Need help making a LOOP

Home Forums Scripting Windows Script Host Need help making a LOOP

This topic contains 2 replies, has 2 voices, and was last updated by Avatar braul 9 years, 2 months ago.

Viewing 3 posts - 1 through 3 (of 3 total)
  • Author
    Posts
  • Avatar
    braul
    Member
    #151378

    Hi all,
    I have this script that works, but I need it to run against every user in AD, not just a single account. Can someone show me how to make it loop through all of AD? Ive read that you can use ADO to bind to each object, check the setting, write it to a file, then go on to the next.

    Heres the script:

    Const SE_DACL_PROTECTED = &H1000
    Dim objUser, objNtSecurityDescriptor, intNtSecurityDescriptorControl

    Set objUser = GetObject(ldap://dc=z,dc=com)

    Wscript.Echo “User: ” & objUser.sAMAccountName

    Set objNtSecurityDescriptor = objUser.Get(“ntSecurityDescriptor”)
    intNtSecurityDescriptorControl = objNtSecurityDescriptor.Control
    If (intNtSecurityDescriptorControl And SE_DACL_PROTECTED) Then
    Wscript.Echo “Allow inheritable permissions check box disabled”
    Else
    Wscript.Echo “Allow inheritable permissions check box enabled”
    End If

    Thanks!

    Rems
    Rems
    Moderator
    #227859

    Re: Need help making a LOOP

    Const SE_DACL_PROTECTED = &H1000

    Dim objRootDSE

    With WScript.CreateObject(“WScript.Network”)
    Set objRootDSE = GetObject _
    (“LDAP://” & .UserDomain & “/RootDSE”)
    End With

    strDomainDN = objRootDSE.Get(“DefaultNamingContext”)

    Set objCommand = CreateObject(“ADODB.Command”)
    Set objConnection = CreateObject(“ADODB.Connection”)

    objConnection.Provider = “ADsDSOObject”
    objConnection.Open “Active Directory Provider”

    objCommand.ActiveConnection = objConnection
    objCommand.Properties(“Searchscope”) = 2 ‘ SUBTREE
    objCommand.Properties(“Page Size”) = 250
    objCommand.Properties(“Timeout”) = 30
    objCommand.Properties(“Cache Results”) = False
    objCommand.CommandText = _
    “SELECT ADsPath FROM ‘LDAP://” & strDomainDN _
    & “‘ WHERE sAMAccountType=805306368”

    Set objRecordSet = objCommand.Execute

    On Error resume Next
    If not objRecordSet.eof then
    objRecordSet.MoveFirst

    Do Until objRecordSet.EOF

    ModUser objRecordSet.Fields(“ADsPath”).Value

    objRecordSet.MoveNext
    Loop
    End If
    objRecordset.Close : objConnection.Close

    wscript.echo “-done-” : wscript.quit 0

    Sub ModUser(strADsPath)
    Dim objUser, objNtSecurityDescriptor, intNtSecurityDescriptorControl

    Set objuser = GetObject(strADsPath)

    Wscript.Echo “User: ” & objUser.sAMAccountName

    Set objNtSecurityDescriptor = objUser.Get(“ntSecurityDescriptor”)
    intNtSecurityDescriptorControl = objNtSecurityDescriptor.Control

    If (intNtSecurityDescriptorControl And SE_DACL_PROTECTED) Then
    Wscript.Echo “””Include inheritable permissions from this object’s parent”” check box disabled”
    Else
    Wscript.Echo “””Include inheritable permissions from this object’s parent”” check box enabled”
    End If
    End Sub
    [/CODE]

    Rems[CODE]
    Const SE_DACL_PROTECTED = &H1000

    Dim objRootDSE

    With WScript.CreateObject(“WScript.Network”)
    Set objRootDSE = GetObject _
    (“LDAP://” & .UserDomain & “/RootDSE”)
    End With

    strDomainDN = objRootDSE.Get(“DefaultNamingContext”)

    Set objCommand = CreateObject(“ADODB.Command”)
    Set objConnection = CreateObject(“ADODB.Connection”)

    objConnection.Provider = “ADsDSOObject”
    objConnection.Open “Active Directory Provider”

    objCommand.ActiveConnection = objConnection
    objCommand.Properties(“Searchscope”) = 2 ‘ SUBTREE
    objCommand.Properties(“Page Size”) = 250
    objCommand.Properties(“Timeout”) = 30
    objCommand.Properties(“Cache Results”) = False
    objCommand.CommandText = _
    “SELECT ADsPath FROM ‘LDAP://” & strDomainDN _
    & “‘ WHERE sAMAccountType=805306368”

    Set objRecordSet = objCommand.Execute

    On Error resume Next
    If not objRecordSet.eof then
    objRecordSet.MoveFirst

    Do Until objRecordSet.EOF

    ModUser objRecordSet.Fields(“ADsPath”).Value

    objRecordSet.MoveNext
    Loop
    End If
    objRecordset.Close : objConnection.Close

    wscript.echo “-done-” : wscript.quit 0

    Sub ModUser(strADsPath)
    Dim objUser, objNtSecurityDescriptor, intNtSecurityDescriptorControl

    Set objuser = GetObject(strADsPath)

    Wscript.Echo “User: ” & objUser.sAMAccountName

    Set objNtSecurityDescriptor = objUser.Get(“ntSecurityDescriptor”)
    intNtSecurityDescriptorControl = objNtSecurityDescriptor.Control

    If (intNtSecurityDescriptorControl And SE_DACL_PROTECTED) Then
    Wscript.Echo “””Include inheritable permissions from this object’s parent”” check box disabled”
    Else
    Wscript.Echo “””Include inheritable permissions from this object’s parent”” check box enabled”
    End If
    End Sub
    [/CODE]

    Rems

    Avatar
    braul
    Member
    #337734

    Re: Need help making a LOOP

    Thats great Rems, Thanks, worked perfectly!

Viewing 3 posts - 1 through 3 (of 3 total)

You must be logged in to reply to this topic.