Приложение А. Const ADS_SCOPE_SUBTREE = 2Листинг программы Const ADS_SCOPE_SUBTREE = 2 Const ADS_CHASE_REFERRALS_ALWAYS = &H60 Dim TotalAccProcessed Dim RootDomainLDAP
'check to see if we launched by correct interpreter(if not - relaunch correct) if Not isCScript() Then set oShell = CreateObject("WScript.Shell") set arguments = WScript.Arguments sCMD = "cscript //nologo domgroupsenum.vbs" For Each cmdArg in arguments sCMD = sCMD & " " & cmdArg Next oShell.Run sCMD WScript.Quit() End If
Set objArgs = WScript.Arguments if objArgs.Count < 2 Then WScript.Echo "Enumerate all groups in specified domain" WScript.Echo "and return all as tab delimited user specified text file" WScript.Echo "ALL QUERYs are RECURSIVE!" WScript.Echo "USAGE: domgroupsenum.vbs <LDAP query> <outfile.txt" & vbCrLf & vbCrLf WScript.Echo "Example queryes:" WScript.Echo "LDAP://dc=mydomain,dc=com - to enum groups in *all* OUs on mydomain.com domain" WScript.Echo "LDAP://ou=Groups,dc=mydomain,dc=com - to start enum groups at 'Groups' OU on mydomain.com domain" WScript.Echo "LDAP://domainserv/dc=mydomain,dc=com - to enum *all* groups on mydomain.com domain at specified DC" & vbCrLf & vbCrLf WScript.Echo "Press ENTER to quit" WScript.StdIn.ReadLine() WScript.Quit Else LDAPQuery = objArgs(0) End if
On Error Resume Next Set objConnection = CreateObject("ADODB.Connection") Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject" objConnection.Open "Active Directory Provider" Set objCommand.ActiveConnection = objConnection objCommand.Properties("Page Size") = 1000 objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE objCommand.Properties("Chase referrals") = ADS_CHASE_REFERRALS_ALWAYS objCommand.Properties("TimeOut") = 120 'in seconds objCommand.Properties("Cache Results") = False
Set cf = CreateObject("Scripting.FileSystemObject")
objCommand.CommandText = "SELECT primaryGroupToken, Name, description, member, groupType FROM '" & LDAPQuery & "' WHERE objectCategory='group'" Set objRecordSet = objCommand.Execute If objRecordSet.BOF Then WScript.Echo "ERROR querying: " & LDAPQuery WScript.Quit Else objRecordSet.MoveFirst End If
RootDomainLDAP=ConstructGlobalDomain(LDAPQuery) Set cs = cf.OpenTextfile(objArgs(1), 2, True) If Err.Number <> 0 Then WScript.Echo "Can't create output file!" & vbCrLf WScript.Quit End If
Do Until objRecordSet.EOF GroupName=objRecordSet.Fields("Name").Value arrField = objRecordSet.Fields("description") if IsArray(arrField) Then For Each strItem In arrField GroupDescr = strItem Next elseif Not IsNull(arrField) Then GroupDescr = arrField.Value else GroupDescr = "" End if If Err.Number <> 0 Then WScript.Echo "ERROR querying GroupName and GroupDescr: " & Err.Description & vbCrLf End If
Select Case objRecordSet.Fields("groupType") Case 2 GroupType="Global" '"This is a global distribution group." Case 4 GroupType="Local" '"This is a domain local distribution group." Case 8 GroupType="Universal" '"This is a universal distribution group." Case -2147483646 GroupType="Global" '"This is a global security group." Case -2147483644 GroupType="Local" '"This is a domain local security group." Case -2147483643 GroupType="Local" '"This is a domain local security group created by system." Case -2147483640 GroupType="Universal" '"This is a universal security group." Case else GroupType="" End Select If Err.Number <> 0 Then WScript.Echo "ERROR querying GroupType: " & Err.Description & vbCrLf End If
arrField = objRecordSet.Fields("member") if IsArray(arrField) Then For Each strItem In arrField Set objGroup = GetObject("LDAP://" & strItem) Select Case objGroup.sAMAccountType Case 805306368 GroupMemberType="User" Case 805306369 GroupMemberType="User" Case 268435456 GroupMemberType="Global" Case 536870912 GroupMemberType="Local" Case else GroupMemberType="Contact" End Select If InStr(1, objGroup.sAMAccountName, "$", 1) < 1 Then 'if GroupMemberType <> "Contact" Then cs.write MaskValueIfEmpty(GroupName, "") & vbTab 'GROUPNAME cs.write MaskValueIfEmpty(GroupDescr, "") & vbTab 'GROUPDESCRIPTION cs.write MaskValueIfEmpty(GroupType, "") & vbTab 'GROUP TYPE cs.write objGroup.samAccountName & vbTab 'GROUP:MEMBER NAME cs.write GroupMemberType & vbCrLf 'GROUP:MEMBER TYPE 'End If End If Set objGroup = Nothing Next elseif Not IsNull(arrField) Then cs.write MaskValueIfEmpty(GroupName, "") & vbTab 'GROUPNAME cs.write MaskValueIfEmpty(GroupDescr, "") & vbTab 'GROUPDESCRIPTION cs.write MaskValueIfEmpty(GroupType, "") & vbTab 'GROUP TYPE
cs.write MaskValueIfEmpty(arrField.Value, "") & vbTab 'GROUP:MEMBER NAME cs.write "" & vbCrLf else cs.write MaskValueIfEmpty(GroupName, "") & vbTab 'GROUPNAME cs.write MaskValueIfEmpty(GroupDescr, "") & vbTab 'GROUPDESCRIPTION cs.write MaskValueIfEmpty(GroupType, "") & vbTab 'GROUP TYPE
cs.write "" & vbTab 'GROUP:MEMBER NAME cs.write "" & vbCrLf 'GROUP:MEMBER TYPE End if If Err.Number <> 0 Then WScript.Echo "ERROR working with GroupMember: " & Err.Description & vbCrLf End If
EnumPrimaryMembers(objRecordSet.Fields("primaryGroupToken"))
TotalAccProcessed = TotalAccProcessed + 1 objRecordSet.MoveNext Loop
WScript.Echo "Total groups Listed: " & TotalAccProcessed
Set objConnection = Nothing Set objCommand = Nothing
cs.Close WScript.Quit
|
