Post reply

Query AD (Active Directory)

  • October 3, 2012 at 11:39 am

    #282512

    I know you can query AD for logins,email,location but if I want to know if the users are active or not, can I pull that as well. I'm not seeing it in the container if so.

  • October 3, 2012 at 11:55 am

    #1545112

    this site has the most comprehensive list of attributes you can query that i've ever tripped over:

    http://www.rlmueller.net/UserAttributes.htm

    specifically, his excel spreadsheet has a ton of stuff:

    http://www.rlmueller.net/References/Schema.xls

    i searched for "locked" and "enabled" and "disabled", and didn't see anything that seemed to me to be specific to a user

    you may have a better idea on what to search for than me.

    Lowell

    --help us help you! If you post a question, make sure you include a CREATE TABLE... statement and INSERT INTO... statement into that table to give the volunteers here representative data. with your description of the problem, we can provide a tested, verifiable solution to your question! asking the question the right way gets you a tested answer the fastest way possible!

  • October 4, 2012 at 6:29 am

    #1545484

    Thanks, that was very helpful.

  • October 4, 2012 at 8:01 am

    #1545552

    Any chance you can share what the attribute was called? As Lowell mentioned he didn't find anything obvious. I did a quick skim through but the list is quite long.

  • October 4, 2012 at 1:59 pm

    #1545775

    I exclude Disabled in a vb script that queries AD.

    Here’s the check for a user being disabled in AD:

    (userAccountControl:1.2.840.113556.1.4.803:=2)

    So to exclude use (!userAccountControl:1.2.840.113556.1.4.803:=2) in the filter:

    strFilter = "(&(objectCategory=person)(!userAccountControl:1.2.840.113556.1.4.803:=2)(objectClass=user)(memberOf=cn=CERUsers,ou=CER,ou=intranet applications,ou=groups,ou=khs,dc=myhouse,dc=org))"

    From the VB script:

    ' Open the output file for write access.

    Set objFile = objFSO.OpenTextFile(strFilePath, 2, True, 0)

    Set objRootDSE = GetObject("LDAP://RootDSE")

    strDNSDomain = objRootDSE.Get("defaultNamingContext")

    Set objCommand = CreateObject("ADODB.Command")

    Set objConnection = CreateObject("ADODB.Connection")

    objConnection.Provider = "ADsDSOObject"

    objConnection.Open "Active Directory Provider","myhouse\mylogin","mypassword"

    objCommand.ActiveConnection = objConnection

    strBase = "<LDAP://" & strDNSDomain & ">"

    strFilter = "(&(objectCategory=person)(!userAccountControl:1.2.840.113556.1.4.803:=2)(objectClass=user)(memberOf=cn=Distribution Group Corporate Management,ou=Mail Groups,ou=groups,ou=khs,dc=myhouse,dc=org))"

    strAttributes = "cn,displayName,mail,title,physicalDeliveryOfficeName"

    strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"

    objCommand.CommandText = strQuery

    objCommand.Properties("Page Size") = 100

    objCommand.Properties("Timeout") = 30

    objCommand.Properties("Cache Results") = False

    Set objRecordSet = objCommand.Execute

  • October 8, 2012 at 8:14 am

    #1546748

    Thank you for that Randy. It's always good to have the solution for others to find in the future.

Viewing 6 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic. Login to reply