List all users from a different domain

07/11/2007, 11h29

Hello,

I currently have several scripts which run in my local domain without any
problems. One script simply searches the domain for all users and returns
their attributes.

I have tried to get this to do the same in a seperate domain in the forest,
but it returns no results.

However, if i target the script at a specific user (rather than searching
the domain) it does return exactly what i want.

Here is what i am using

on error resume next

Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
Set objFS = CreateObject("Scripting.FileSystemObject")
Set objNewFile = objFS.CreateTextFile("domainusers.txt")

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

objCommand.CommandText = _
"SELECT ADsPath FROM 'LDAP://DC=otherdomain,DC=otherdomain' WHERE " _
& "objectCategory='user'"
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst
objnewfile.writeline "samaccountname" & ";" & "givenname" & ";" & "sn" & ";"
& "dn"
Do Until objRecordSet.EOF
strPath = objRecordSet.Fields("ADsPath").Value
Set objuser = GetObject(strPath)

objNewFile.WriteLine objuser.samaccountname & ";" & objuser.givenname & ";"
& objuser.sn & ";" & objuser.distinguishedname
objRecordSet.MoveNext
Loop

*****
If i use this, then it works, but only for the specific user
*****

n Error Resume Next
Set objUser = GetObject _
("LDAP://cn=user,ou=firstou,ou=secondou,dc=otherdomain,dc=o therdomain")

WScript.Echo objuser.samaccountname & ";" & objuser.givenname & ";" &
objuser.sn & ";" & objuser.distinguishedname

****
This is all being ran from my machine in my local domain

07/11/2007, 11h45

a bit more investigation seems to show that it is not entering the do loop
(or that it is but there is nothing there)

"Simon G" wrote:

> Hello,
>
> I currently have several scripts which run in my local domain without any
> problems. One script simply searches the domain for all users and returns
> their attributes.
>
> I have tried to get this to do the same in a seperate domain in the forest,
> but it returns no results.
>
> However, if i target the script at a specific user (rather than searching
> the domain) it does return exactly what i want.
>
> Here is what i am using
>
> on error resume next
>
> Const ADS_SCOPE_SUBTREE = 2
>
> Set objConnection = CreateObject("ADODB.Connection")
> Set objCommand = CreateObject("ADODB.Command")
> objConnection.Provider = "ADsDSOObject"
> objConnection.Open "Active Directory Provider"
> Set objCommand.ActiveConnection = objConnection
> Set objFS = CreateObject("Scripting.FileSystemObject")
> Set objNewFile = objFS.CreateTextFile("domainusers.txt")
>
>
> objCommand.Properties("Page Size") = 1000
> objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
>
> objCommand.CommandText = _
> "SELECT ADsPath FROM 'LDAP://DC=otherdomain,DC=otherdomain' WHERE " _
> & "objectCategory='user'"
> Set objRecordSet = objCommand.Execute
>
> objRecordSet.MoveFirst
> objnewfile.writeline "samaccountname" & ";" & "givenname" & ";" & "sn" & ";"
> & "dn"
> Do Until objRecordSet.EOF
> strPath = objRecordSet.Fields("ADsPath").Value
> Set objuser = GetObject(strPath)
>
> objNewFile.WriteLine objuser.samaccountname & ";" & objuser.givenname & ";"
> & objuser.sn & ";" & objuser.distinguishedname
> objRecordSet.MoveNext
> Loop
>
>
> *****
> If i use this, then it works, but only for the specific user
> *****
>
> n Error Resume Next
> Set objUser = GetObject _
> ("LDAP://cn=user,ou=firstou,ou=secondou,dc=otherdomain,dc=o therdomain")
>
> WScript.Echo objuser.samaccountname & ";" & objuser.givenname & ";" &
> objuser.sn & ";" & objuser.distinguishedname
>
>
> ****
> This is all being ran from my machine in my local domain

07/11/2007, 13h23

I would remove the "On Error Resume Next" so you can tell which statement
raises an error (if any). Does it if you use "GC:" in place of "LDAP:"?
All of the attributes you retrieve are replicated to the Global Catalog.

Also, instead of binding to each user object (which can be slow), you can
retrieve the attribute values you want directly. I would suggest using:
============
objCommand.CommandText = _
"SELECT distinguishedName, sAMAccountName, givenName, sn " _
& "FROM 'GC://DC=otherdomain,DC=otherdomain' WHERE " _
& "objectCategory='user'"
==========
and then in the loop using:
===========
Do Until objRecordSet.EOF
strDN = objRecordSet.Fields("distinguishedName").Value
strNTName = objRecordSet.Fields("sAMAccountName").Value
strFirst = objRecordSet.Fields("givenName").Value
strLast = objRecordSet.Fields("sn").Value
objNewFile.WriteLine strNTName & ";" & strFirst _
& ";" & strLast & ";" & strDN
objRecordSet.MoveNext
Loop
objNewFile.Close
objRecordSet.Close
objConnection.Close

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--
"Simon G" <SimonG@discussions.microsoft.com> wrote in message
news:A59453CF-519B-4669-88DB-69F245AE8B47@microsoft.com...
>a bit more investigation seems to show that it is not entering the do loop
> (or that it is but there is nothing there)
>
> "Simon G" wrote:
>
>> Hello,
>>
>> I currently have several scripts which run in my local domain without any
>> problems. One script simply searches the domain for all users and returns
>> their attributes.
>>
>> I have tried to get this to do the same in a seperate domain in the
>> forest,
>> but it returns no results.
>>
>> However, if i target the script at a specific user (rather than searching
>> the domain) it does return exactly what i want.
>>
>> Here is what i am using
>>
>> on error resume next
>>
>> Const ADS_SCOPE_SUBTREE = 2
>>
>> Set objConnection = CreateObject("ADODB.Connection")
>> Set objCommand = CreateObject("ADODB.Command")
>> objConnection.Provider = "ADsDSOObject"
>> objConnection.Open "Active Directory Provider"
>> Set objCommand.ActiveConnection = objConnection
>> Set objFS = CreateObject("Scripting.FileSystemObject")
>> Set objNewFile = objFS.CreateTextFile("domainusers.txt")
>>
>>
>> objCommand.Properties("Page Size") = 1000
>> objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
>>
>> objCommand.CommandText = _
>> "SELECT ADsPath FROM 'LDAP://DC=otherdomain,DC=otherdomain' WHERE " _
>> & "objectCategory='user'"
>> Set objRecordSet = objCommand.Execute
>>
>> objRecordSet.MoveFirst
>> objnewfile.writeline "samaccountname" & ";" & "givenname" & ";" & "sn" &
>> ";"
>> & "dn"
>> Do Until objRecordSet.EOF
>> strPath = objRecordSet.Fields("ADsPath").Value
>> Set objuser = GetObject(strPath)
>>
>> objNewFile.WriteLine objuser.samaccountname & ";" & objuser.givenname &
>> ";"
>> & objuser.sn & ";" & objuser.distinguishedname
>> objRecordSet.MoveNext
>> Loop
>>
>>
>> *****
>> If i use this, then it works, but only for the specific user
>> *****
>>
>> n Error Resume Next
>> Set objUser = GetObject _
>>
>> ("LDAP://cn=user,ou=firstou,ou=secondou,dc=otherdomain,dc=o therdomain")
>>
>> WScript.Echo objuser.samaccountname & ";" & objuser.givenname & ";" &
>> objuser.sn & ";" & objuser.distinguishedname
>>
>>
>> ****
>> This is all being ran from my machine in my local domain

07/11/2007, 14h50

Fantastic, using the GC works a treat.

"Richard Mueller [MVP]" wrote:

> I would remove the "On Error Resume Next" so you can tell which statement
> raises an error (if any). Does it if you use "GC:" in place of "LDAP:"?
> All of the attributes you retrieve are replicated to the Global Catalog.
>
> Also, instead of binding to each user object (which can be slow), you can
> retrieve the attribute values you want directly. I would suggest using:
> ============
> objCommand.CommandText = _
> "SELECT distinguishedName, sAMAccountName, givenName, sn " _
> & "FROM 'GC://DC=otherdomain,DC=otherdomain' WHERE " _
> & "objectCategory='user'"
> ==========
> and then in the loop using:
> ===========
> Do Until objRecordSet.EOF
> strDN = objRecordSet.Fields("distinguishedName").Value
> strNTName = objRecordSet.Fields("sAMAccountName").Value
> strFirst = objRecordSet.Fields("givenName").Value
> strLast = objRecordSet.Fields("sn").Value
> objNewFile.WriteLine strNTName & ";" & strFirst _
> & ";" & strLast & ";" & strDN
> objRecordSet.MoveNext
> Loop
> objNewFile.Close
> objRecordSet.Close
> objConnection.Close
>
> --
> Richard Mueller
> Microsoft MVP Scripting and ADSI
> Hilltop Lab - http://www.rlmueller.net
> --
> "Simon G" <SimonG@discussions.microsoft.com> wrote in message
> news:A59453CF-519B-4669-88DB-69F245AE8B47@microsoft.com...
> >a bit more investigation seems to show that it is not entering the do loop
> > (or that it is but there is nothing there)
> >
> > "Simon G" wrote:
> >
> >> Hello,
> >>
> >> I currently have several scripts which run in my local domain without any
> >> problems. One script simply searches the domain for all users and returns
> >> their attributes.
> >>
> >> I have tried to get this to do the same in a seperate domain in the
> >> forest,
> >> but it returns no results.
> >>
> >> However, if i target the script at a specific user (rather than searching
> >> the domain) it does return exactly what i want.
> >>
> >> Here is what i am using
> >>
> >> on error resume next
> >>
> >> Const ADS_SCOPE_SUBTREE = 2
> >>
> >> Set objConnection = CreateObject("ADODB.Connection")
> >> Set objCommand = CreateObject("ADODB.Command")
> >> objConnection.Provider = "ADsDSOObject"
> >> objConnection.Open "Active Directory Provider"
> >> Set objCommand.ActiveConnection = objConnection
> >> Set objFS = CreateObject("Scripting.FileSystemObject")
> >> Set objNewFile = objFS.CreateTextFile("domainusers.txt")
> >>
> >>
> >> objCommand.Properties("Page Size") = 1000
> >> objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
> >>
> >> objCommand.CommandText = _
> >> "SELECT ADsPath FROM 'LDAP://DC=otherdomain,DC=otherdomain' WHERE " _
> >> & "objectCategory='user'"
> >> Set objRecordSet = objCommand.Execute
> >>
> >> objRecordSet.MoveFirst
> >> objnewfile.writeline "samaccountname" & ";" & "givenname" & ";" & "sn" &
> >> ";"
> >> & "dn"
> >> Do Until objRecordSet.EOF
> >> strPath = objRecordSet.Fields("ADsPath").Value
> >> Set objuser = GetObject(strPath)
> >>
> >> objNewFile.WriteLine objuser.samaccountname & ";" & objuser.givenname &
> >> ";"
> >> & objuser.sn & ";" & objuser.distinguishedname
> >> objRecordSet.MoveNext
> >> Loop
> >>
> >>
> >> *****
> >> If i use this, then it works, but only for the specific user
> >> *****
> >>
> >> n Error Resume Next
> >> Set objUser = GetObject _
> >>
> >> ("LDAP://cn=user,ou=firstou,ou=secondou,dc=otherdomain,dc=o therdomain")
> >>
> >> WScript.Echo objuser.samaccountname & ";" & objuser.givenname & ";" &
> >> objuser.sn & ";" & objuser.distinguishedname
> >>
> >>
> >> ****
> >> This is all being ran from my machine in my local domain
>
>
>

07/11/2007, 11h29	#1
Simon G Messages: n/a Hébergeur:	List all users from a different domain Hello, I currently have several scripts which run in my local domain without any problems. One script simply searches the domain for all users and returns their attributes. I have tried to get this to do the same in a seperate domain in the forest, but it returns no results. However, if i target the script at a specific user (rather than searching the domain) it does return exactly what i want. Here is what i am using on error resume next Const ADS_SCOPE_SUBTREE = 2 Set objConnection = CreateObject("ADODB.Connection") Set objCommand = CreateObject("ADODB.Command") objConnection.Provider = "ADsDSOObject" objConnection.Open "Active Directory Provider" Set objCommand.ActiveConnection = objConnection Set objFS = CreateObject("Scripting.FileSystemObject") Set objNewFile = objFS.CreateTextFile("domainusers.txt") objCommand.Properties("Page Size") = 1000 objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE objCommand.CommandText = _ "SELECT ADsPath FROM 'LDAP://DC=otherdomain,DC=otherdomain' WHERE " _ & "objectCategory='user'" Set objRecordSet = objCommand.Execute objRecordSet.MoveFirst objnewfile.writeline "samaccountname" & ";" & "givenname" & ";" & "sn" & ";" & "dn" Do Until objRecordSet.EOF strPath = objRecordSet.Fields("ADsPath").Value Set objuser = GetObject(strPath) objNewFile.WriteLine objuser.samaccountname & ";" & objuser.givenname & ";" & objuser.sn & ";" & objuser.distinguishedname objRecordSet.MoveNext Loop *** If i use this, then it works, but only for the specific user * n Error Resume Next Set objUser = GetObject _ ("LDAP://cn=user,ou=firstou,ou=secondou,dc=otherdomain,dc=o therdomain") WScript.Echo objuser.samaccountname & ";" & objuser.givenname & ";" & objuser.sn & ";" & objuser.distinguishedname ** This is all being ran from my machine in my local domain

07/11/2007, 11h45	#2
Simon G Messages: n/a Hébergeur:	RE: List all users from a different domain a bit more investigation seems to show that it is not entering the do loop (or that it is but there is nothing there) "Simon G" wrote: > Hello, > > I currently have several scripts which run in my local domain without any > problems. One script simply searches the domain for all users and returns > their attributes. > > I have tried to get this to do the same in a seperate domain in the forest, > but it returns no results. > > However, if i target the script at a specific user (rather than searching > the domain) it does return exactly what i want. > > Here is what i am using > > on error resume next > > Const ADS_SCOPE_SUBTREE = 2 > > Set objConnection = CreateObject("ADODB.Connection") > Set objCommand = CreateObject("ADODB.Command") > objConnection.Provider = "ADsDSOObject" > objConnection.Open "Active Directory Provider" > Set objCommand.ActiveConnection = objConnection > Set objFS = CreateObject("Scripting.FileSystemObject") > Set objNewFile = objFS.CreateTextFile("domainusers.txt") > > > objCommand.Properties("Page Size") = 1000 > objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE > > objCommand.CommandText = _ > "SELECT ADsPath FROM 'LDAP://DC=otherdomain,DC=otherdomain' WHERE " _ > & "objectCategory='user'" > Set objRecordSet = objCommand.Execute > > objRecordSet.MoveFirst > objnewfile.writeline "samaccountname" & ";" & "givenname" & ";" & "sn" & ";" > & "dn" > Do Until objRecordSet.EOF > strPath = objRecordSet.Fields("ADsPath").Value > Set objuser = GetObject(strPath) > > objNewFile.WriteLine objuser.samaccountname & ";" & objuser.givenname & ";" > & objuser.sn & ";" & objuser.distinguishedname > objRecordSet.MoveNext > Loop > > > *** > If i use this, then it works, but only for the specific user > * > > n Error Resume Next > Set objUser = GetObject _ > ("LDAP://cn=user,ou=firstou,ou=secondou,dc=otherdomain,dc=o therdomain") > > WScript.Echo objuser.samaccountname & ";" & objuser.givenname & ";" & > objuser.sn & ";" & objuser.distinguishedname > > > ** > This is all being ran from my machine in my local domain

07/11/2007, 13h23	#3
Richard Mueller [MVP] Messages: n/a Hébergeur:	Re: List all users from a different domain I would remove the "On Error Resume Next" so you can tell which statement raises an error (if any). Does it if you use "GC:" in place of "LDAP:"? All of the attributes you retrieve are replicated to the Global Catalog. Also, instead of binding to each user object (which can be slow), you can retrieve the attribute values you want directly. I would suggest using: ============ objCommand.CommandText = _ "SELECT distinguishedName, sAMAccountName, givenName, sn " _ & "FROM 'GC://DC=otherdomain,DC=otherdomain' WHERE " _ & "objectCategory='user'" ========== and then in the loop using: =========== Do Until objRecordSet.EOF strDN = objRecordSet.Fields("distinguishedName").Value strNTName = objRecordSet.Fields("sAMAccountName").Value strFirst = objRecordSet.Fields("givenName").Value strLast = objRecordSet.Fields("sn").Value objNewFile.WriteLine strNTName & ";" & strFirst _ & ";" & strLast & ";" & strDN objRecordSet.MoveNext Loop objNewFile.Close objRecordSet.Close objConnection.Close -- Richard Mueller Microsoft MVP Scripting and ADSI Hilltop Lab - http://www.rlmueller.net -- "Simon G" <SimonG@discussions.microsoft.com> wrote in message news:A59453CF-519B-4669-88DB-69F245AE8B47@microsoft.com... >a bit more investigation seems to show that it is not entering the do loop > (or that it is but there is nothing there) > > "Simon G" wrote: > >> Hello, >> >> I currently have several scripts which run in my local domain without any >> problems. One script simply searches the domain for all users and returns >> their attributes. >> >> I have tried to get this to do the same in a seperate domain in the >> forest, >> but it returns no results. >> >> However, if i target the script at a specific user (rather than searching >> the domain) it does return exactly what i want. >> >> Here is what i am using >> >> on error resume next >> >> Const ADS_SCOPE_SUBTREE = 2 >> >> Set objConnection = CreateObject("ADODB.Connection") >> Set objCommand = CreateObject("ADODB.Command") >> objConnection.Provider = "ADsDSOObject" >> objConnection.Open "Active Directory Provider" >> Set objCommand.ActiveConnection = objConnection >> Set objFS = CreateObject("Scripting.FileSystemObject") >> Set objNewFile = objFS.CreateTextFile("domainusers.txt") >> >> >> objCommand.Properties("Page Size") = 1000 >> objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE >> >> objCommand.CommandText = _ >> "SELECT ADsPath FROM 'LDAP://DC=otherdomain,DC=otherdomain' WHERE " _ >> & "objectCategory='user'" >> Set objRecordSet = objCommand.Execute >> >> objRecordSet.MoveFirst >> objnewfile.writeline "samaccountname" & ";" & "givenname" & ";" & "sn" & >> ";" >> & "dn" >> Do Until objRecordSet.EOF >> strPath = objRecordSet.Fields("ADsPath").Value >> Set objuser = GetObject(strPath) >> >> objNewFile.WriteLine objuser.samaccountname & ";" & objuser.givenname & >> ";" >> & objuser.sn & ";" & objuser.distinguishedname >> objRecordSet.MoveNext >> Loop >> >> >> *** >> If i use this, then it works, but only for the specific user >> * >> >> n Error Resume Next >> Set objUser = GetObject _ >> >> ("LDAP://cn=user,ou=firstou,ou=secondou,dc=otherdomain,dc=o therdomain") >> >> WScript.Echo objuser.samaccountname & ";" & objuser.givenname & ";" & >> objuser.sn & ";" & objuser.distinguishedname >> >> >> ** >> This is all being ran from my machine in my local domain

07/11/2007, 14h50	#4
Simon G Messages: n/a Hébergeur:	Re: List all users from a different domain Fantastic, using the GC works a treat. "Richard Mueller [MVP]" wrote: > I would remove the "On Error Resume Next" so you can tell which statement > raises an error (if any). Does it if you use "GC:" in place of "LDAP:"? > All of the attributes you retrieve are replicated to the Global Catalog. > > Also, instead of binding to each user object (which can be slow), you can > retrieve the attribute values you want directly. I would suggest using: > ============ > objCommand.CommandText = _ > "SELECT distinguishedName, sAMAccountName, givenName, sn " _ > & "FROM 'GC://DC=otherdomain,DC=otherdomain' WHERE " _ > & "objectCategory='user'" > ========== > and then in the loop using: > =========== > Do Until objRecordSet.EOF > strDN = objRecordSet.Fields("distinguishedName").Value > strNTName = objRecordSet.Fields("sAMAccountName").Value > strFirst = objRecordSet.Fields("givenName").Value > strLast = objRecordSet.Fields("sn").Value > objNewFile.WriteLine strNTName & ";" & strFirst _ > & ";" & strLast & ";" & strDN > objRecordSet.MoveNext > Loop > objNewFile.Close > objRecordSet.Close > objConnection.Close > > -- > Richard Mueller > Microsoft MVP Scripting and ADSI > Hilltop Lab - http://www.rlmueller.net > -- > "Simon G" <SimonG@discussions.microsoft.com> wrote in message > news:A59453CF-519B-4669-88DB-69F245AE8B47@microsoft.com... > >a bit more investigation seems to show that it is not entering the do loop > > (or that it is but there is nothing there) > > > > "Simon G" wrote: > > > >> Hello, > >> > >> I currently have several scripts which run in my local domain without any > >> problems. One script simply searches the domain for all users and returns > >> their attributes. > >> > >> I have tried to get this to do the same in a seperate domain in the > >> forest, > >> but it returns no results. > >> > >> However, if i target the script at a specific user (rather than searching > >> the domain) it does return exactly what i want. > >> > >> Here is what i am using > >> > >> on error resume next > >> > >> Const ADS_SCOPE_SUBTREE = 2 > >> > >> Set objConnection = CreateObject("ADODB.Connection") > >> Set objCommand = CreateObject("ADODB.Command") > >> objConnection.Provider = "ADsDSOObject" > >> objConnection.Open "Active Directory Provider" > >> Set objCommand.ActiveConnection = objConnection > >> Set objFS = CreateObject("Scripting.FileSystemObject") > >> Set objNewFile = objFS.CreateTextFile("domainusers.txt") > >> > >> > >> objCommand.Properties("Page Size") = 1000 > >> objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE > >> > >> objCommand.CommandText = _ > >> "SELECT ADsPath FROM 'LDAP://DC=otherdomain,DC=otherdomain' WHERE " _ > >> & "objectCategory='user'" > >> Set objRecordSet = objCommand.Execute > >> > >> objRecordSet.MoveFirst > >> objnewfile.writeline "samaccountname" & ";" & "givenname" & ";" & "sn" & > >> ";" > >> & "dn" > >> Do Until objRecordSet.EOF > >> strPath = objRecordSet.Fields("ADsPath").Value > >> Set objuser = GetObject(strPath) > >> > >> objNewFile.WriteLine objuser.samaccountname & ";" & objuser.givenname & > >> ";" > >> & objuser.sn & ";" & objuser.distinguishedname > >> objRecordSet.MoveNext > >> Loop > >> > >> > >> *** > >> If i use this, then it works, but only for the specific user > >> * > >> > >> n Error Resume Next > >> Set objUser = GetObject _ > >> > >> ("LDAP://cn=user,ou=firstou,ou=secondou,dc=otherdomain,dc=o therdomain") > >> > >> WScript.Echo objuser.samaccountname & ";" & objuser.givenname & ";" & > >> objuser.sn & ";" & objuser.distinguishedname > >> > >> > >> ** > >> This is all being ran from my machine in my local domain > > >

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email