For part 2 Download psexec.exe (sysinternals)
Create a computerlist.txt with all the pcnames (FQDN if you don't trust your wins) >From command line (replace %i with %%i if using batch file) using your DA/EA >credentials for example For /F %i IN (computerlist.txt) do echo %i >> logfile.txt psexec \\%i net user >> logfile.txt Note: Above will query remotely irregardless if computer is online or offline (slow if offline) - you can modify to include ping test if you want. Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 10, 2005 11:47 PM To: [email protected] Subject: Re: [ActiveDir] 2 quick favors I get errors with this script- "the active directory property cannot be found in the cache" I'm running win2k native mode domain. thanks. sorry to bother. On 8/10/05, Alain Lissoir <[EMAIL PROTECTED]> wrote: > For 1/, try this one below. For 2/ I don't have one close but I'm sure some > folks here can feed you ... > > The script doesn't dump in a text file, but that's an easy addition. HTH > > ' FindGPOLinks v1.04.vbs - Version 1.04 - Alain Lissoir > ' > ' WSH Script browsing the 'DefaultNamingContext' and the > 'configurationNamingContext' > ' to retrieve the Group Policies linked to AD objects. > ' This should facilitate the search of created policies in the Active > Directory. > ' > ' The script is using a basic LDAP access in the current user context, > ' so, you should have enough rights to access AD objects. > ' > ' Change in version 1.04 > ' > ' - Add an error Handler in the "ShowMemberInfo" Private Sub > ' > ' Change in version 1.02 > ' > ' - Query the schema to get the property list associated to the > 'groupPolicyContainer' class. > ' - Display only the defined properties for that class. > ' - For the defined properties, the scripts shows the syntax to be used by > the property. > ' - Take in account the fact that more than one policy can be defined at the > container level. > ' > ' Change in version 1.01 > ' > ' - Add some code to bind to the GPLink LDAP Pointer to extract some > properties. > ' > ' Any comments or questions: EMail:[EMAIL PROTECTED] > > Option Explicit > > Dim ObjRoot > Dim Object > Dim ObjMember > > ' > ---------------------------------------------------------------------------- > ------- > WScript.Echo > WScript.Echo "Looking inside 'configurationNamingContext'" > Set objRoot = GetObject("LDAP://RootDSE") > Object = objRoot.Get("configurationNamingContext") > > Call LookInsideObject (Object) > > Set Object = Nothing > Set objRoot = Nothing > > ' > ---------------------------------------------------------------------------- > ------- > WScript.Echo > WScript.Echo "Looking inside 'DefaultNamingContext'" > Set objRoot = GetObject("LDAP://RootDSE") > Object = objRoot.Get("DefaultNamingContext") > > Call LookInsideObject (Object) > > Set Object = Nothing > Set objRoot = Nothing > > WScript.Quit (0) > > ' > ---------------------------------------------------------------------------- > ------- > Private Sub LookInsideObject (Object) > > Dim objMember > Dim Member > > Set objMember = GetObject ("LDAP://" & Object) > > if objMember.Class <> "sitesContainer" And _ > objMember.Class <> "container" And _ > objMember.Class <> "configuration" _ > Then Call ShowMemberInfo (objMember) > > For Each Member in objMember > If Member.Class = "domainDNS" Or _ > Member.Class = "organizationalUnit" Or _ > Member.Class = "sitesContainer" Or _ > Member.Class = "site" Or _ > Member.Class = "container" _ > Then Call LookInsideObject (Member.Name & "," & Object) > Next > > Set objMember = Nothing > > End Sub > > ' > ---------------------------------------------------------------------------- > ------- > Private Sub ShowMemberInfo (Object) > > Dim longStartPolicyPath > Dim longEndPolicyPath > Dim strPolicyPathSource > Dim strPolicyPath > > Dim objPolicy > Dim objPolicyClassDef > Dim objPolicyProperty > > Dim strPropertyName > > Object.GetInfo > > If Object.GPLink = "" Then > WScript.Echo Object.Name & " (" & Object.Class & ")" > WScript.Echo "(No Group Policy Defined)" > WScript.Echo > End If > > strPolicyPathSource = Object.GPLink > > While (strPolicyPathSource <> "") > > WScript.Echo Object.Name & " (" & Object.Class & ")" > > ' Extract each LDAP pointer from the GPLink. > longStartPolicyPath = InStr(1, strPolicyPathSource, "[", > vbTextCompare) > longEndPolicyPath = InStr(1, strPolicyPathSource, "]", vbTextCompare) > strPolicyPath = Mid(strPolicyPathSource, longStartPolicyPath + 1, > longEndPolicyPath - 4) > strPolicyPathSource = Mid(strPolicyPathSource, longEndPolicyPath + 1) > > Set objPolicy = GetObject(strPolicyPath) > > objPolicy.GetInfo > > WScript.Echo "Found an existing Policy: '" & > objPolicy.Get("displayName") & "' (" & objPolicy.Class & ")" > WScript.Echo " GPLink=" & strPolicyPath > > Set objPolicyClassDef = GetObject (objPolicy.Schema) > > On error Goto ErrorHandler > > For Each strPropertyName In objPolicyClassDef.MandatoryProperties > Set objPolicyProperty = GetObject (objPolicyClassDef.Parent > + "/" + strPropertyName) > WScript.Echo " " & strPropertyName & "=" & > objPolicy.Get(strPropertyName) & " (" & objPolicyProperty.Syntax & ")" > Set objPolicyProperty = Nothing > Next > > For Each strPropertyName In objPolicyClassDef.OptionalProperties > Set objPolicyProperty = GetObject (objPolicyClassDef.Parent > + "/" + strPropertyName) > WScript.Echo " " & strPropertyName & "=" & > objPolicy.Get(strPropertyName) & " (" & objPolicyProperty.Syntax & ")" > Set objPolicyProperty = Nothing > Next > > Set objPolicyClassDef = Nothing > > Set objPolicy = Nothing > > WScript.Echo > > Wend > > Exit Sub > > ErrorHandler: > > WScript.Echo Err.Description & "(" & Err.Number & ")" > Resume Next > > End Sub > > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern > Sent: Wednesday, August 10, 2005 6:19 AM > To: activedirectory > Subject: [ActiveDir] 2 quick favors > > Does anyone know of a tool to enumerate all GPO's in a domain listing all > the specific settings enabled that i can spit out to text file. > the enviorment i work in is all win2k pro/server so GPMC is out. > Also, gpotool doesn't seem to show specific links and what settings are > enabled. > > Second question is, does anyone have a script that can enumerate all the > local accounts and groups on domain memeber servers and workstations? > > Thanks a lot. > I apologize for being so needy. > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > > List info : http://www.activedir.org/List.aspx > List FAQ : http://www.activedir.org/ListFAQ.aspx > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ > List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
