Here's a portion of a script that I used to extract information from client Active Directory environments to assess their "health" and for supporting project plans, etc. I don't use it anymore, so maybe it can benefit someone else. If this doesn't suit your needs, feel free to modify it. You can find tons of other scripts to do this as well if you search the web. Check out Don Hite's web site, as well as Cruto for other examples.
'****************************************************************
' Filename..: ad_env_query.vbs
' Author....: David Stein
' Date......: 11/21/07
' Purpose...: query active directory forest envirnment information
' SQL.......: N/A
' Comments..: usage:
'
' cscript /nologo ad_env_query.vbs
'
' to capture output to file, append output redirect...
'
' cscript /nologo ad_env_query.vbs >ad_query.txt
'****************************************************************
'----------------------------------------------------------------
' comment: toggle options on/off via the following variables
'----------------------------------------------------------------
' these control showing total counts for objects
Const CountUsers = False ' count user accounts
Const CountGroups = False ' count security groups
Const CountComputers = False ' count computers
Const CountPrinters = False ' count published shared printers
Const CountServers = False ' count servers
Const CountSpecUsers = False ' count users with non-exp passwords
Const CountContacts = False ' count contacts
Const CountDisabled = False ' count disabled user accounts
' these control enumerating object names
Const ShowAllDomains = False ' show all domains in forest
Const ShowAllUsers = False ' show user accounts
Const ShowSpecUsers = False ' show users with non-exp passwords
Const ShowAllContacts = False ' show contacts
Const ShowAllGroups = False ' show security groups
Const ShowAllComputers = False ' show computers
Const ShowAllPrinters = False ' show published shared printers
Const ShowAllTrusts = False ' show domain trusts
Const ShowAllShares = False ' show published shares
Const ShowAllDisabled = False ' show disabled user accounts
' these control enumerating domain structural items
Const ShowFSMO = False ' show fsmo role holders
Const ShowAllSites = False ' show all ad sites
Const ShowRootInfo = False ' show RootDSE properties
Const ShowOUs = False ' show OU tree structure
Const ShowContainers = True ' include containers when showing OU structure
Const ShowAllGPOs = False ' show all group policy objects
Const ShowNetlogon = False ' show contents of netlogon share
' note: [ShowContainers] is only used when [ShowOUs] is TRUE
'----------------------------------------------------------------
' *** IMPORTANT: DO NOT MODIFY CODE BELOW THIS POINT !!! ***
'----------------------------------------------------------------
Dim LDAP_DN, objRootDSE, objWMIService, wshNetwork, wshShell
Dim ADSI_DN, objFSO
Const NTDSDSA_OPT_IS_GC = 1
Const ADS_SCOPE_SUBTREE = 2
Const ADS_UF_ACCOUNTDISABLE = 2
Const strComputer = "."
On Error Resume Next
Set objRootDSE = GetObject("LDAP://rootDSE")
Set wshNetwork = CreateObject("WScript.Network")
Set wshShell = CreateObject("WScript.Shell")
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\CIMV2")
Set objFSO = CreateObject("Scripting.FileSystemObject")
If err.Number <> 0 Then
wscript.echo "ERROR: Failed to instantiate objects required for query"
wscript.echo "Details: " & err.Number & " / " & err.Description
wscript.Quit
End If
'----------------------------------------------------------------
' comment: query for LDAP domain DN (eg. DC=domain,DC=com)
'----------------------------------------------------------------
LDAP_DN = Domain_LDAP()
ADSI_DN = Domain_NetBIOS(LDAP_DN)
'----------------------------------------------------------------
' comment: begin processing
'----------------------------------------------------------------
ShowBasicInfo()
ShowPwdPolicy()
ShowDomainControllers()
If ShowRootInfo = True Then ShowRootDSEinfo()
If ShowAllDomains = True Then ShowDomains()
If ShowAllTrusts = True Then ShowTrusts()
If ShowFSMO = True Then ShowRoles()
If ShowAllSites = True Then ShowSites()
If ShowOUs = True Then EnumOUs()
If CountComputers = True Then EnumComputers "COUNT"
If CountServers = True Then EnumServers "COUNT"
If CountGroups = True Then EnumGroups "COUNT"
If CountUsers = True Then EnumUsers "COUNT"
If CountSpecUsers = True Then ShowSpecialUsers "COUNT"
If CountDisabled = True Then EnumDisabledUsers "COUNT"
If CountContacts = True Then EnumContacts "COUNT"
If CountPrinters = True Then EnumPrinters "COUNT"
If ShowAllServers = True Then EnumServers ""
If ShowAllComputers = True Then EnumComputers ""
If ShowAllGroups = True Then EnumGroups ""
If ShowAllUsers = True Then EnumUsers ""
If ShowSpecUsers = True Then ShowSpecialUsers ""
If ShowAllDisabled = True Then EnumDisabledUsers ""
If ShowAllContacts = True Then EnumContacts ""
If ShowAllPrinters = True Then EnumPrinters ""
If ShowAllGPOs = True Then EnumGPOs()
If ShowNetlogon = True Then NetlogonShare()
If ShowAllShares = True Then EnumShares ""
'ShowOU_GPO_Info "LDAP://ou=Domain Controllers," & LDAP_DN
Set wshNetwork = Nothing
Set wshShell = Nothing
'----------------------------------------------------------------
Function Domain_LDAP()
Dim retval
retval = objRootDSE.Get("defaultNamingContext")
Domain_LDAP = retval
End Function
'----------------------------------------------------------------
Function Domain_NetBIOS(ldapdn)
Domain_NetBIOS = Replace(Replace(ldapdn,"DC=",""),",",".")
End Function
'----------------------------------------------------------------
Sub ShowBasicInfo()
wscript.echo vbCRLF & "# GENERAL INFORMATION" & vbCRLF
Dim strPCName, strUserName, strDomain
strPCName = wshNetwork.ComputerName
strUserName = wshNetwork.UserName
strDomain = wshNetwork.UserDomain
wscript.echo "user_domain....: " & strDomain
wscript.echo "domain_ldap....: " & LDAP_DN
wscript.echo "computername...: " & strPCName
wscript.echo "username.......: " & strUserName
wscript.echo "report_date....: " & Now
End Sub
'----------------------------------------------------------------
Sub ShowPwdPolicy()
Dim objDomain, maxPwdAge, minPwdAge, minPwdLen
Dim acctLockoutDur, acctLockoutThreshold, acctLockoutWait
Dim pwdHistory
Set objDomain = GetObject("LDAP://" & objRootDSE.Get("defaultNamingContext"))
'convert to days...
maxPwdAge = Int(Int8ToSec(objDomain.Get("maxPwdAge")) / 86400)
'convert to days...
minPwdAge = Int8ToSec(objDomain.Get("minPwdAge")) / 86400
minPwdLen = objDomain.Get("minPwdLength")
'convert to minutes...
acctLockoutDur = Int8ToSec(objDomain.Get("lockoutDuration")) / 60
acctLockoutThreshold = objDomain.Get("lockoutThreshold")
'convert to minutes...
acctLockoutWait = Int8ToSec(objDomain.Get("lockoutObservationWindow")) / 60
pwdHistory = objDomain.Get("pwdHistoryLength")
wscript.echo vbCRLF & "# DOMAIN PASSWORD POLICY SETTINGS" & vbCRLF
wscript.echo "max_pwd_age....: " & maxPwdAge & " days"
wscript.echo "min_pwd_age....: " & minPwdAge & " days"
wscript.echo "pwd_history....: " & pwdHistory & " passwords remembered"
wscript.echo "min_pwd_length.: " & minPwdLen & " chars"
wscript.echo "lockout_dur....: " & acctLockoutDur & " minutes"
wscript.echo "lockout_thresh.: " & acctLockoutThreshold & " invalid logon attempts"
wscript.echo "reset_wait.....: " & acctLockoutWait & " minutes"
End Sub
'----------------------------------------------------------------
' function: convert Integer8 64-bit numbers to seconds (time)
'----------------------------------------------------------------
Function Int8ToSec(ByVal objInt8)
Dim lngHigh, lngLow
lngHigh = objInt8.HighPart
' adjust for error in IADsLargeInteger property methods
lngLow = objInt8.LowPart
If lngLow < 0 Then
lngHigh = lngHigh + 1
End If
Int8ToSec = -(lngHigh * (2 ^ 32) + lngLow) / (10000000)
End Function
'----------------------------------------------------------------
Sub ShowDomains()
Dim objWMIAD, colItems, objItem
wscript.echo vbCRLF & "# ACTIVE DIRECTORY DOMAINS" & vbCRLF
On Error Resume Next
Set objWMIAD = GetObject("winmgmts:{impersonationLevel=impersonate}!\\" & _
strComputer & "\root\MicrosoftActiveDirectory")
Set colItems = objWMIAD.ExecQuery("Select * from Win32_NTDomain")
For Each objItem in colItems
If Trim(objItem.DomainName) <> "" Then
wscript.echo "domain_name....: " & objItem.DomainName
wscript.echo "client_sitename: " & objItem.ClientSiteName
wscript.echo "dc_sitename....: " & objItem.DcSiteName
wscript.echo "description....: " & objItem.Description
wscript.echo "dns_forestname.: " & objItem.DnsForestName
wscript.echo "dc_address.....: " & objItem.DomainControllerAddress
wscript.echo "dc_address_type: " & objItem.DomainControllerAddressType
wscript.echo "dc_name........: " & objItem.DomainControllerName
wscript.echo "domain_guid....: " & objItem.DomainGuid
wscript.echo "ds_flag........: " & objItem.DSDirectoryServiceFlag
wscript.echo "ds_dns_contflag: " & objItem.DSDnsControllerFlag
wscript.echo "ds_dns_domflag.: " & objItem.DSDnsDomainFlag
wscript.echo "ds_dns_forflag.: " & objItem.DSDnsForestFlag
wscript.echo "ds_gc_flag.....: " & objItem.DSGlobalCatalogFlag
wscript.echo "ds_kdc_flag....: " & objItem.DSKerberosDistributionCenterFlag
wscript.echo "ds_pdc_flag....: " & objItem.DSPrimaryDomainControllerFlag
wscript.echo "ds_timesvc_flag: " & objItem.DSTimeServiceFlag
wscript.echo "ds_write_flag..: " & objItem.DSWritableFlag
' wscript.echo "name...........: " & objItem.Name
' wscript.echo "primary_owner..: " & objItem.PrimaryOwnerContact
wscript.echo
End If
Next
End Sub
'----------------------------------------------------------------
Sub ShowDomainControllers()
Dim objConnection, objCommand, objRecordSet, objDC, icount
wscript.echo vbCRLF & "# DOMAIN CONTROLLERS" & vbCRLF
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject;"
objConnection.open
objCommand.ActiveConnection = objConnection
icount = 0
ldapQuery = "<LDAP://" & objRootDSE.Get("ConfigurationNamingContext") & _
">;((objectClass=nTDSDSA));ADsPath;subtree"
objCommand.CommandText = ldapQuery
objCommand.Properties("Page Size") = 1000
Set objRecordSet = objCommand.Execute
If Not(objRecordSet.EOF And objRecordSet.BOF) Then
Do While Not(objRecordSet.EOF)
Set objDC = GetObject(GetObject(objRecordSet.Fields(0).Value).Parent)
wscript.echo "dc_server_name.: " & objDC.dNSHostName
objRecordSet.MoveNext
icount = icount + 1
Loop
wscript.echo "dc_servers.....: " & icount
End If
objConnection.Close
End Sub
'----------------------------------------------------------------
Sub ShowRoles()
Dim objSchema, objNtds, objPartitions, objDomain, objRidManager
Dim objInfrastructure, strSchemaMaster, objComputer, strDomainNamingMaster
Dim strPdcEmulator, strRidMaster, strInfrastructureMaster
wscript.echo vbCRLF & "# ACTIVE DIRECTORY SERVER ROLES" & vbCRLF
Set objSchema = GetObject("LDAP://" & objRootDSE.Get("schemaNamingContext"))
strSchemaMaster = objSchema.Get("fSMORoleOwner")
Set objNtds = GetObject("LDAP://" & strSchemaMaster)
Set objComputer = GetObject(objNtds.Parent)
wscript.echo "fsmo_schema....: " & objComputer.Name
Set objNtds = Nothing
Set objComputer = Nothing
Set objPartitions = GetObject("LDAP://CN=Partitions," & _
objRootDSE.Get("configurationNamingContext"))
strDomainNamingMaster = objPartitions.Get("fSMORoleOwner")
Set objNtds = GetObject("LDAP://" & strDomainNamingMaster)
Set objComputer = GetObject(objNtds.Parent)
wscript.echo "fsmo_domain....: " & objComputer.Name
Set objDomain = GetObject("LDAP://" & objRootDSE.Get("defaultNamingContext"))
strPdcEmulator = objDomain.Get("fSMORoleOwner")
Set objNtds = GetObject("LDAP://" & strPdcEmulator)
Set objComputer = GetObject(objNtds.Parent)
wscript.echo "fsmo_pdc.......: " & objComputer.Name
Set objRidManager = GetObject("LDAP://CN=RID Manager$,CN=System," & _
objRootDSE.Get("defaultNamingContext"))
strRidMaster = objRidManager.Get("fSMORoleOwner")
Set objNtds = GetObject("LDAP://" & strRidMaster)
Set objComputer = GetObject(objNtds.Parent)
wscript.echo "fsmo_rid.......: " & objComputer.Name
Set objInfrastructure = GetObject("LDAP://CN=Infrastructure," & _
objRootDSE.Get("defaultNamingContext"))
strInfrastructureMaster = objInfrastructure.Get("fSMORoleOwner")
Set objNtds = GetObject("LDAP://" & strInfrastructureMaster)
Set objComputer = GetObject(objNtds.Parent)
wscript.echo "fsmo_im........: " & objComputer.Name
End Sub
'----------------------------------------------------------------
Sub ShowSites()
Dim strConfigurationNC, strSitesContainer, objSite, sitename
wscript.echo vbCRLF & "# ACTIVE DIRECTORY SITES" & vbCRLF
strConfigurationNC = objRootDSE.Get("configurationNamingContext")
strSitesContainer = "LDAP://cn=Sites," & strConfigurationNC
Set objSitesContainer = GetObject(strSitesContainer)
objSitesContainer.Filter = Array("site")
For Each objSite In objSitesContainer
sitename = Replace(objSite.Name,"CN=","")
wscript.echo "site_name......: " & sitename
ShowSiteDCs objSite.Name
ShowSiteSubnets objSite.Name
Next
End Sub
'----------------------------------------------------------------
Sub ShowSiteDCs(strSiteRDN)
Dim strConfigurationNC, strServersPath, objServer, sitename
strConfigurationNC = objRootDSE.Get("configurationNamingContext")
strServersPath = "LDAP://cn=Servers," & strSiteRDN & ",cn=Sites," & strConfigurationNC
Set objServersContainer = GetObject(strServersPath)
For Each objServer In objServersContainer
servername = Replace(objServer.Name,"CN=","")
sitename = Replace(strSiteRDN,"CN=","")
wscript.echo vbTab & "dc_server....: " & servername
ShowConnections servername, sitename
ShowBridgeHeadTransports servername, sitename
Next
End Sub
'----------------------------------------------------------------
Sub ShowSiteSubnets(strSiteRDN)
Dim strConfigurationNC, strSitePath, arrSiteObjectBL
Dim strSiteObjectBL
strConfigurationNC = objRootDSE.Get("configurationNamingContext")
strSitePath = "LDAP://" & strSiteRDN & ",cn=Sites," & strConfigurationNC
Set objSite = GetObject(strSitePath)
objSite.GetInfoEx Array("siteObjectBL"), 0
arrSiteObjectBL = objSite.GetEx("siteObjectBL")
For Each strSiteObjectBL In arrSiteObjectBL
wscript.echo vbTab & "subnet.......: " & _
Split(Split(strSiteObjectBL, ",")(0), "=")(1)
Next
End Sub
'----------------------------------------------------------------
Sub EnumOUs()
wscript.echo vbCRLF & "# ORGANIZATIONAL UNIT STRUCTURE" & vbCRLF
DisplayObjects "LDAP://" & LDAP_DN, ""
End Sub
Function DisplayObjects( strADsPath, strTab)
Set objObject = GetObject(strADsPath)
Set objX = GetObject(strADsPath)
' wscript.echo strTab & Replace(objX.Name, "OU=", "")
wscript.echo strTab & objX.Name
If showContainers = True Then
objObject.Filter = Array("container","organizationalUnit")
Else
objObject.Filter = Array("organizationalUnit")
End If
For each objChildObject in objObject
DisplayObjects objChildObject.ADsPath, strTab & " .. "
Next
End Function
'----------------------------------------------------------------
Function IsGC(strCN)
Dim strDsServiceDN, intOptions, objServer
Set objServer = GetObject("LDAP://" & strCN & "/rootDSE")
strDsServiceDN = objServer.Get("dsServiceName")
Set objDsRoot = GetObject("LDAP://" & strCN & "/" & strDsServiceDN)
intOptions = objDsRoot.Get("options")
If intOptions And NTDSDSA_OPT_IS_GC Then
IsGC = True
End If
End Function
'----------------------------------------------------------------
Sub ShowTrusts()
Dim colTrustList, objTrust
wscript.echo vbCRLF & "ACTIVE DIRECTORY TRUSTS" & vbCRLF
On Error Resume Next
If err.Number <> 0 Then
wscript.echo "unavailable....: non-domain-controller"
Exit Sub
End If
Set colTrustList = objWMIService.ExecQuery("Select * from Microsoft_DomainTrustStatus")
For each objTrust in colTrustList
wscript.echo "trusted_domain.: " & objTrust.TrustedDomain
wscript.echo "trust_direction: " & objTrust.TrustDirection
wscript.echo "trust_type.....: " & objTrust.TrustType
wscript.echo "trust_attribs..: " & objTrust.TrustAttributes
wscript.echo "trusted_dcname.: " & objTrust.TrustedDCName
wscript.echo "trust_status...: " & objTrust.TrustStatus
wscript.echo "trust_is_ok....: " & objTrust.TrustIsOK
Next
End Sub
'----------------------------------------------------------------
Sub EnumServers(mode)
wscript.echo vbCRLF & "# enumerating server objects..." & vbCRLF
Dim objRecordSet, varConfigNC, strConnString, strWQL
Dim objServer, strServerName, strOperatingSystem, retval
retval = 0
Set objRecordSet = CreateObject("ADODB.RecordSet")
varConfigNC = objRootDSE.Get("defaultNamingContext")
strConnstring = "Provider=ADsDSOObject"
strWQL = "SELECT * FROM 'LDAP://" & varConfigNC & _
"' WHERE objectCategory= 'Computer' and OperatingSystem = 'Windows*Server*'"
objRecordSet.Open strWQL, strConnstring
If mode = "COUNT" Then
Do Until objRecordSet.EOF
retval = retval + 1
objRecordSet.MoveNext
Loop
wscript.echo "Servers......: " & retval
Else
Do until objRecordSet.EOF
Set objServer = GetObject(objRecordSet.Fields.Item(0))
strServerName = objServer.CN
strOperatingSystem = objServer.OperatingSystem
wscript.echo strServerName & vbTab & strOperatingSystem
objRecordSet.MoveNext
Set objServer = Nothing
Loop
End If
objRecordSet.Close
Set objRecordSet = Nothing
End Sub
'----------------------------------------------------------------
Sub EnumComputers(mode)
wscript.echo vbCRLF & "# enumerating computer objects..." & vbCRLF
Dim retval, objConnection, objCommand, objRecordSet
Dim c2000, cXP, cVista, cWin7, cNT, cOther, os
retval = 0
c2000 = 0
cXP = 0
cVista = 0
cWin7 = 0
cNT = 0
cOther = 0
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = "Select Name, operatingSystem from 'LDAP://" & _
LDAP_DN & "' where objectClass='computer' and OperatingSystem <> 'Windows*Server*'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
If mode = "COUNT" Then
Do Until objRecordSet.EOF
retval = retval + 1
objRecordSet.MoveNext
Loop
wscript.echo "Computers....: " & retval
Else
Do Until objRecordSet.EOF
os = Trim(objRecordSet.Fields("operatingSystem").Value)
wscript.echo "Computer.....: " & objRecordSet.Fields("Name").Value & _
vbTab & os
Select Case os
Case "Windows 2000 Professional":
c2000 = c2000 + 1
Case "Windows XP Professional":
cXP = cXP + 1
Case "Windows NT":
cNT = cNT + 1
Case Else:
If Left(os, 13) = "Windows Vista" Then
cVista = cVista + 1
ElseIf Left(os, 9) = "Windows 7" Then
cWin7 = cWin7 + 1
Else
cOther = cOther + 1
End If
End Select
objRecordSet.MoveNext
Loop
wscript.echo "# operating system types..."
wscript.echo "WinNT........: " & cNT
wscript.echo "Win2000......: " & c2000
wscript.echo "WinXP........: " & cXP
wscript.echo "WinVista.....: " & cVista
wscript.echo "Win7.........: " & cWin7
wscript.echo "Other........: " & cOther
End If
End Sub
'----------------------------------------------------------------
Sub EnumUsers(mode)
wscript.echo vbCRLF & "# enumerating user account objects..." & vbCRLF
Dim retval, objConnection, objCommand, objRecordSet
retval = 0
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = "Select Name, displayName from 'LDAP://" & _
LDAP_DN & "' where objectCategory='person' and objectClass='user'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
If mode = "COUNT" Then
Do Until objRecordSet.EOF
retval = retval + 1
objRecordSet.MoveNext
Loop
wscript.echo "UserAccounts.: " & retval
Else
Do Until objRecordSet.EOF
wscript.echo "UserAccount..: " & objRecordSet.Fields("Name").Value & _
vbTab & objRecordSet.Fields("displayName").Value
objRecordSet.MoveNext
Loop
End If
End Sub
'----------------------------------------------------------------
Sub EnumContacts(mode)
wscript.echo vbCRLF & "# enumerating contact objects..." & vbCRLF
Dim retval, objConnection, objCommand, objRecordSet
retval = 0
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = "Select Name, displayName from 'LDAP://" & _
LDAP_DN & "' where objectCategory='person' and objectClass='contact'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
If mode = "COUNT" Then
Do Until objRecordSet.EOF
retval = retval + 1
objRecordSet.MoveNext
Loop
wscript.echo "Contacts.....: " & retval
Else
Do Until objRecordSet.EOF
wscript.echo "Contact......: " & objRecordSet.Fields("Name").Value & _
vbTab & objRecordSet.Fields("displayName").Value
objRecordSet.MoveNext
Loop
End If
End Sub
'----------------------------------------------------------------
Sub EnumGroups(mode)
wscript.echo vbCRLF & "# enumerating security group objects..." & vbCRLF
Dim retval, objConnection, objCommand, objRecordSet
retval = 0
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = "Select Name, displayName from 'LDAP://" & _
LDAP_DN & "' where objectClass='group'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
If mode = "COUNT" Then
Do Until objRecordSet.EOF
retval = retval + 1
objRecordSet.MoveNext
Loop
wscript.echo "Groups.......: " & retval
Else
Do Until objRecordSet.EOF
wscript.echo "Group........: " & objRecordSet.Fields("Name").Value & _
vbTab & objRecordSet.Fields("displayName").Value
objRecordSet.MoveNext
Loop
End If
End Sub
'----------------------------------------------------------------
Sub EnumPrinters(mode)
wscript.echo vbCRLF & "# enumerating shared printer objects..." & vbCRLF
Dim retval, objConnection, objCommand, objRecordSet
retval = 0
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = "Select Name, driverName, description from 'LDAP://" & _
LDAP_DN & "' where objectCategory='printQueue'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
If mode = "COUNT" Then
' Do Until objRecordSet.EOF
' retval = retval + 1
' objRecordSet.MoveNext
' Loop
wscript.echo "Printers.....: " & objRecordSet.Count
Else
Do Until objRecordSet.EOF
wscript.echo "Printer......: " & objRecordSet.Fields("Name").Value & _
vbTab & objRecordSet.Fields("driverName").Value & _
vbTab & objRecordSet.Fields("description").Value
objRecordSet.MoveNext
Loop
End If
End Sub
'----------------------------------------------------------------
Sub EnumShares(mode)
wscript.echo vbCRLF & "# enumerating shares..." & vbCRLF
Dim retval, objConnection, objCommand, objRecordSet
retval = 0
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = "Select Name from 'LDAP://" & _
LDAP_DN & "' where objectClass='volume'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Timeout") = 30
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
If mode = "COUNT" Then
Do Until objRecordSet.EOF
retval = retval + 1
objRecordSet.MoveNext
Loop
wscript.echo "Shares.......: " & retval
Else
On Error Resume Next
Do While Not(objRecordSet.EOF)
wscript.echo "Share........: " & objRecordSet.Fields("Name").Value
retval = retval + 1
objRecordSet.MoveNext
Loop
wscript.echo "Shares.......: " & retval
End If
End Sub
'----------------------------------------------------------------
Sub EnumDisabledUsers(mode)
wscript.echo vbCRLF & "# enumerating disabled user accounts..." & vbCRLF
Dim retval, objConnection, objCommand, objRecordSet
retval = 0
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.CommandText = _
"<GC://" & LDAP_DN & ">;(objectCategory=User)" & _
";userAccountControl,distinguishedName;subtree"
Set objRecordSet = objCommand.Execute
If mode = "COUNT" Then
Do Until objRecordset.EOF
intUAC=objRecordset.Fields("userAccountControl")
If intUAC AND ADS_UF_ACCOUNTDISABLE Then
retval = retval + 1
End If
objRecordset.MoveNext
Loop
wscript.echo "disabled.....: " & retval
Else
Do Until objRecordset.EOF
intUAC=objRecordset.Fields("userAccountControl")
If intUAC AND ADS_UF_ACCOUNTDISABLE Then
wscript.echo "disabled_user: " & objRecordset.Fields("distinguishedName").Value
retval = retval + 1
End If
objRecordset.MoveNext
Loop
wscript.echo "disabled.....: " & retval
End If
objConnection.Close
End Sub
'----------------------------------------------------------------
Sub ShowSpecialUsers(mode)
wscript.echo vbCRLF & "# enumerating special user account objects..." & vbCRLF
Dim objConnection, objCommand, objRecordSet, retval
retval = 0
On Error Resume Next
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.CommandText = _
"<LDAP://" & LDAP_DN & ">;(&(objectCategory=User)" & _
"(userAccountControl:1.2.840.113556.1.4.803:=65536));Name;Subtree"
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
If mode = "COUNT" Then
Do Until objRecordSet.EOF
retval = retval + 1
objRecordSet.MoveNext
Loop
wscript.echo "SpecialUsers.: " & retval
Else
Do Until objRecordSet.EOF
wscript.echo "SpecialUser..: " & objRecordSet.Fields("Name").Value
retval = retval + 1
objRecordSet.MoveNext
Loop
wscript.echo "SpecialUsers.: " & retval
End If
End Sub
'----------------------------------------------------------------
Sub ShowRootDSEinfo()
wscript.echo vbCRLF & "# DOMAIN ROOT-DSE PROPERTIES" & vbCRLF
objRootDSE.GetInfo
For i = 0 to objRootDSE.PropertyCount - 1
Set strProp = objRootDSE.Item(i)
wscript.echo strProp.Name & " "
For each strPropval in strProp.Values
wscript.echo " " & strPropval.CaseIgnoreString
Next
Next
End Sub
'----------------------------------------------------------------
' sub: (strServer=ServerName, strSite=MySite)
'----------------------------------------------------------------
Sub ShowConnections(strServer, strSite)
Dim objNTDSCont, objConn, confNC, objDNWithBin
confNC = objRootDSE.Get("configurationNamingContext")
Set objNTDSCont = GetObject("LDAP://cn=NTDS Settings,cn=" & strServer & _
",cn=servers,cn=" & strSite & ",cn=sites," & confNC )
objNTDSCont.Filter = Array("ntdsConnection")
For each objConn in objNTDSCont
If objConn.Get("options") = 0 Then
wscript.echo vbTab & vbTab & "connection...: " & objConn.Get("name") & " (MANUAL)"
Else
wscript.echo vbTab & vbTab & "connection...: " & objConn.Get("name") & " (AUTO)"
End If
wscript.echo vbTab & vbTab & vbTab & "enabled......: " & objConn.enabledConnection
wscript.echo vbTab & vbTab & vbTab & "from.........: " & _
Split(objConn.fromServer, ",")(1)
' wscript.echo vbTab & vbTab & vbTab & "transport....: " & _
' Split(objConn.transportType, ",")(0)
wscript.echo vbTab & vbTab & vbTab & "cname........: " & objConn.Get("cn")
For Each objDNWithBin In objConn.GetEx("ms-DS-ReplicatesNCReason")
wscript.echo vbTab & vbTab & vbTab & "name_context.: " & objDNWithBin.DNString
Next
Next
End Sub
'----------------------------------------------------------------
Sub ShowBridgeHeadTransports(strServer, strSite)
On Error Resume Next
Set objServer = GetObject("LDAP://CN=" & strServer & _
",CN=Servers,CN=" & strSite & "," & _
" CN=Sites,CN=Configuration," & LDAP_DN)
dnBHTList = objServer.GetEx("bridgeheadTransportList")
For Each dnValue in dnBHTList
wscript.echo vbTab & vbTab & "trn-protocol.: " & dnValue
Next
End Sub
'----------------------------------------------------------------
' sub: (ldapPath = LDAP://OU=Sales,DC=domain,DC=com)
'----------------------------------------------------------------
Sub ShowOU_GPO_Info(ldapPath)
On Error Resume Next
Set objContainer = GetObject(ldapPath)
wscript.echo vbCRLF & "# OU GPO PROPERTIES: " & ldapPath & vbCRLF
strGpLink = objContainer.Get("gPLink")
intGpOptions = objContainer.Get("gPOptions")
If strGpLink <> " " Then
'wscript.echo "gplink..: " & strGpLink
arrGpLinkItems = Split(strGpLink,"]")
For i = UBound(arrGPLinkItems) to LBound(arrGpLinkItems) + 1 Step -1
arrGPLink = Split(arrGpLinkItems(i-1),";")
strDNGPLink = Mid(arrGPLink(0),9)
wscript.echo "gpo_link: " & strDNGPLink
wscript.echo "gpo_name: " & GetGPOName(strDNGPLink)
Select Case arrGPLink(1)
Case 0
wscript.echo "No Override is cleared and the GPO is enabled."
Case 1
wscript.echo "No Override is cleared and the GPO is disabled."
Case 2
wscript.echo "No Override is checked and the GPO is enabled."
Case 3
wscript.echo "No Override is checked and the GPO is disabled."
End Select
Next
End If
If intGpOptions = 1 Then
wscript.echo "Block Policy Inheritance is checked."
Else
wscript.echo "Block Policy Inheritance is not checked."
End If
End Sub
'----------------------------------------------------------------
' function: return NAME of a GPO
'----------------------------------------------------------------
Function GetGPOName(strDNGPLink)
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.CommandText = ";;distinguishedName,displayName;onelevel"
Set objRecordSet = objCommand.Execute
While Not objRecordSet.EOF
If objRecordSet.Fields("distinguishedName") = strDNGPLink Then
GetGPOName = objRecordSet.Fields("displayName")
objConnection.Close
Exit Function
End If
objRecordSet.MoveNext
Wend
objConnection.Close
End Function
'----------------------------------------------------------------
' sub: display security rights applied to a given OU
'----------------------------------------------------------------
Sub EnumOU_ACL(ldapPath)
Const SE_SACL_PROTECTED = &H2000
Const ADS_SECURITY_INFO_OWNER = &H1
Const ADS_SECURITY_INFO_GROUP = &H2
Const ADS_OPTION_SECURITY_MASK =&H3
Const ADS_SECURITY_INFO_DACL = &H4
Const ADS_SECURITY_INFO_SACL = &H8
Set objContainer = GetObject(ldapPath)
objContainer.SetOption ADS_OPTION_SECURITY_MASK, ADS_SECURITY_INFO_OWNER _
Or ADS_SECURITY_INFO_GROUP Or ADS_SECURITY_INFO_DACL _
Or ADS_SECURITY_INFO_SACL
Set objNtSecurityDescriptor = objContainer.Get("ntSecurityDescriptor")
intNtSecurityDescriptorControl = objNtSecurityDescriptor.Control
wscript.echo "Auditing Tab"
WScript.StdOut.WriteLine "Allow inheritable auditing entries from" & _
"the parent to "
WScript.StdOut.Write "propogate to this object and all child objects "
If (intNtSecurityDescriptorControl And SE_SACL_PROTECTED) Then
wscript.echo "is disabled."
Else
wscript.echo "is enabled."
End If
wscript.echo vbCRLF
Set objSacl = objNtSecurityDescriptor.SystemAcl
DisplayAceInformation objSacl, "SACL"
End Sub
'----------------------------------------------------------------
Sub DisplayAceInformation(SecurityStructure, strType)
Const ADS_ACETYPE_SYSTEM_AUDIT = &H2
Const ADS_ACETYPE_SYSTEM_AUDIT_OBJECT = &H7
intAceCount = 0
For Each objAce In SecurityStructure
strTrustee = Mid(objAce.Trustee,1,12)
If StrComp(strTrustee, "NT AUTHORITY", 1) <> 0 Then
intAceCount = intAceCount + 1
wscript.echo strType & " permission entry: " & intAceCount
wscript.echo "Name: " & objAce.Trustee
intAceType = objAce.AceType
wscript.echo "ACETYPE IS: " & intAceType
If (intAceType = ADS_ACETYPE_SYSTEM_AUDIT or _
intAceType = ADS_ACETYPE_SYSTEM_AUDIT_OBJECT) Then
WScript.StdOut.Write "Type: Success or Failure Audit"
Else
WScript.StdOut.Write "Audit Type Unknown."
End If
ReadBitsInAccessMask(objAce.AccessMask)
wscript.echo vbCRLF
End If
Next
End Sub
'----------------------------------------------------------------
Sub ReadBitsInAccessMask(AccessMask)
Const ADS_RIGHT_DELETE = &H10000
Const ADS_RIGHT_READ_CONTROL = &H20000
Const ADS_RIGHT_WRITE_DAC = &H40000
Const ADS_RIGHT_WRITE_OWNER = &H80000
Const ADS_RIGHT_DS_CREATE_CHILD = &H1
Const ADS_RIGHT_DS_DELETE_CHILD = &H2
Const ADS_RIGHT_ACTRL_DS_LIST = &H4
Const ADS_RIGHT_DS_SELF = &H8
Const ADS_RIGHT_DS_READ_PROP = &H10
Const ADS_RIGHT_DS_WRITE_PROP = &H20
Const ADS_RIGHT_DS_DELETE_TREE = &H40
Const ADS_RIGHT_DS_LIST_OBJECT = &H80
Const ADS_RIGHT_DS_CONTROL_ACCESS = &H100
wscript.echo vbCRLF & "Standard Access Rights"
If (AccessMask And ADS_RIGHT_DELETE) Then _
wscript.echo vbTab & "-Delete an object."
If (AccessMask And ADS_RIGHT_READ_CONTROL) Then _
wscript.echo vbTab & "-Read permissions."
If (AccessMask And ADS_RIGHT_WRITE_DAC) Then _
wscript.echo vbTab & "-Write permissions."
If (AccessMask And ADS_RIGHT_WRITE_OWNER) Then _
wscript.echo vbTab & "-Modify owner."
wscript.echo vbCRLF & "Directory Service Specific Access Rights"
If (AccessMask And ADS_RIGHT_DS_CREATE_CHILD) Then _
wscript.echo vbTab & "-Create child objects."
If (AccessMask And ADS_RIGHT_DS_DELETE_CHILD) Then _
wscript.echo vbTab & "-Delete child objects."
If (AccessMask And ADS_RIGHT_ACTRL_DS_LIST) Then _
wscript.echo vbTab & "-Enumerate an object."
If (AccessMask And ADS_RIGHT_DS_READ_PROP) Then _
wscript.echo vbTab & "-Read the properties of an object."
If (AccessMask And ADS_RIGHT_DS_WRITE_PROP) Then _
wscript.echo vbTab & "-Write the properties of an object."
If (AccessMask And ADS_RIGHT_DS_DELETE_TREE) Then _
wscript.echo vbTab & "-Delete a tree of objects"
If (AccessMask And ADS_RIGHT_DS_LIST_OBJECT) Then _
wscript.echo vbTab & "-List a tree of objects."
wscript.echo vbCRLF & "Control Access Rights"
If (AccessMask And ADS_RIGHT_DS_CONTROL_ACCESS) + _
(AccessMask And ADS_RIGHT_DS_SELF) = 0 Then
wscript.echo "-None"
Else
If (AccessMask And ADS_RIGHT_DS_CONTROL_ACCESS) Then _
wscript.echo vbTab & "-Extended access rights."
If (AccessMask And ADS_RIGHT_DS_SELF) Then
wscript.echo vbTab & "-Active Directory must validate a property "
wscript.echo vbTab & " write operation beyond the schema definition "
wscript.echo vbTab & " for the attribute."
End If
End If
End Sub
'----------------------------------------------------------------
Sub EnumGPOs()
Dim objGPM, objGPMConstants, objGPMDomain, objGPMSearchCriteria
Dim objGPOList, objGPO
wscript.echo vbCRLF & "# GROUP POLICY OBJECTS" & vbCRLF
On Error Resume Next
Set objGPM = CreateObject("GPMgmt.GPM")
If err.Number <> 0 Then
wscript.echo "error.......: " & _
"GPMC is not installed, unable to enumerate group policy objects"
Exit Sub
End If
Set objGPMConstants = objGPM.GetConstants()
Set objGPMDomain = objGPM.GetDomain(ADSI_DN, "", objGPMConstants.UseAnyDC)
Set objGPMSearchCriteria = objGPM.CreateSearchCriteria
Set objGPOList = objGPMDomain.SearchGPOs(objGPMSearchCriteria)
For each objGPO in objGPOList
wscript.echo "gpo_entity...: " & objGPO.DisplayName
Next
wscript.echo "gpo_count...: " & objGPOList.Count
End Sub
'----------------------------------------------------------------
Sub NetlogonShare()
Dim strDCpath, strPath, objFolder, objFile
wscript.echo vbCRLF & "# NETLOGON SHARE CONTENTS" & vbCRLF
strDCpath = wshShell.ExpandEnvironmentStrings("%logonserver%")
strPath = strDCpath & "\netlogon"
If objFSO.FolderExists(strPath) Then
Set objFolder = objFSO.GetFolder(strPath)
EnumFiles strPath
For each objSub in objFolder.SubFolders
EnumFiles strPath & "\" & objSub.Name
Next
End If
End Sub
'----------------------------------------------------------------
' sub:
'----------------------------------------------------------------
Sub EnumFiles(strFolderPath)
wscript.echo "# enumerating files in " & strFolderPath
If objFSO.FolderExists(strFolderPath) Then
Set objFolder = objFSO.GetFolder(strFolderPath)
For each objFile in objFolder.Files
wscript.echo "file_info...: " & objFile.Name & vbTab & _
objFile.DateLastModified & vbTab & objFile.Size
Next
Else
wscript.echo "error.......: unable to connect to " & strFolderPath
End If
End Sub
No comments:
Post a Comment