Active Directory: VBscript to enumerate all resource mailboxes and mailbox users with fma rights in a specific OU

Posted December 12th, 2012 in mailboxes by dirk adamsky

The script for today enumerates all resource mailboxes in a specific Active Directory OU.
This is not very exiting so I added the resource mailbox rights to the output.
To be more specific: I only added the users with “full mailbox access” or fma on the resource mailbox to the output.
It is very easy to add users with other rights, you can either exchange the fma constant with another right constant or simply add the other rights to the “If objAce.AccessMask =” section.

Follow the next steps to run the script (no admin rights needed):

  • copy and paste the script below into the editor (you can use the icons in the upper rights corner of the code)
  • change the distinguished name of the OU (LDAP://OU=test,DC=test,DC=org) that you want to enumerate into your OU
  • save the script (for example c:\temp\getmailboxrightsresourcemailboxesinou.vbs)
  • open a command prompt
  • go to “c:\temp”
  • give “cscript getmailboxrightsresourcemailboxesinou.vbs” (without quotes) and enter

The script:

' Name : getmailboxrightsresourcemailboxesinou.vbs
' Description : script to enumerate all resource mailboxes and mailbox users with fma rights in a specific OU
' Author : dirk adamsky - deludi bv
' Version : 1.0
' Date : 12-12-2012

Set objOU = GetObject("LDAP://OU=test,DC=test,DC=org")
For Each Mailbox in objOU
WScript.StdOut.Write Mailbox.DisplayName & " ; " & Mailbox.Mail & " ; " & Mailbox.Description
GetUserrightsFromMailbox(Mailbox.adsPath)
WScript.StdOut.WriteBlankLines(1)
Next

Function GetUserrightsFromMailbox(strUser)
Const RIGHT_DS_DELETE = &H10000
Const RIGHT_DS_READ = &H20000
Const RIGHT_DS_CHANGE = &H40000
Const RIGHT_DS_TAKE_OWNERSHIP = &H80000
Const RIGHT_DS_MAILBOX_OWNER = &H1
Const RIGHT_DS_SEND_AS = &H2
Const RIGHT_DS_PRIMARY_OWNER = &H4
Set objUser = getobject(strUser)
Set objSecurityDescriptor = objUser.Get("msExchMailboxSecurityDescriptor")
Set objDacl = objSecurityDescriptor.DiscretionaryAcl
For Each objAce In objDacl
On Error Resume Next
strFullName = ""
If objAce.AceFlags <> 18 Then
If (objAce.Trustee <> "NT AUTHORITY\SELF") And (Left(objAce.Trustee,2) <> "S-")Then
strFullName = GetFullnameFromPreW2Kname(Mid(objAce.Trustee,9))
End If
End If
If strFullName <> "" Then
If objAce.AccessMask = RIGHT_DS_MAILBOX_OWNER Then
WScript.StdOut.Write " ; " & strFullName
End If
End If
Next
Set objDacl = Nothing
Set objSecurityDescriptor = Nothing
Set objUser = Nothing
End Function

Function GetFullnameFromPreW2Kname(strPreW2K)
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"

strFilter = "(sAMAccountName=" &  strPreW2K & ")"
strAttributes = "mail, displayname"

strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

Set adoRecordset = adoCommand.Execute
GetFullnameFromPreW2Kname = adoRecordset.Fields("mail").Value
adoRecordset.Close
adoConnection.Close

Set adoRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing
End Function

When you have a modified version or problems/questions that you want to share please post it at the comments below.

Happy scripting.

Dirk Adamsky

Active Directory: Vbscript to enumerate all Active Directory users sorted by OU

Posted October 5th, 2011 in ou by dirk adamsky

Austin Murtha sent me an email with a script question.
His problem was a script that enumerates users and their OU’s.
I have created the script below to help him.

What the script does:

  1. create a “disconnected recordset” (for the sorting stuff)
  2. get all users from active directory with an ADO query
  3. remove undesired results (if instr…)
  4. add the rest to the disconnected recordset
  5. sort the recordset
  6. output to the screen

Follow the next steps to run the script (no admin rights needed):

  • copy and paste the script below into the editor (you can use the icons in the upper rights corner of the code)
  • save the script (for example c:\temp\usersinou.vbs)
  • open a command prompt
  • go to “c:\temp”
  • give “cscript usersinou.vbs” (without quotes) and enter

The script:

' Name : usersinou.vbs
' Description : script to enumerate all Active Directory users sorted by OU
' Author : dirk adamsky - deludi bv
' Version : 1.0
' Date : 05-10-2011

Set DataList = CreateObject("ADOR.Recordset")
DataList.Fields.Append "Name", 200, 255
DataList.Fields.Append "OU", 200, 255
DataList.Open

Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection

Set objRootDSE = GetObject("LDAP://RootDSE")
strBase = ""
strFilter = "(&(objectCategory=person)(objectClass=user))"
strAttributes = "name,distinguishedname"

strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False

Set adoRecordset = adoCommand.Execute

Do Until adoRecordset.EOF
	If Instr(adoRecordset.Fields("distinguishedname").Value,"OU=") > 1 Then
		DataList.AddNew
		DataList("Name") = adoRecordset.Fields("name").Value
		DataList("OU") = Mid(adoRecordset.Fields("distinguishedname").Value, Instr(adoRecordset.Fields("distinguishedname").Value,"OU="))
		Datalist.Update
	End If
	adoRecordset.MoveNext
Loop

adoRecordset.Close
adoConnection.Close

Set adoRecordset = Nothing
Set objRootDSE = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing

DataList.Sort = "OU DESC"
DataList.MoveFirst

Do Until DataList.EOF
     Wscript.Echo DataList.Fields.Item("OU") & " ; " & DataList.Fields.Item("Name")
     DataList.MoveNext
Loop

Datalist.Close
Set DataList = Nothing

When you have a modified version or problems/questions that you want to share please post it at the comments below.

Happy scripting.

Dirk Adamsky

Active Directory: VBscript to enumerate nested Active Directory groups from an Excel sheet

Posted October 4th, 2011 in groups by dirk adamsky

Haven’t done much scripting lately…..
The script for today is made for Ananth Kumar.
He asked me to make an extension to the “enumerate nested groups script” so that multiple nested groups can be enumerated based on an input file.
I did choose Excel for the input file so that i could reuse previous code.

Follow the next steps to run the script (no admin rights needed):

  • find the distinguished names of the nested groups (adsiedit.msc)
  • put them in an Excel sheet in the first column ans save the sheet as c:\temp\groups.xls
  • open your favorite text editor
  • copy and paste the script below into the editor (you can use the icons in the upper rights corner of the code)
  • save the script (for example c:\temp\enumeratenestedgroupsfromexcelsheet.vbs)
  • open a command prompt
  • go to “c:\temp”
  • give “cscript enumeratenestedgroupsfromexcelsheet.vbs” (without quotes) and enter

The script:

' Name : enumeratenestedgroupsfromexcelsheet.vbs
' Description : script to enumerate nested Active Directory groups from an Excel sheet
' Author : dirk adamsky - deludi bv
' Version : 1.0
' Date : 04-10-2011

Set objExcel = CreateObject("Excel.Application")
Set objWorkbook = objExcel.Workbooks.Open("C:\temp\groups.xls")
intRow = 2
Do Until objExcel.Cells(intRow,1).Value = ""
strGroupDN = objExcel.Cells(intRow, 1).Value
If strGroupDN <> "" Then
wscript.echo strGroupDN
EnumNestedgroup "LDAP://" & strGroupDN
End If
intRow = intRow + 1
Loop
objExcel.Quit
Set objWorkbook = Nothing
Set objExcel = Nothing

Function EnumNestedgroup(strGroupDN)
Set objGroup = GetObject(strGroupDN)
For Each objMember in objGroup.Members
If (LCase(objMember.Class) = "group") Then
EnumNestedgroup objMember.AdsPath
Else
Wscript.Echo objGroup.cn & " ; " & objMember.DisplayName & " ; " & objMember.Mail
End If
Next
Set objGroup = Nothing
End Function

When you have a modified version or problems/questions that you want to share please post it at the comments below.

Happy scripting.

Dirk Adamsky

VBscript to enumerate the home directories and their sizes of all users in Active Directory V2

Posted July 14th, 2011 in home directories by dirk adamsky

This is a better version of my previous script to enumerate the home directory sizes of all active directory users. The problem with the previous one was that some home directory sizes were not calculated because the Filesystem object had difficulties with long pathnames.
I did a search for a WMI based solution but unfortunately i could not find one.
To shorten the UNC path i decided to create a drive mapping with the Wscript Network object.
It’s a bit of a “funky solution” but it works.

Follow the next steps to run the script (admin rights needed for access to the home directories):

* open your favorite text editor
* copy and paste the script into the editor
* save the script (for example c:\temp\homedirectorysizev2.vbs)
* open a command prompt
* go to “c:\temp”
* give “cscript homedirectorysizev2.vbs” (without quotes) and enter

Notes:
1. when you run the script as administrator a h: network drive is created and disconnected for each user. When you want another drive letter you can change h: in the function to another drive letter.
2. when you cancel the script before it is finished please manually disconnect the “h:” drive mapping

The script:

' Name : homedirectorysizev2.vbs
' Description : script to enumerate the home directories and their sizes of all users in Active Directory v2
' Author : dirk adamsky - deludi bv
' Version : 2.00
' Date : 14-07-2011
' Level : intermediate

arrAttributes = Array("homeDirectory","displayname","mail")

Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
adoCommand.ActiveConnection = adoConnection

Set objRootDSE = GetObject("LDAP://RootDSE")
strBase = "<LDAP://" & objRootDSE.Get("defaultNamingContext") & ">"
Set objRootDSE = Nothing

strFilter = "(&(objectCategory=person)(objectClass=user)(homeDirectory=*))"
strAttributes = Join(arrAttributes,",")
Wscript.Echo Join(arrAttributes,";") & " ; home directory size in MB"
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
Set adoRecordset = adoCommand.Execute
Do Until adoRecordset.EOF
	On Error Resume Next
	strTempOutput = ""
	For i = 0 To Ubound(arrAttributes)
		strTempOutput =  strTempOutput & " ; " & adoRecordset.Fields(arrAttributes(i)).Value
		strOutput = Mid(Ltrim(strTempOutput),3)
	Next
	Wscript.Echo strOutput & " ; " & Foldersize (adoRecordset.Fields(arrAttributes(0)).Value) & " MB"
	adoRecordset.MoveNext
Loop
adoRecordset.Close
adoConnection.Close
Set adoRecordset = Nothing
Set adoConnection = Nothing
Set adoCommand = Nothing

Function Foldersize(strPath)
	On Error Resume Next
	Set objNetwork = CreateObject("WScript.Network")
	Set objFSO = CreateObject("scripting.filesystemobject")
	objNetwork.MapNetworkDrive "h:", strPath
	Set objFld = objFSO.GetFolder("h:")
	Foldersize = Round(objFld.Size/1048576,2)
	objNetwork.RemoveNetworkDrive "h:"
	Set objFld = Nothing
	Set objFSO = Nothing
End Function

When you have problems/questions please post a reply. Also can also give a ‘star’ rating.

Happy scripting.

Best regards,

Dirk Adamsky – Deludi BV