Exporting AD users and its info to a text file
From Tech-Wiki
Revision as of 15:21, 14 July 2016 by Fabricio.Lima (Talk | contribs)
This VBScript export the users list from Active Directory and also exports several user's details such as Full name, Telephone, whether member of Domain Admin, expired/disabled account and so on.
On Error Resume Next Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000 Const FourthOctet = 1 Const ThirdOctet = 256 Const SecondOctet = 65536 Const FirstOctet = 16777216 Const ForReading = 1 Const ForWriting = 2 Const ForAppending = 8 Set rootDSE=GetObject("LDAP://RootDSE") domainContainer = rootDSE.Get("defaultNamingContext") Set domainObject = GetObject("LDAP://" & domainContainer) Set fs = CreateObject ("Scripting.FileSystemObject") Set outFile = fs.CreateTextFile ("C:\AD.TXT", ForWriting, True) ' Printing Header outFile.WriteLine "Login;FullName;Description;Office;e-mail;Telephone;LoginScript;LastLogon;Status;LastPasswordSet;Dial-In;PasswordNeverExpires;Admin Group;" 'Starting recursion ExportUsers(domainObject) outFile.Close WScript.Quit Function WriteReport (strUserDN) On Error Resume Next Set objUser = GetObject ("LDAP://" & strUserDN) 'outFile.WriteLine objUser.sAMAccountName & ";" & objUser.userPrincipalName & ";" & objUser.FullName & ";" & _ ' objUser.emailAddress & ";" & objUser.ScriptPath & ";" & LastLogon (strUserDN) & ";" & isDisabled (strUserDN) & ";" & _ ' DialIn (strUserDN) & ";" & MemberOf (strUserDN) & ";" outFile.Write objUser.sAMAccountName outFile.Write ";" outFile.Write objUser.FullName outFile.Write ";" outFile.Write objUser.Description outFile.Write ";" outFile.Write objUser.physicalDeliveryOfficeName outFile.Write ";" outFile.Write objUser.emailAddress outFile.Write ";" outFile.Write objUser.TelephoneNumber outFile.Write ";" outFile.Write UCase (objUser.ScriptPath) outFile.Write ";" outFile.Write LastLogon (strUserDN) outFile.Write ";" outFile.Write isDisabled (strUserDN) outFile.Write ";" outFile.Write objUser.PasswordLastChanged outFile.Write ";" outFile.Write DialIn (strUserDN) outFile.Write ";" outFile.Write PasswordNeverExpires (strUserDN) outFile.Write ";" outFile.Write MemberOf (strUserDN) & ";" & vbcrlf End Function Sub ExportUsers(oObject) On Error Resume Next For Each oUser in oObject Select Case oUser.Class Case "user" WriteReport (oUser.DistinguishedName) Case "organizationalUnit" , "container" If UsersinOU (oUser) then ExportUsers(oUser) End if End select Next End Sub Function UsersinOU (oObject) On Error Resume Next UsersinOU = False For Each oUser in oObject Select Case oUser.Class Case "organizationalUnit" , "container" UsersinOU = UsersinOU(oUser) Case "user" UsersinOU = True End select Next End Function ' Check if a User Account is disabled or not Function isDisabled (strUserDN) On Error Resume Next Set objUser = GetObject ("LDAP://" & strUserDN) If objUser.AccountDisabled = TRUE Then isDisabled = "Disabled" Else isDisabled = "Enabled" End If End Function ' List Last Login Time Stamp for a User Account Function LastLogon (strUserDN) On Error Resume Next Set objUser = GetObject ("LDAP://" & strUserDN) 'Set objLogon = objUser.Get("lastLogonTimestamp") 'Windows 2003 functional level Set objLogon = objUser.Get("lastLogon") intLogonTime = objLogon.HighPart * (2^32) + objLogon.LowPart intLogonTime = intLogonTime / (60 * 10000000) intLogonTime = intLogonTime / 1440 LastLogon = intLogonTime + #1/1/1601# End Function ' Check if Password Never Expires Function PasswordNeverExpires (strUserDN) On Error Resume Next Set objUser = GetObject ("LDAP://" & strUserDN) intUAC = objUser.Get("userAccountControl") PasswordNeverExpires = "Expires soon" If ADS_UF_DONT_EXPIRE_PASSWD AND intUAC Then PasswordNeverExpires = "Nerver Expires" 'Else 'objUser.Put "userAccountControl", intUAC XOR _ ' ADS_UF_DONT_EXPIRE_PASSWD 'objUser.SetInfo 'WScript.Echo "Password never expires is now enabled" End If End Function ' List the Dial-In Property Configuration Settings for a User Account Function DialIn (strUserDN) On Error Resume Next Set objUser = GetObject ("LDAP://" & strUserDN) blnMsNPAllowDialin = objUser.Get("msNPAllowDialin") If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then DialIn = "Control access through Remote Access Policy" Err.Clear Else If blnMsNPAllowDialin = True Then DialIn = "Allow Dial-in" Else DialIn = "Deny Dial-in" End If End If End Function ' Check if the user is member of Administrators, Domain Admins or Enterprise Admins Function MemberOf (strUserDN) On Error Resume Next Set objUser = GetObject ("LDAP://" & strUserDN) objMemberOf = objUser.GetEx("memberOf") For Each objGroup in objMemberOf isAdmin = InStr(objGroup, "dmin") If isAdmin > 0 Then strList = objGroup & "," & strList 'strList = strList & objGroup & vbCr End If 'isAdmin = InStr(objGroup, "Administrators") 'If isAdmin > 0 Then ' MemberOf = "Administrators" 'End If 'isAdmin = InStr(objGroup, "Domain Admins") 'If isAdmin > 0 Then ' MemberOf = "Domain Admins" 'End If 'isAdmin = InStr(objGroup, "Enterprise Admins") 'If isAdmin > 0 Then ' MemberOf = "Enterprise Admins" 'End If Next MemberOf = strList End Function