In XP/2003, you run WSH 5.6. In 2000, you have WSH 5.1, that could be the
reason.
If you have troubles with the script as mentioned in an other reply, try
this one. I just tweaked it a bit.
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
Looking inside 'configurationNamingContext'
CN=Default-First-Site-Name (site)
(No Group Policy Defined)
Looking inside 'DefaultNamingContext'
DC=LissWare (domainDNS)
Found an existing Policy: 'Windows Service Policy' (groupPolicyContainer)
GPLink=LDAP://cn={0154628E-C9EE-48C2-8FD3-306599C0B88D},cn=policies,cn=syste
m,DC=LissWare,DC=Net
cn={0154628E-C9EE-48C2-8FD3-306599C0B88D} (DirectoryString)
instanceType=4 (INTEGER)
objectCategory=CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=LissW
are,DC=Net (DN)
displayName=Windows Service Policy (DirectoryString)
distinguishedName=CN={0154628E-C9EE-48C2-8FD3-306599C0B88D},CN=Policies,CN=S
ystem,DC=LissWare,DC=Net (DN)
flags=0 (INTEGER)
gPCFileSysPath=\\LissWare.Net\SysVol\LissWare.Net\Policies\{0154628E-C9EE-48
C2-8FD3-306599C0B88D} (DirectoryString)
gPCFunctionalityVersion=2 (INTEGER)
gPCMachineExtensionNames=[{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4
FB-11D0-A0D0-00A0C90F574B}] (DirectoryString)
name={0154628E-C9EE-48C2-8FD3-306599C0B88D} (DirectoryString)
showInAdvancedViewOnly=True (Boolean)
versionNumber=5 (INTEGER)
whenChanged=21-Dec-2004 00:18:00 (GeneralizedTime)
whenCreated=20-Dec-2004 23:50:40 (GeneralizedTime)
DC=LissWare (domainDNS)
Found an existing Policy: 'Default Domain Policy' (groupPolicyContainer)
GPLink=LDAP://CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=Syste
m,DC=LissWare,DC=Net
cn={31B2F340-016D-11D2-945F-00C04FB984F9} (DirectoryString)
instanceType=4 (INTEGER)
objectCategory=CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=LissW
are,DC=Net (DN)
displayName=Default Domain Policy (DirectoryString)
distinguishedName=CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=S
ystem,DC=LissWare,DC=Net (DN)
flags=0 (INTEGER)
gPCFileSysPath=\\LissWare.Net\sysvol\LissWare.Net\Policies\{31B2F340-016D-11
D2-945F-00C04FB984F9} (DirectoryString)
gPCFunctionalityVersion=2 (INTEGER)
gPCMachineExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-50
9E-11D1-A7CC-0000F87571E3}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}][{827D319E-
6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A
gPCUserExtensionNames=[{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-
11D2-842D-00C04FA372D4}] (DirectoryString)
isCriticalSystemObject=True (Boolean)
name={31B2F340-016D-11D2-945F-00C04FB984F9} (DirectoryString)
showInAdvancedViewOnly=True (Boolean)
systemFlags=-1946157056 (INTEGER)
versionNumber=65546 (INTEGER)
whenChanged=08-Jun-2004 21:11:01 (GeneralizedTime)
whenCreated=01-Jun-2004 19:07:23 (GeneralizedTime)
OU=Domain Controllers (organizationalUnit)
Found an existing Policy: 'Default Domain Controllers Policy'
(groupPolicyContainer)
GPLink=LDAP://CN={6AC1786C-016F-11D2-945F-00C04fB984F9},CN=Policies,CN=Syste
m,DC=LissWare,DC=Net
cn={6AC1786C-016F-11D2-945F-00C04fB984F9} (DirectoryString)
instanceType=4 (INTEGER)
objectCategory=CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=LissW
are,DC=Net (DN)
displayName=Default Domain Controllers Policy (DirectoryString)
distinguishedName=CN={6AC1786C-016F-11D2-945F-00C04fB984F9},CN=Policies,CN=S
ystem,DC=LissWare,DC=Net (DN)
flags=0 (INTEGER)
gPCFileSysPath=\\LissWare.Net\sysvol\LissWare.Net\Policies\{6AC1786C-016F-11
D2-945F-00C04fB984F9} (DirectoryString)
gPCFunctionalityVersion=2 (INTEGER)
gPCMachineExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-50
9E-11D1-A7CC-0000F87571E3}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-
B4FB-11D0-A0D0-00A0C90F574B}] (DirectoryString)
isCriticalSystemObject=True (Boolean)
name={6AC1786C-016F-11D2-945F-00C04fB984F9} (DirectoryString)
showInAdvancedViewOnly=True (Boolean)
systemFlags=-1946157056 (INTEGER)
versionNumber=12 (INTEGER)
whenChanged=31-Mar-2005 19:40:09 (GeneralizedTime)
whenCreated=01-Jun-2004 19:07:23 (GeneralizedTime)
HTH
/Alain
-----Original Message-----
From: Alain Lissoir [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 10, 2005 6:29 AM
To: '[email protected]'
Subject: RE: [ActiveDir] 2 quick favors
For 1/, try this one below. For 2/ I don't have one close but I'm sure some
folks here can feed you ...
The script doesn't dump in a text file, but that's an easy addition. HTH
' FindGPOLinks v1.04.vbs - Version 1.04 - Alain Lissoir '
' WSH Script browsing the 'DefaultNamingContext' and the
'configurationNamingContext'
' to retrieve the Group Policies linked to AD objects.
' This should facilitate the search of created policies in the Active
Directory.
'
' The script is using a basic LDAP access in the current user context, ' so,
you should have enough rights to access AD objects.
'
' Change in version 1.04
'
' - Add an error Handler in the "ShowMemberInfo" Private Sub '
' Change in version 1.02
'
' - Query the schema to get the property list associated to the
'groupPolicyContainer' class.
' - Display only the defined properties for that class.
' - For the defined properties, the scripts shows the syntax to be used by
the property.
' - Take in account the fact that more than one policy can be defined at the
container level.
'
' Change in version 1.01
'
' - Add some code to bind to the GPLink LDAP Pointer to extract some
properties.
'
' Any comments or questions: EMail:[EMAIL PROTECTED]
Option Explicit
Dim ObjRoot
Dim Object
Dim ObjMember
'
----------------------------------------------------------------------------
-------
WScript.Echo
WScript.Echo "Looking inside 'configurationNamingContext'"
Set objRoot = GetObject("LDAP://RootDSE") Object =
objRoot.Get("configurationNamingContext")
Call LookInsideObject (Object)
Set Object = Nothing
Set objRoot = Nothing
'
----------------------------------------------------------------------------
-------
WScript.Echo
WScript.Echo "Looking inside 'DefaultNamingContext'"
Set objRoot = GetObject("LDAP://RootDSE") Object =
objRoot.Get("DefaultNamingContext")
Call LookInsideObject (Object)
Set Object = Nothing
Set objRoot = Nothing
WScript.Quit (0)
'
----------------------------------------------------------------------------
-------
Private Sub LookInsideObject (Object)
Dim objMember
Dim Member
Set objMember = GetObject ("LDAP://" & Object)
if objMember.Class <> "sitesContainer" And _
objMember.Class <> "container" And _
objMember.Class <> "configuration" _
Then Call ShowMemberInfo (objMember)
For Each Member in objMember
If Member.Class = "domainDNS" Or _
Member.Class = "organizationalUnit" Or _
Member.Class = "sitesContainer" Or _
Member.Class = "site" Or _
Member.Class = "container" _
Then Call LookInsideObject (Member.Name & "," & Object)
Next
Set objMember = Nothing
End Sub
'
----------------------------------------------------------------------------
-------
Private Sub ShowMemberInfo (Object)
Dim longStartPolicyPath
Dim longEndPolicyPath
Dim strPolicyPathSource
Dim strPolicyPath
Dim objPolicy
Dim objPolicyClassDef
Dim objPolicyProperty
Dim strPropertyName
Object.GetInfo
If Object.GPLink = "" Then
WScript.Echo Object.Name & " (" & Object.Class & ")"
WScript.Echo "(No Group Policy Defined)"
WScript.Echo
End If
strPolicyPathSource = Object.GPLink
While (strPolicyPathSource <> "")
WScript.Echo Object.Name & " (" & Object.Class & ")"
' Extract each LDAP pointer from the GPLink.
longStartPolicyPath = InStr(1, strPolicyPathSource, "[",
vbTextCompare)
longEndPolicyPath = InStr(1, strPolicyPathSource, "]", vbTextCompare)
strPolicyPath = Mid(strPolicyPathSource, longStartPolicyPath + 1,
longEndPolicyPath - 4)
strPolicyPathSource = Mid(strPolicyPathSource, longEndPolicyPath + 1)
Set objPolicy = GetObject(strPolicyPath)
objPolicy.GetInfo
WScript.Echo "Found an existing Policy: '" &
objPolicy.Get("displayName") & "' (" & objPolicy.Class & ")"
WScript.Echo " GPLink=" & strPolicyPath
Set objPolicyClassDef = GetObject (objPolicy.Schema)
On error Goto ErrorHandler
For Each strPropertyName In objPolicyClassDef.MandatoryProperties
Set objPolicyProperty = GetObject (objPolicyClassDef.Parent
+ "/" + strPropertyName)
WScript.Echo " " & strPropertyName & "=" &
objPolicy.Get(strPropertyName) & " (" & objPolicyProperty.Syntax & ")"
Set objPolicyProperty = Nothing
Next
For Each strPropertyName In objPolicyClassDef.OptionalProperties
Set objPolicyProperty = GetObject (objPolicyClassDef.Parent
+ "/" + strPropertyName)
WScript.Echo " " & strPropertyName & "=" &
objPolicy.Get(strPropertyName) & " (" & objPolicyProperty.Syntax & ")"
Set objPolicyProperty = Nothing
Next
Set objPolicyClassDef = Nothing
Set objPolicy = Nothing
WScript.Echo
Wend
Exit Sub
ErrorHandler:
WScript.Echo Err.Description & "(" & Err.Number & ")"
Resume Next
End Sub
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
Sent: Wednesday, August 10, 2005 6:19 AM
To: activedirectory
Subject: [ActiveDir] 2 quick favors
Does anyone know of a tool to enumerate all GPO's in a domain listing all
the specific settings enabled that i can spit out to text file.
the enviorment i work in is all win2k pro/server so GPMC is out.
Also, gpotool doesn't seem to show specific links and what settings are
enabled.
Second question is, does anyone have a script that can enumerate all the
local accounts and groups on domain memeber servers and workstations?
Thanks a lot.
I apologize for being so needy.
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
' FindGPOLinks v1.04.vbs - Version 1.04 - Alain Lissoir '
' WSH Script browsing the 'DefaultNamingContext' and the
'configurationNamingContext'
' to retrieve the Group Policies linked to AD objects.
' This should facilitate the search of created policies in the Active Directory.
'
' The script is using a basic LDAP access in the current user context, ' so,
you should have enough rights to access AD objects.
'
' Change in version 1.04
'
' - Add an error Handler in the "ShowMemberInfo" Private Sub '
' Change in version 1.02
'
' - Query the schema to get the property list associated to the
'groupPolicyContainer' class.
' - Display only the defined properties for that class.
' - For the defined properties, the scripts shows the syntax to be used by the
property.
' - Take in account the fact that more than one policy can be defined at the
container level.
'
' Change in version 1.01
'
' - Add some code to bind to the GPLink LDAP Pointer to extract some properties.
'
' Any comments or questions: EMail:[EMAIL PROTECTED]
Option Explicit
Dim ObjRoot
Dim Object
Dim ObjMember
'
-----------------------------------------------------------------------------------
WScript.Echo
WScript.Echo "Looking inside 'configurationNamingContext'"
Set objRoot = GetObject("LDAP://RootDSE")
Object = objRoot.Get("configurationNamingContext")
Call LookInsideObject (Object)
Set Object = Nothing
Set objRoot = Nothing
'
-----------------------------------------------------------------------------------
WScript.Echo
WScript.Echo "Looking inside 'DefaultNamingContext'"
Set objRoot = GetObject("LDAP://RootDSE")
Object = objRoot.Get("DefaultNamingContext")
Call LookInsideObject (Object)
Set Object = Nothing
Set objRoot = Nothing
WScript.Quit (0)
'
-----------------------------------------------------------------------------------
Private Sub LookInsideObject (Object)
Dim objMember
Dim Member
Set objMember = GetObject ("LDAP://" & Object)
if objMember.Class <> "sitesContainer" And _
objMember.Class <> "container" And _
objMember.Class <> "configuration" _
Then Call ShowMemberInfo (objMember)
For Each Member in objMember
If Member.Class = "domainDNS" Or _
Member.Class = "organizationalUnit" Or _
Member.Class = "sitesContainer" Or _
Member.Class = "site" Or _
Member.Class = "container" _
Then Call LookInsideObject (Member.Name & "," & Object)
Next
Set objMember = Nothing
End Sub
'
-----------------------------------------------------------------------------------
Private Sub ShowMemberInfo (Object)
Dim longStartPolicyPath
Dim longEndPolicyPath
Dim strPolicyPathSource
Dim strPolicyPath
Dim objPolicy
Dim objPolicyClassDef
Dim objPolicyProperty
Dim strPropertyName
Object.GetInfo
If Object.GPLink = "" Then
WScript.Echo Object.Name & " (" & Object.Class & ")"
WScript.Echo "(No Group Policy Defined)"
WScript.Echo
End If
strPolicyPathSource = Object.GPLink
While (strPolicyPathSource <> "")
WScript.Echo Object.Name & " (" & Object.Class & ")"
' Extract each LDAP pointer from the GPLink.
longStartPolicyPath = InStr(1, strPolicyPathSource, "[", vbTextCompare)
longEndPolicyPath = InStr(1, strPolicyPathSource, "]", vbTextCompare)
strPolicyPath = Mid(strPolicyPathSource, longStartPolicyPath + 1,
longEndPolicyPath - 4)
strPolicyPathSource = Mid(strPolicyPathSource, longEndPolicyPath + 1)
Set objPolicy = GetObject(strPolicyPath)
objPolicy.GetInfo
WScript.Echo "Found an existing Policy: '" &
objPolicy.Get("displayName") & "' (" & objPolicy.Class & ")"
WScript.Echo " GPLink=" & strPolicyPath
Set objPolicyClassDef = GetObject (objPolicy.Schema)
On error Resume Next
For Each strPropertyName In objPolicyClassDef.MandatoryProperties
Set objPolicyProperty = GetObject (objPolicyClassDef.Parent +
"/" + strPropertyName)
If Err.Number Then Call ErrorHandler(Err)
WScript.Echo " " & strPropertyName & "=" &
objPolicy.Get(strPropertyName) & " (" & objPolicyProperty.Syntax & ")"
If Err.Number Then Call ErrorHandler(Err)
Set objPolicyProperty = Nothing
Next
For Each strPropertyName In objPolicyClassDef.OptionalProperties
Set objPolicyProperty = GetObject (objPolicyClassDef.Parent +
"/" + strPropertyName)
If Err.Number Then Call ErrorHandler(Err)
WScript.Echo " " & strPropertyName & "=" &
objPolicy.Get(strPropertyName) & " (" & objPolicyProperty.Syntax & ")"
If Err.Number Then Call ErrorHandler(Err)
Set objPolicyProperty = Nothing
Next
Set objPolicyClassDef = Nothing
Set objPolicy = Nothing
WScript.Echo
Wend
End Sub
'
-----------------------------------------------------------------------------------
Private Sub ErrorHandler (Err)
' WScript.Echo Err.Description & "(" & Err.Number & ")"
Err.Clear
End Sub
