Announcement

Collapse
No announcement yet.

LDAp Query help

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • LDAp Query help

    Hi,

    I have a query which pulls the user names from an OU but cannot get the emails associated with the user name. Can somebody please help. The OU is a security group and users under that group.

    Set FSO = Createobject("Scripting.FileSystemObject")
    Set objGroup = GetObject("ldap://CN=Security Group,OU=Group OU,OU=Email Groups, DC=domain,DC=com")
    For Each strUser in objGroup.Member
    Set objUser = GetObject("LDAP://" & strUser)
    UserName = mid(Left(strUser, instr(strUser,",")-1), 4)
    UserList = UserList & UserName & vbCRLF
    Next

    'Wscript.Echo UserList
    Set LogFile = FSO.CreateTextFile("Security Group.txt", 2, "True")
    LogFile.Write UserList
    LogFile.Close
    Wscript.quit

  • #2
    Re: LDAp Query help

    Code:
    '# This script list the User objects in one Group, 
    '#   show their primary email-address first,
    '#   next, secondary email-addresses are displayed sorted by name
    '# If the group also contains nested groups, the script will use
    '# recursion to Enumerate members in the subgroups too. 
    
    DIM objGroupList, UserList
    
    Set objGroup1 = GetObject _
      ("LDAP://CN=Security Group,OU=Group OU,OU=Email Groups, DC=domain,DC=com") 
    
    '# Setup dictionary object.
    '# (By Richard Mueller http://www.rlmueller.net/MemberOf.htm )
    Set objGroupList = CreateObject("Scripting.Dictionary")
    '# Make group name comparisons case insensitive.
    objGroupList.CompareMode = vbTextCompare
    '# Add the NetBIOS name of the group to the dictionary object.
    '# NetBIOS names, unlike Common Names, must be unique in the domain.
    objGroupList.Add objGroup1.sAMAccountName, True
    
    call ListMembers(objGroup1)
    
    Set FSO = Createobject("Scripting.FileSystemObject")
    'wscript.echo UserList
    Set LogFile = FSO.CreateTextFile("c:\Security Group.txt", 2, True)
    LogFile.Write UserList
    LogFile.Close
    
    Wscript.quit
    
    
    Sub ListMembers(ByVal objGroup)
      For each objMember in objGroup.Members
        strClass = objMember.Class
    
        If LCase(strClass) = "user" then
          If Not IsEmpty(objMember.proxyAddresses) then
            strEmailaddresses = GetSMTP(objMember.GetEx("proxyAddresses"))
          End If
          UserName = objMember.cn
          UserList = UserList & UserName & " - " & strEmailaddresses _
                     & vbNewLine
     
        ElseIf LCase(strClass) = "group" then
          '# Check if this group has been encountered before.
          If (objGroupList.Exists(objMember.sAMAccountName) = False) Then
            '# Add this group to the dictionary object, so we avoid
            '# an infinite loop if the group nesting is circular.
            objGroupList.Add objMember.sAMAccountName, True
            '# Enumerate nested groups with a recursive call to this sub.
            call ListMembers(objMember)
          End If
    
        Else
          UserList = UserList & strClass & " - " &  objMember.Name _
                     & vbNewLine
        End If
      Next
    End Sub
    
    Function GetSMTP(ByVal arrProxyAddresses)
        Const PRIMARY_EMAILADDRESS   = "SMTP:"
        Const SECONDARY_EMAILADDRESS = "smtp:"
    
        '# Sort by ProxyAddress. Determine Primary email-address
        Dim j, k, strHolder
        For j = (UBound(arrProxyAddresses) - 1) To 0 Step -1
           For k= 0 to j
              If UCase(arrProxyAddresses(k)) _
               > UCase(arrProxyAddresses(k+1)) Then
                 strHolder = arrProxyAddresses(k+1)
                 arrProxyAddresses(k+1) = arrProxyAddresses(k)
                 arrProxyAddresses(k) = strHolder
              End if
              IF (Left(arrProxyAddresses(k),5) = PRIMARY_EMAILADDRESS) _
               Then GetSMTP = Mid(arrProxyAddresses(k),6)
           Next
        Next
    
        For Each ProxyAddress in arrProxyAddresses
           If (Left(ProxyAddress,5)= SECONDARY_EMAILADDRESS) Then
             GetSMTP = GetSMTP & "," & Mid(proxyAddress,6)
           End If
        Next
    End Function
    In your script you use the GetObject() method to seperately bind to the objectMember (ObjUser), that is not nessesary. But since a group member can be of any object class, you should check for objMember.Class = "user" to be sure you are dealing with a user.

    GetSMTP: The "proxyAddresses" attribute of the user object can be multi-valued or can contain just one proxyaddress or no addressess. So the value returned can be one of these three kind of data types, a variant(), a string or an empty string. A "For-Each" statement expects an Array or an Variant() but not a data type String. To make it an "Array" you must use the GetEx() method. An Array can contain multiple or just one element. This will partly solve the data type problem, but since you can not run a for-each loop with an empty array (when the user does not have any emailaddresses), you should check the variable before the loop if it is empty (or, alternatively you could also do some error handling in the script).


    \Rems
    Last edited by Rems; 1st December 2008, 20:49. Reason: modified the 'GetSMTP' function

    This posting is provided "AS IS" with no warranties, and confers no rights.

    __________________

    ** Remember to give credit where credit's due **
    and leave Reputation Points for meaningful posts

    Comment


    • #3
      Re: LDAp Query help

      Hi Rems,

      The script works awesome but there is just 1 problem. There are a lot of members in that group who are setup as just outside contacts and not as users so when I run the script i just get

      contact - CN=Linda Wickett
      contact - CN=Donalda Cresswell
      contact - CN=Kevin Klimuk
      contact - CN=Geoff Moore
      contact - CN=Curtis Jobs

      There are some users in the group and I get thir whole name and the email address.

      Can we modify the script to pull the email address from these contacts.

      Thanks,

      Comment


      • #4
        Re: LDAp Query help

        The object attributes that are used for the output list happen to be the same for userobjects and for contact object.
        Therefore you could easily modify this line to:
        If LCase(strClass) = "user" OR LCase(strClass) = "contact" Then
        And keep the rest as it was.

        Or, you can use the "Select...Case" statements as an alternative to the "If...Then...Else" statements
        The modified ListMembers() sub routine would then look like,
        Code:
        Sub ListMembers(ByVal objGroup)
          For each objMember in objGroup.Members
            strClass = objMember.Class
        
            Select case LCase(strClass)
        
            Case "contact", "user"
              If Not IsEmpty(objMember.proxyAddresses) then
                strEmailaddresses = GetSMTP(objMember.GetEx("proxyAddresses"))
              End If
              UserName = objMember.cn
              UserList = UserList & UserName & " - " & strEmailaddresses _
                         & vbNewLine
        
            Case "group"
              '# optional, you could add some additional code here to determine whether the group
              '# is mail enabled. And retrieve the emailaddresses that are attached to the group.
        
              '# Check if this group has been encountered before.
              If (objGroupList.Exists(objMember.sAMAccountName) = False) Then
                '# Add this group to the dictionary object, so we avoid
                '# an infinite loop if the group nesting is circular.
                objGroupList.Add objMember.sAMAccountName, True
                '# Enumerate nested groups with a recursive call to this sub.
                call ListMembers(objMember)
              End If
        
            Case Else
              UserList = UserList & strClass & " - " &  objMember.Name _
                         & vbNewLine
            End Select
          Next
        End Sub
        Now you can add more "cases"
        or, split out user and contacts statements - if you planned to involve typical user or typical contact attributes.

        \Rems
        Last edited by Rems; 1st December 2008, 20:54.

        This posting is provided "AS IS" with no warranties, and confers no rights.

        __________________

        ** Remember to give credit where credit's due **
        and leave Reputation Points for meaningful posts

        Comment

        Working...
        X