Tuesday, October 26, 2010

List all users in domain cross forest

Below is a VBScript I wrote that lists all users by the distinguishedname attribute across a forest trust.

If you search through all users using a while statement as per:

http://clintboessen.blogspot.com/2010/10/how-to-find-locked-out-user-accounts.html

It does not work cross forest! The below script does:

' Active Directory Const's
Const ADS_SCOPE_SUBTREE = 2

Set rootDSE = GetObject("LDAP://rootDSE")

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADSDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.CommandText = "SELECT * FROM 'LDAP://stirling/dc=stirling' WHERE objectCategory='user'"
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
Do Until objRecordSet.EOF
Set objType = GetObject(objRecordSet.Fields("ADsPath").Value)
strDistinguishedName = objType.distinguishedName
wscript.echo strDistinguishedName
objRecordSet.MoveNext
Loop

No comments:

Post a Comment