Announcement

Collapse
No announcement yet.

Need help making a LOOP

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Need help making a LOOP

    Hi all,
    I have this script that works, but I need it to run against every user in AD, not just a single account. Can someone show me how to make it loop through all of AD? Ive read that you can use ADO to bind to each object, check the setting, write it to a file, then go on to the next.

    Heres the script:

    Const SE_DACL_PROTECTED = &H1000
    Dim objUser, objNtSecurityDescriptor, intNtSecurityDescriptorControl

    Set objUser = GetObject(ldap://dc=z,dc=com)

    Wscript.Echo "User: " & objUser.sAMAccountName

    Set objNtSecurityDescriptor = objUser.Get("ntSecurityDescriptor")
    intNtSecurityDescriptorControl = objNtSecurityDescriptor.Control
    If (intNtSecurityDescriptorControl And SE_DACL_PROTECTED) Then
    Wscript.Echo "Allow inheritable permissions check box disabled"
    Else
    Wscript.Echo "Allow inheritable permissions check box enabled"
    End If

    Thanks!

  • #2
    Re: Need help making a LOOP

    Code:
    Const SE_DACL_PROTECTED = &H1000
    
    Dim objRootDSE
    
    With WScript.CreateObject("WScript.Network")
       Set objRootDSE = GetObject _
         ("LDAP://" & .UserDomain & "/RootDSE")
    End With
    
    strDomainDN = objRootDSE.Get("DefaultNamingContext")
    
    Set objCommand = CreateObject("ADODB.Command")
    Set objConnection = CreateObject("ADODB.Connection")
    
    objConnection.Provider = "ADsDSOObject"
    objConnection.Open "Active Directory Provider"
    
    objCommand.ActiveConnection = objConnection
    objCommand.Properties("Searchscope") = 2 ' SUBTREE
    objCommand.Properties("Page Size") = 250
    objCommand.Properties("Timeout") = 30
    objCommand.Properties("Cache Results") = False
    objCommand.CommandText = _
        "SELECT ADsPath FROM 'LDAP://" & strDomainDN _
        & "' WHERE sAMAccountType=805306368"
    
    Set objRecordSet = objCommand.Execute
    
    On Error resume Next
    If not objRecordSet.eof then 
       objRecordSet.MoveFirst
    
       Do Until objRecordSet.EOF
    
         ModUser objRecordSet.Fields("ADsPath").Value
    
         objRecordSet.MoveNext
       Loop
    End If
    objRecordset.Close : objConnection.Close
    
    wscript.echo "-done-" : wscript.quit 0
    
    
    Sub ModUser(strADsPath)
       Dim objUser, objNtSecurityDescriptor, intNtSecurityDescriptorControl
    
       Set objuser = GetObject(strADsPath)
    
       Wscript.Echo "User: " & objUser.sAMAccountName
    
       Set objNtSecurityDescriptor = objUser.Get("ntSecurityDescriptor")
       intNtSecurityDescriptorControl = objNtSecurityDescriptor.Control
    
       If (intNtSecurityDescriptorControl And SE_DACL_PROTECTED) Then
         Wscript.Echo """Include inheritable permissions from this object's parent"" check box disabled"
       Else
         Wscript.Echo """Include inheritable permissions from this object's parent"" check box enabled"
       End If
    End Sub
    \Rems

    This posting is provided "AS IS" with no warranties, and confers no rights.

    __________________

    ** Remember to give credit where credit's due **
    and leave Reputation Points for meaningful posts

    Comment


    • #3
      Re: Need help making a LOOP

      Thats great Rems, Thanks, worked perfectly!

      Comment

      Working...
      X