Приложение А. Const ADS_SCOPE_SUBTREE = 2

Листинг программы

Const ADS_SCOPE_SUBTREE = 2

Const ADS_CHASE_REFERRALS_ALWAYS = &H60

Dim TotalAccProcessed

Dim RootDomainLDAP

 

'check to see if we launched by correct interpreter(if not - relaunch correct)

if Not isCScript() Then

set oShell = CreateObject("WScript.Shell")

set arguments = WScript.Arguments

sCMD = "cscript //nologo domgroupsenum.vbs"

For Each cmdArg in arguments

sCMD = sCMD & " " & cmdArg

Next

oShell.Run sCMD

WScript.Quit()

End If

 

Set objArgs = WScript.Arguments

if objArgs.Count < 2 Then

WScript.Echo "Enumerate all groups in specified domain"

WScript.Echo "and return all as tab delimited user specified text file"

WScript.Echo "ALL QUERYs are RECURSIVE!"

WScript.Echo "USAGE: domgroupsenum.vbs <LDAP query> <outfile.txt" & vbCrLf & vbCrLf

WScript.Echo "Example queryes:"

WScript.Echo "LDAP://dc=mydomain,dc=com - to enum groups in *all* OUs on mydomain.com domain"

WScript.Echo "LDAP://ou=Groups,dc=mydomain,dc=com - to start enum groups at 'Groups' OU on mydomain.com domain"

WScript.Echo "LDAP://domainserv/dc=mydomain,dc=com - to enum *all* groups on mydomain.com domain at specified DC" & vbCrLf & vbCrLf

WScript.Echo "Press ENTER to quit"

WScript.StdIn.ReadLine()

WScript.Quit

Else

LDAPQuery = objArgs(0)

End if

 

On Error Resume Next

Set objConnection = CreateObject("ADODB.Connection")

Set objCommand = CreateObject("ADODB.Command")

 

objConnection.Provider = "ADsDSOObject"

objConnection.Open "Active Directory Provider"

Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000

objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

objCommand.Properties("Chase referrals") = ADS_CHASE_REFERRALS_ALWAYS

objCommand.Properties("TimeOut") = 120 'in seconds

objCommand.Properties("Cache Results") = False

 

Set cf = CreateObject("Scripting.FileSystemObject")

 

objCommand.CommandText = "SELECT primaryGroupToken, Name, description, member, groupType FROM '" & LDAPQuery & "' WHERE objectCategory='group'"

Set objRecordSet = objCommand.Execute

If objRecordSet.BOF Then

WScript.Echo "ERROR querying: " & LDAPQuery

WScript.Quit

Else

objRecordSet.MoveFirst

End If

 

RootDomainLDAP=ConstructGlobalDomain(LDAPQuery)

Set cs = cf.OpenTextfile(objArgs(1), 2, True)

If Err.Number <> 0 Then

WScript.Echo "Can't create output file!" & vbCrLf

WScript.Quit

End If

 

Do Until objRecordSet.EOF

GroupName=objRecordSet.Fields("Name").Value

arrField = objRecordSet.Fields("description")

if IsArray(arrField) Then

For Each strItem In arrField

GroupDescr = strItem

Next

elseif Not IsNull(arrField) Then

GroupDescr = arrField.Value

else

GroupDescr = ""

End if

If Err.Number <> 0 Then

WScript.Echo "ERROR querying GroupName and GroupDescr: " & Err.Description & vbCrLf

End If

 

Select Case objRecordSet.Fields("groupType")

Case 2

GroupType="Global" '"This is a global distribution group."

Case 4

GroupType="Local" '"This is a domain local distribution group."

Case 8

GroupType="Universal" '"This is a universal distribution group."

Case -2147483646

GroupType="Global" '"This is a global security group."

Case -2147483644

GroupType="Local" '"This is a domain local security group."

Case -2147483643

GroupType="Local" '"This is a domain local security group created by system."

Case -2147483640

GroupType="Universal" '"This is a universal security group."

Case else

GroupType=""

End Select

If Err.Number <> 0 Then

WScript.Echo "ERROR querying GroupType: " & Err.Description & vbCrLf

End If

 

arrField = objRecordSet.Fields("member")

if IsArray(arrField) Then

For Each strItem In arrField

Set objGroup = GetObject("LDAP://" & strItem)

Select Case objGroup.sAMAccountType

Case 805306368

GroupMemberType="User"

Case 805306369

GroupMemberType="User"

Case 268435456

GroupMemberType="Global"

Case 536870912

GroupMemberType="Local"

Case else

GroupMemberType="Contact"

End Select

If InStr(1, objGroup.sAMAccountName, "$", 1) < 1 Then

'if GroupMemberType <> "Contact" Then

cs.write MaskValueIfEmpty(GroupName, "") & vbTab 'GROUPNAME

cs.write MaskValueIfEmpty(GroupDescr, "") & vbTab 'GROUPDESCRIPTION

cs.write MaskValueIfEmpty(GroupType, "") & vbTab 'GROUP TYPE

cs.write objGroup.samAccountName & vbTab 'GROUP:MEMBER NAME

cs.write GroupMemberType & vbCrLf 'GROUP:MEMBER TYPE

'End If

End If

Set objGroup = Nothing

Next

elseif Not IsNull(arrField) Then

cs.write MaskValueIfEmpty(GroupName, "") & vbTab 'GROUPNAME

cs.write MaskValueIfEmpty(GroupDescr, "") & vbTab 'GROUPDESCRIPTION

cs.write MaskValueIfEmpty(GroupType, "") & vbTab 'GROUP TYPE

 

cs.write MaskValueIfEmpty(arrField.Value, "") & vbTab 'GROUP:MEMBER NAME

cs.write "" & vbCrLf

else

cs.write MaskValueIfEmpty(GroupName, "") & vbTab 'GROUPNAME

cs.write MaskValueIfEmpty(GroupDescr, "") & vbTab 'GROUPDESCRIPTION

cs.write MaskValueIfEmpty(GroupType, "") & vbTab 'GROUP TYPE

 

cs.write "" & vbTab 'GROUP:MEMBER NAME

cs.write "" & vbCrLf 'GROUP:MEMBER TYPE

End if

If Err.Number <> 0 Then

WScript.Echo "ERROR working with GroupMember: " & Err.Description & vbCrLf

End If

 

EnumPrimaryMembers(objRecordSet.Fields("primaryGroupToken"))

 

TotalAccProcessed = TotalAccProcessed + 1

objRecordSet.MoveNext

Loop

 

WScript.Echo "Total groups Listed: " & TotalAccProcessed

 

Set objConnection = Nothing

Set objCommand = Nothing

 

cs.Close

WScript.Quit