can open a connection to the directory and search string and can pass requested directory information to the directory. To create a connection to Active Directory, using the Companyabc.com domain as an example and returning a list of all the computers in the domain, create a script called findpc.vbs using the following code:

Dim DomainDN, ComputerName DomainDN = "dc=companyabc,dc=com" Set oConnection = CreateObject("ADODB.Connection") oConnection.Provider = "ADsDSOObject" oConnection.Open "DS Query" Set oCommand = CreateObject("ADODB.Command") Set oCommand.ActiveConnection = oConnection oCommand.CommandText = "Select cn from 'LDAP://" + DomainDN + "' where objectClass='computer'" Set rsComputers = oCommand.Execute Wscript.echo "This is the list of all the computers in the domain." Do While NOT rsComputers.EOF ComputerName = rsComputers.Fields("cn") Wscript.echo ComputerName rsComputers.MoveNext Loop 


By changing only the domainDN variable value to the distinguished name attribute value of the domain, domain container, or organizational unit, you can modify this script for any Active Directory domain.

The preceding code is a basic ADO search that you can easily modify by changing only the CommandText value. This value defines the container object to bind to, what the search criteria are, and what attribute values of the objects that meet the search criteria should be returned to a variable or, in this case, the console.

Searching Using the Active Directory Users and Computers MMC Snap-in

When it comes to creating a search string, many administrators can become frustrated with the formatting of the query. To help simplify this task, the new and improved Active Directory Users and Computers MMC snap-in for Windows Server 2003 has a new applet called Saved Queries. This tool can be used to create a query for searches that administrators perform on a regular basis or for administrative tasks such as finding every user with a particular City value. To use this function, refer to the help pages associated with the Active Directory Users and Computers snap-in.

Note

The query text that is generated using the Saved Queries applet is not directly portable into an ADO search string. To properly format a search string for ADO, refer to the ADO documentation.





Microsoft Windows Server 2003 Unleashed(c) R2 Edition
Microsoft Windows Server 2003 Unleashed (R2 Edition)
ISBN: 0672328984
EAN: 2147483647
Year: 2006
Pages: 499

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net