0

Active Directory: VBscript to enumerate the Outlook details of all enabled users in your company

Posted February 23rd, 2010 in outlook by dirk adamsky

Ok today it is modification day.
This script is a modification of the previous outlook details script.
The modification is in the filter at line number 25: the filter attribute userAccountControl with value 512 is added. A value of 512 stands for an enabled user. When you want to reverse the output to all disabled users change the value of userAccountControl to 514.

Follow the next steps to run the script (no admin rights needed):

* open your favorite text editor
* copy and paste the script into the editor
* save the script (for example c:tempoutlookdetails-enabled-users.vbs)
* open a command prompt
* go to “c:temp”
* give “cscript outlookdetails-enabled-users.vbs” (without quotes) and enter

The script:

' Name : outlookdetails-enabled-users.vbs
' Description : script to enumerate the Outlook details of all enabled users in your company
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 23-02-2010
' Level : intermediate

Option Explicit
Dim adoCommand, adoConnection, strBase, strFilter, strAttributes
Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strUserDN, objUser, protocolSettings, strUser

' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection

' Search entire Active Directory domain.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"

' Filter on user objects.
strFilter = "(&(objectCategory=person)(objectClass=user)(userAccountControl=512))"

' Comma delimited list of attribute values to retrieve.
strAttributes = "mail,givenname,initials,sn,displayname,mailNickname,postalAddress,title,company,l,department,
st,streetAddress,postalCode,co,telephoneNumber,mobile,info,physicalDeliveryOfficeName"

' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

' Run the query.
Set adoRecordset = adoCommand.Execute

' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
    If adoRecordset.Fields("mail").Value <> "" Then
        If Left(adoRecordset.Fields("mail").Value, 13) <> "SystemMailbox" Then
            wscript.echo adoRecordset.Fields("mail").Value &_
            ";" & adoRecordset.Fields("givenname").Value &_
            ";" & adoRecordset.Fields("initials").Value &_
            ";" & adoRecordset.Fields("sn").Value &_
            ";" & adoRecordset.Fields("displayname").Value &_
            ";" & adoRecordset.Fields("mailNickname").Value &_
            ";" & adoRecordset.Fields("postalAddress").Value &_
            ";" & adoRecordset.Fields("title").Value &_
            ";" & adoRecordset.Fields("company").Value &_
            ";" & adoRecordset.Fields("l").Value &_
            ";" & adoRecordset.Fields("department").Value &_
            ";" & adoRecordset.Fields("st").Value &_
            ";" & adoRecordset.Fields("streetAddress").Value &_
            ";" & adoRecordset.Fields("postalCode").Value &_
            ";" & adoRecordset.Fields("co").Value &_
            ";" & adoRecordset.Fields("physicalDeliveryOfficeName").Value &_
            ";" & adoRecordset.Fields("telephoneNumber").Value &_
            ";" & adoRecordset.Fields("mobile").Value &_
            ";" & adoRecordset.Fields("info").Value
		End If
	End If
	'Move to the next record in the recordset.
    adoRecordset.MoveNext
Loop
' Clean up.
adoRecordset.Close
adoConnection.Close

Set adoRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing

When you have problems/questions please post a reply.

Happy scripting.

Best regards,

Dirk Adamsky – Deludi BV

[adrotate group="2"]

1

Active Directory: VBScript to disable all user objects in an OU

Posted January 20th, 2010 in active directory, ou by dirk adamsky

For some AD accounts (resource mailboxes) it is not necessary to login.
It is a good idea to keep those accounts in a seperate OU.
This script disables all user objects in a given OU.
That way the resource mailbox will still function, only the AD account of this mailbox is no longer permitted to do logins.
For optimal security the script can be run daily (windows scheduler).

Follow the next steps to run the script (admin rights needed):

  • open your favorite text editor
  • copy and paste the script into the editor
  • change the OU path to your specific situation
  • save the script (for example c:tempdisableloginresourcemailboxes.vbs)
  • open a command prompt with administrative rights
  • go to “c:temp”
  • give “cscript disableloginresourcemailboxes.vbs” (without quotes) and enter

The script:

' Name : disableloginresourcemailboxes.vbs
' Description : script to disable all user objects in an OU
' Author : dirk adamsky - deludi bv
' Version : 1.00
' Date : 20-01-2010

Set objOU = GetObject("LDAP://OU=TestOU,DC=test,DC=org")
For Each objUser In objOU
	If objUser.class="user" then
		objUser.AccountDisabled = True
		objUser.SetInfo
	End if
Next
Set objOU = Nothing

Popular articles

Tags

active directory adsi alive attribute command prompt computer cscript disable disabled distribution group email enumerate excel exchange files filesystem object filter folder groups homedirectory hp microserver lastlogon lastlogontimestamp list mail mailbox memberOf members memberships n36l nested group number ou ping recursion server smtp address status subfolders user vb vbs vbscript vmware esxi wmi

Categories

Recent Comments