Exporting AD users and its info to a text file

From Tech-Wiki
Revision as of 09:13, 24 August 2016 by Linogenco (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Back to Active Directory


This VBScript export the users list from Active Directory and also exports several user's details such as Full name, Telephone, whether member of Domain Admin, expired/disabled account and so on.

On Error Resume Next

Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D
Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
Const FourthOctet = 1
Const ThirdOctet = 256
Const SecondOctet = 65536
Const FirstOctet = 16777216
Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8

Set rootDSE=GetObject("LDAP://RootDSE")
domainContainer = rootDSE.Get("defaultNamingContext")
Set domainObject = GetObject("LDAP://" & domainContainer)

Set fs = CreateObject ("Scripting.FileSystemObject")
Set outFile = fs.CreateTextFile ("C:\AD.TXT", ForWriting, True)

' Printing Header
outFile.WriteLine  "Login;FullName;Description;Office;e-mail;Telephone;LoginScript;LastLogon;Status;LastPasswordSet;Dial-In;PasswordNeverExpires;Admin Group;"

'Starting recursion
ExportUsers(domainObject)

outFile.Close
WScript.Quit

Function WriteReport (strUserDN)

	On Error Resume Next
 	Set objUser = GetObject ("LDAP://" & strUserDN)
	'outFile.WriteLine objUser.sAMAccountName & ";" & objUser.userPrincipalName & ";" & objUser.FullName & ";" & _
	'	objUser.emailAddress & ";" & objUser.ScriptPath & ";" & LastLogon (strUserDN) & ";" & isDisabled (strUserDN) & ";" & _
	'	DialIn (strUserDN) & ";" & MemberOf (strUserDN) & ";"
        outFile.Write objUser.sAMAccountName
        outFile.Write ";"
        outFile.Write objUser.FullName
        outFile.Write ";"
        outFile.Write objUser.Description
        outFile.Write ";"
        outFile.Write objUser.physicalDeliveryOfficeName
        outFile.Write ";"
        outFile.Write objUser.emailAddress
        outFile.Write ";"
        outFile.Write objUser.TelephoneNumber
        outFile.Write ";"
        outFile.Write UCase (objUser.ScriptPath)
        outFile.Write ";"
        outFile.Write LastLogon (strUserDN)
        outFile.Write ";"
        outFile.Write isDisabled (strUserDN)
        outFile.Write ";"
        outFile.Write objUser.PasswordLastChanged
        outFile.Write ";"
        outFile.Write DialIn (strUserDN)
        outFile.Write ";"
        outFile.Write PasswordNeverExpires (strUserDN)
        outFile.Write ";"
        outFile.Write MemberOf (strUserDN) & ";" & vbcrlf

End Function

Sub ExportUsers(oObject)

	On Error Resume Next
	For Each oUser in oObject
		Select Case oUser.Class
			Case "user"
				WriteReport (oUser.DistinguishedName)
			Case "organizationalUnit" , "container"
				If UsersinOU (oUser) then
					ExportUsers(oUser)
				End if
		End select
	Next

End Sub

Function UsersinOU (oObject)

	On Error Resume Next
	UsersinOU = False
	For Each oUser in oObject
		Select Case oUser.Class
			Case "organizationalUnit" , "container"
				UsersinOU = UsersinOU(oUser)
			Case "user"
				UsersinOU = True
		End select
	Next

End Function


' Check if a User Account is disabled or not
Function isDisabled (strUserDN)

	On Error Resume Next
	Set objUser = GetObject ("LDAP://" & strUserDN)
	If objUser.AccountDisabled = TRUE Then
    	isDisabled = "Disabled"
	Else
    	isDisabled = "Enabled"
	End If

End Function


' List Last Login Time Stamp for a User Account
Function LastLogon (strUserDN)

	On Error Resume Next
	Set objUser = GetObject ("LDAP://" & strUserDN)
	'Set objLogon = objUser.Get("lastLogonTimestamp")  'Windows 2003 functional level
	Set objLogon = objUser.Get("lastLogon")
	intLogonTime = objLogon.HighPart * (2^32) + objLogon.LowPart
	intLogonTime = intLogonTime / (60 * 10000000)
	intLogonTime = intLogonTime / 1440
	LastLogon = intLogonTime + #1/1/1601#

End Function


' Check if Password Never Expires
Function PasswordNeverExpires (strUserDN)
	
	On Error Resume Next
	Set objUser = GetObject ("LDAP://" & strUserDN)
	intUAC = objUser.Get("userAccountControl")
	
	PasswordNeverExpires = "Expires soon"
	If ADS_UF_DONT_EXPIRE_PASSWD AND intUAC Then
		PasswordNeverExpires = "Nerver Expires"
	'Else
		'objUser.Put "userAccountControl", intUAC XOR _
		'    ADS_UF_DONT_EXPIRE_PASSWD
		'objUser.SetInfo
		'WScript.Echo "Password never expires is now enabled"
	End If

End Function


' List the Dial-In Property Configuration Settings for a User Account
Function DialIn (strUserDN)

	On Error Resume Next
	Set objUser = GetObject ("LDAP://" & strUserDN)
	blnMsNPAllowDialin = objUser.Get("msNPAllowDialin")
	If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
	    DialIn = "Control access through Remote Access Policy"
	    Err.Clear
	Else
	    If blnMsNPAllowDialin = True Then
        	DialIn = "Allow Dial-in"
    	Else
	        DialIn = "Deny Dial-in"
	    End If
	End If

End Function


' Check if the user is member of Administrators, Domain Admins or Enterprise Admins
Function MemberOf (strUserDN)

	On Error Resume Next
	Set objUser = GetObject ("LDAP://" & strUserDN)
	objMemberOf = objUser.GetEx("memberOf")
	For Each objGroup in objMemberOf
                isAdmin = InStr(objGroup, "dmin")
		If isAdmin > 0 Then
		        strList = objGroup & "," & strList
		        'strList = strList & objGroup & vbCr
		End If
		'isAdmin = InStr(objGroup, "Administrators")
		'If isAdmin > 0 Then
		'	MemberOf = "Administrators"
		'End If
		'isAdmin = InStr(objGroup, "Domain Admins")
		'If isAdmin > 0 Then
		'	MemberOf = "Domain Admins"
		'End If
		'isAdmin = InStr(objGroup, "Enterprise Admins")
		'If isAdmin > 0 Then
		'	MemberOf = "Enterprise Admins"
		'End If
	Next
	MemberOf = strList

End Function