RE: [ActiveDir] attribute for remote access

Thu, 18 Dec 2003 13:10:37 -0800 

 I should have just sent the whole script the first time. Anyway, here you
go (watch for line wraps)

=================================================================
Option Explicit

Const adStateOpen = 1

Dim agencyOU
Dim RootDSE
Dim SearchRoot
Dim ldapPath
Dim adoConnection
Dim adoRecordset
Dim thisDate
Dim userADsPath
Dim objUser
Dim dialInEnabled
Dim objRecordSet
Dim fileSys
Dim fileName
Dim fileTxt
Dim j

Const ForReading = 1, ForWriting = 2, ForAppending = 8
Const adVarChar = 200 'specifies a string type data


'Create the disconnected recordset
Set objRecordset = CreateObject("ADODB.Recordset")
objRecordset.Fields.Append "UserName", adVarChar, 50
objRecordset.Fields.Append "ACF2ID", adVarChar, 10
objRecordset.Fields.Append "DialInState", adVarChar, 50
objRecordset.Open

Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADSDSOObject"
adoConnection.Open "", "", ""


agencyOU = InputBox ("Enter the Agency's root OU")

Set RootDSE = GetObject("LDAP://RootDSE";)
searchRoot = RootDSE.Get("defaultNamingContext")

ldapPath = "ou=" & agencyOU & "," & searchRoot
'On Error Resume Next
Set adoRecordset = adoConnection.Execute _
        ("<LDAP://"; & ldapPath & ">;(objectClass=User);" _
        & "Name,ADsPath,sAMAccountName;SubTree")


'Set up the text file for output
thisDate = FormatDateTime(Now(), 1)
thisDate = split(thisDate, ", ")
fileName = thisDate(0) & thisDate(1) & ".txt"
'Wscript.Echo fileName
set fileSys = CreateObject("Scripting.FileSystemObject")
Set fileTxt = fileSys.OpenTextFile(fileName, ForAppending, True)
fileTxt.WriteLine(vbCrLf &
"***********************************************************")
fileTxt.WriteLine(formatdatetime(now(),2))
fileTxt.WriteLine(ldapPath)
fileTxt.WriteLine(vbCrLf)

'Loop through all of the user objects, and print out those who are able to
dial in or VPN
While Not adoRecordset.EOF      
        userADsPath = adoRecordset.Fields.Item("ADsPath").Value
        set objUser = GetObject(userADsPath)
                dialInEnabled = objUser.msNPAllowDialin
                If (dialInEnabled = True) then
                        objRecordset.AddNew
                        objRecordSet("UserName") =
adoRecordset.Fields.Item("Name").Value
                        objRecordSet("ACF2ID") =
adoRecordset.Fields.Item("SAMAccountName").Value
                        objRecordSet("DialInState") = dialInEnabled
                        objRecordSet.Update
                        
                End If
        adoRecordset.MoveNext
Wend

adoConnection.Close
Set adoRecordset = Nothing

'-----------Output Attempt from the disconnected
ADORecordset-------------------

objRecordSet.MoveFirst
'sort it by user name
objRecordSet.Sort="UserName ASC"
While Not objRecordSet.EOF
        fileTxt.WriteLine(objRecordSet.Fields.Item("UserName") & VBTab & "("
& objRecordSet.Fields.Item("ACF2ID") & ")" & VBTab & "Remote Access
Permission = " & objRecordSet.Fields.Item("DialInState"))
        objRecordSet.MoveNext
Wend
fileTxt.WriteLine(vbCrLf)
j = objRecordSet.RecordCount
fileTxt.WriteLine("Total number of dial-in enabled users is " & j)
objRecordSet.Close
set objRecordSet = Nothing

Wscript.Echo "Script finished"

============================================================================
==

-----Original Message-----
From: Creamer, Mark [mailto:[EMAIL PROTECTED] 
Sent: Thursday, December 18, 2003 12:24 PM
To: [EMAIL PROTECTED]
Subject: RE: [ActiveDir] attribute for remote access

Thanks guys - that made things a heck of a lot easier!

<mc>
-----Original Message-----
From: Fuller, Stuart [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 18, 2003 2:00 PM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] attribute for remote access

Looking at this attrib via ADSI Edit shows that msNPAllowDialin set to
"True" is equiv. to "allow". "False" is equiv to "deny" and "<not set>" is
"Control access through Remote Access Policy".

-Stuart

-----Original Message-----
From: Coleman, Hunter [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 18, 2003 11:52 AM
To: '[EMAIL PROTECTED]'
Subject: RE: [ActiveDir] attribute for remote access

Mark-

Here's a snippit of a script we use to check that:
 
userADsPath = adoRecordset.Fields.Item("ADsPath").Value
 set objUser = GetObject(userADsPath)
  dialInEnabled = objUser.msNPAllowDialin

Hunter

________________________________

From: Creamer, Mark [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 18, 2003 11:09 AM
To: [EMAIL PROTECTED]
Subject: [ActiveDir] attribute for remote access



Anyone know what schema attribute controls the remote access policy (has 3
choices, Allow, Deny or Control by Policy)? I'd like to query for the users
with Allow enabled.

 

Thanks!

 

Mark Creamer

Systems Engineer

Cintas Corporation

Honesty and Integrity in Everything We Do

List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info   : http://www.activedir.org/mail_list.htm
List FAQ    : http://www.activedir.org/list_faq.htm
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/

Reply via email to