vbscript, VBScript -- Getting WinNT Domain account information

VBScript -- Getting WinNT Domain account information

Author	Message
Anthon #1 / 5	VBScript -- Getting WinNT Domain account information trying to do this in a WINNT 4.0 domain... we don't have AD ... so the following isn't working : I actually just want all the users properties.. only through VBScript.. at a commandprompt I would type the followingto get the information I am looking for.. so is there another way besides reading and parsing this information? (That's what I am about to do Alex/if your reading...with your cmdshell function...) c:\>net user myuserid /domain --------- From the SysAdminScriptingGuide 1.1 -------------- Const MIN_IN_DAY = 1440, SEC_IN_MIN = 60 Set objDomain = GetObject("WinNT://fabrikam") Set objAdS = GetObject("LDAP://dc=fabrikam,dc=com") intMaxPwdAgeSeconds = objDomain.Get("MaxPasswordAge") intMinPwdAgeSeconds = objDomain.Get("MinPasswordAge") intLockOutObservationWindowSeconds = objDomain.Get("LockoutObservationInterval") intLockoutDurationSeconds = objDomain.Get("AutoUnlockInterval") intMinPwdLength = objAds.Get("minPwdLength") intPwdHistoryLength = objAds.Get("pwdHistoryLength") intPwdProperties = objAds.Get("pwdProperties") intLockoutThreshold = objAds.Get("lockoutThreshold") intMaxPwdAgeDays = _ ((intMaxPwdAgeSeconds/SEC_IN_MIN)/MIN_IN_DAY) & " days" intMinPwdAgeDays = _ ((intMinPwdAgeSeconds/SEC_IN_MIN)/MIN_IN_DAY) & " days" intLockOutObservationWindowMinutes = _ (intLockOutObservationWindowSeconds/SEC_IN_MIN) & " minutes" If intLockoutDurationSeconds <> -1 Then intLockoutDurationMinutes = _ (intLockOutDurationSeconds/SEC_IN_MIN) & " minutes" Else intLockoutDurationMinutes = _ "Administrator must manually unlock locked accounts" End If WScript.echo "maxPwdAge = " & intMaxPwdAgeDays WScript.echo "minPwdAge = " & intMinPwdAgeDays WScript.echo "minPwdLength = " & intMinPwdLength WScript.echo "pwdHistoryLength = " & intPwdHistoryLength WScript.echo "pwdProperties = " & intPwdProperties WScript.echo "lockOutThreshold = " & intLockoutThreshold WScript.echo "lockOutObservationWindow = " & intLockOutObservationWindowMinutes WScript.echo "lockOutDuration = " & intLockoutDurationMinutes
Tue, 19 Apr 2005 12:21:01 GMT

MVP #2 / 5	VBScript -- Getting WinNT Domain account information Anthony, the AD functions were written for this purpose - since it is such a pain to get the info from script. Two possibilities come to mind besides just parsing the net user output: (1) Install the NT ADSI extensions on a DC so you CAN use a script to get the info. (2) Write or acquire a custom component to do it. The APIs are fairly simple. This is probably not realistic at this point for you, so I would lean towards #1. Anthony typed: Quote: > trying to do this in a WINNT 4.0 domain... we don't have AD ... so the > following isn't working : > I actually just want all the users properties.. only through > vbscript.. at a commandprompt I would type the followingto get the > information I am looking for.. so is there another way besides > reading and parsing this information? (That's what I am about to do > Alex/if your reading...with your cmdshell function...) > c:\>net user myuserid /domain > --------- From the SysAdminScriptingGuide 1.1 -------------- > Const MIN_IN_DAY = 1440, SEC_IN_MIN = 60 > Set objDomain = GetObject("WinNT://fabrikam") > Set objAdS = GetObject("LDAP://dc=fabrikam,dc=com") > intMaxPwdAgeSeconds = objDomain.Get("MaxPasswordAge") > intMinPwdAgeSeconds = objDomain.Get("MinPasswordAge") > intLockOutObservationWindowSeconds = > objDomain.Get("LockoutObservationInterval") > intLockoutDurationSeconds = objDomain.Get("AutoUnlockInterval") > intMinPwdLength = objAds.Get("minPwdLength") > intPwdHistoryLength = objAds.Get("pwdHistoryLength") > intPwdProperties = objAds.Get("pwdProperties") > intLockoutThreshold = objAds.Get("lockoutThreshold") > intMaxPwdAgeDays = _ > ((intMaxPwdAgeSeconds/SEC_IN_MIN)/MIN_IN_DAY) & " days" > intMinPwdAgeDays = _ > ((intMinPwdAgeSeconds/SEC_IN_MIN)/MIN_IN_DAY) & " days" > intLockOutObservationWindowMinutes = _ > (intLockOutObservationWindowSeconds/SEC_IN_MIN) & " minutes" > If intLockoutDurationSeconds <> -1 Then > intLockoutDurationMinutes = _ > (intLockOutDurationSeconds/SEC_IN_MIN) & " minutes" > Else > intLockoutDurationMinutes = _ > "Administrator must manually unlock locked accounts" > End If > WScript.echo "maxPwdAge = " & intMaxPwdAgeDays > WScript.echo "minPwdAge = " & intMinPwdAgeDays > WScript.echo "minPwdLength = " & intMinPwdLength > WScript.echo "pwdHistoryLength = " & intPwdHistoryLength > WScript.echo "pwdProperties = " & intPwdProperties > WScript.echo "lockOutThreshold = " & intLockoutThreshold > WScript.echo "lockOutObservationWindow = " & > intLockOutObservationWindowMinutes > WScript.echo "lockOutDuration = " & intLockoutDurationMinutes -- Please respond in the newsgroup so everyone may benefit. http://dev.remotenetworktechnology.com ---------- Subscribe to Microsoft's Security Bulletins: http://www.microsoft.com/technet/security/bulletin/notify.asp
Thu, 21 Apr 2005 04:59:27 GMT

MV #3 / 5	VBScript -- Getting WinNT Domain account information Quote: > the AD functions were written for this purpose - since it is such a pain to get > the info from script. > Two possibilities come to mind besides just parsing the net user output: > (1) Install the NT ADSI extensions on a DC so you CAN use a script to get the > info. Shouldn't it be sufficient to install the ADSI extensions only on the computer running the script, DC or not? -- torgeir Microsoft MVP Scripting and WMI Porsgrunn Norway
Thu, 21 Apr 2005 05:07:43 GMT

Anthon #4 / 5	VBScript -- Getting WinNT Domain account information Yes, this worked I've gotten most of the user properties through adsi calls... of course in the docuementation it is leaning towards AD I figured out which ones worked for an nt domain and got just about all of the properties I needed. Thank you for your help. -- Anthony B ------------------------ O'Toole's Commentary: Murphy was an optimist. Quote: > > the AD functions were written for this purpose - since it is such a pain to get > > the info from script. > > Two possibilities come to mind besides just parsing the net user output: > > (1) Install the NT ADSI extensions on a DC so you CAN use a script to get the > > info. > Shouldn't it be sufficient to install the ADSI extensions only on the computer > running the script, DC or not? > -- > torgeir > Microsoft MVP Scripting and WMI > Porsgrunn Norway
Thu, 21 Apr 2005 05:21:19 GMT

MVP #5 / 5	VBScript -- Getting WinNT Domain account information Ah - I didn't know about that... I guess it does drill down to the local netapi32 functionality instead of trying to connect to a DC directly. Torgeir Bakken (MVP) typed: Quote: >> the AD functions were written for this purpose - since it is such a >> pain to get the info from script. >> Two possibilities come to mind besides just parsing the net user >> output: >> (1) Install the NT ADSI extensions on a DC so you CAN use a script >> to get the info. > Shouldn't it be sufficient to install the ADSI extensions only on the > computer running the script, DC or not? -- Please respond in the newsgroup so everyone may benefit. http://dev.remotenetworktechnology.com ---------- Subscribe to Microsoft's Security Bulletins: http://www.microsoft.com/technet/security/bulletin/notify.asp
Thu, 21 Apr 2005 05:31:16 GMT

Page 1 of 1

[ 5 post ]