OpenXML for IT Pros..

I was told of these 2 videos by Eric White.

It features 2 screencasts showing how IT Pros can use OpenXML.
First video shows how to use Open XML to compare 2 documents.

http://images.video.msn.com/flash/soapbox1_1.swf
Video: How to compare two Open XML documents

 

This video talks about Open XML with PowerShell.

http://images.video.msn.com/flash/soapbox1_1.swf
Video: PowerTools for Open XML Introduction

/Dennis

Advertisements

Search a user by username and list its Group memberships

I was writing this to help a vendor coz he kept asking me the groups of some particular account. So i thought i write this to help him. Or rather, save myself from having to reply to his email. <grin>
 
The script below will prompt you for a user ID, it will then return you the group membership of the account it belongs to. And since i wrote this, i thought i share it.
 
Copy the codes and paste it to a notepad, save as a .vbs file to use it.
====================================================
On Error Resume Next

Const E_ADS_PROPERTY_NOT_FOUND = &h8000500D
Const ADS_SCOPE_SUBTREE = 2
Const ADS_UF_LOCKOUT = &H0010

DomainDN = "dc=domain,dc=com"

strUserName = ""
strUserDN = ""
strGroups = ""

strUserName = InputBox ("Enter User ID: eg, abc", "Enter User Name")

‘========================================
‘Connect to AD to search for User account
‘========================================

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

objCommand.CommandText = _
"SELECT distinguishedName FROM ‘LDAP://" & DomainDN & _
"’ WHERE objectCategory=’user’ and samAccountName=’" & strUserName & "’"

Set objRecordSet = objCommand.Execute

If objRecordSet.RecordCount = 0 Then
WScript.Echo strUserName & " cannot be found in Active Directory"
WScript.Quit
Else
strUserDN = objRecordSet.Fields("distinguishedName").Value
End If

‘==============================================================
‘If user is found, its DN is used to retrieve group memberships
‘==============================================================

Set objUser = GetObject("LDAP://" & struserDN)

intPrimaryGroupID = objUser.Get("primaryGroupID")
arrMemberOf = objUser.GetEx("memberOf")

If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
WScript.Echo "The memberOf attribute is not set."
Wscript.quit
Else
For Each Group in arrMemberOf
strGroups = strGroups & Group & vbcrlf
Next
End If

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"

Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
objCommand.CommandText = ";(objectCategory=Group);distinguishedName,primaryGroupToken;subtree"
Set objRecordSet = objCommand.Execute

objConnection.Close

Wscript.echo strGroups
====================================================

/Dennis Chung

Count the number of members in an AD Group

Purpose: Helps you enumerate all the groups in your active directory domain and checks each group’s membership count. You set a value to compare, if the members in the group is more than what you specify, the script will prompt you the group name and the count.

I wrote this because Webphere has got some limitation. If we specify a group in active directory, and it contains more than 1000 members, Websphere will reject the group totally. To work around, create multiple groups and make this group smaller than 1000. Stupid right?? Thats why my office is abandoning Websphere for Sharepoint. I’m hired for this transition. Cool isn’t it… 😉

How to use:

  1. Save the script anywhere, name it CheckCount.vbs
  2. I assume you save it to c:\script
  3. Open a command prompt and navigate to c:\Script
  4. Type in "cscript CheckCount.vbs > results.txt"
  5. Wait till operations finish, use notepad to open results.txt

Done. Enjoy. Of course, there are many rooms to improve. I realise this Counting of Members in Group code wasn’t easily found on the net, so i’m sharing it here.

You can download the script here.

http://sgwindowsgroup.org/forums/thread/3240.aspx

‘************************************************************

‘ Name: Dennis Chung (Dennis@mvps.org)
‘ MCP, MCSA, MCSE, MCTS, MCITP, MCDBA, MCT, MVP
‘ Version: 1.0
‘ Description: Grabs every security group in AD and outputs
‘ to screen any group containing more members
‘ than specified value.
‘ Date: 07 July 06

‘************************************************************

‘********************************************************
‘Membercount specified the number of member in a group
‘Any group containing members more than this number will
‘trigger the prompt
‘********************************************************

MemberCount = 950
‘********************************************************

‘This is the domain in which the script will run against
‘In order for the script to run successfully, you need to
‘login to the domain directly
‘********************************************************
Domain = "dc=contoso,dc=msft"
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

‘********************************************************
‘This is the query that grabs every single group.
‘You can use "Name=gp*" as part of the query to pull out
‘group that starts with gp*
‘********************************************************
objCommand.CommandText = _
"SELECT distinguishedName FROM ‘LDAP://" & Domain & "’ WHERE objectCategory=’group’"
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF

‘***************************************************************************
‘For every group that was retrieved from the domain, check the members count
‘***************************************************************************

Set objGroup = GetObject("LDAP://" & objRecordSet.Fields("distinguishedName").Value)
Set adsMember = objGroup.Members

‘**************************************************************
‘If the count is larger than the MemberCount, it’ll be prompted
‘**************************************************************

If adsMember.Count > MemberCount Then 
   WScript.echo objRecordSet.Fields("distinguishedName").Value & " – " & adsMember.Count
End If

objRecordSet.MoveNext

Loop

Enumerating all computers in a domain into a file

Copy the syntax into a .vbs file of anyname.
The script will output a file called machines.txt in the C:\
=============================================
LogFile = "C:\machines.txt"
Const ForWriting = 2
Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"

Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = _
   "Select Name, Location from ‘LDAP://DC=contoso,DC=msft’ where objectClass=’computer’"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst

Set objFSO =
CreateObject("Scripting.FileSystemObject")
Set objFile = objFSO.CreateTextFile(LogFile, ForWriting)

Do Until objRecordSet.EOF
   objFile.WriteLine objRecordSet.Fields("Name").Value
   objRecordSet.MoveNext
Loop
=============================================

 
/DennisChung