Ok, I think i'm finding it impossible to create a VBScript or use a
tool to enumerate all the settings which are enabled in all or a
specific gpo in a win2k domain from a win2k workstation.
am i correct?
On 8/10/05, Tom Kern <[EMAIL PROTECTED]> wrote:
> I get errors with this script- "the active directory property cannot
> be found in the cache"
>
> I'm running win2k native mode domain.
>
> thanks. sorry to bother.
>
> On 8/10/05, Alain Lissoir <[EMAIL PROTECTED]> wrote:
> > For 1/, try this one below. For 2/ I don't have one close but I'm sure some
> > folks here can feed you ...
> >
> > The script doesn't dump in a text file, but that's an easy addition. HTH
> >
> > ' FindGPOLinks v1.04.vbs - Version 1.04 - Alain Lissoir
> > '
> > ' WSH Script browsing the 'DefaultNamingContext' and the
> > 'configurationNamingContext'
> > ' to retrieve the Group Policies linked to AD objects.
> > ' This should facilitate the search of created policies in the Active
> > Directory.
> > '
> > ' The script is using a basic LDAP access in the current user context,
> > ' so, you should have enough rights to access AD objects.
> > '
> > ' Change in version 1.04
> > '
> > ' - Add an error Handler in the "ShowMemberInfo" Private Sub
> > '
> > ' Change in version 1.02
> > '
> > ' - Query the schema to get the property list associated to the
> > 'groupPolicyContainer' class.
> > ' - Display only the defined properties for that class.
> > ' - For the defined properties, the scripts shows the syntax to be used by
> > the property.
> > ' - Take in account the fact that more than one policy can be defined at the
> > container level.
> > '
> > ' Change in version 1.01
> > '
> > ' - Add some code to bind to the GPLink LDAP Pointer to extract some
> > properties.
> > '
> > ' Any comments or questions: EMail:[EMAIL PROTECTED]
> >
> > Option Explicit
> >
> > Dim ObjRoot
> > Dim Object
> > Dim ObjMember
> >
> > '
> > ----------------------------------------------------------------------------
> > -------
> > WScript.Echo
> > WScript.Echo "Looking inside 'configurationNamingContext'"
> > Set objRoot = GetObject("LDAP://RootDSE")
> > Object = objRoot.Get("configurationNamingContext")
> >
> > Call LookInsideObject (Object)
> >
> > Set Object = Nothing
> > Set objRoot = Nothing
> >
> > '
> > ----------------------------------------------------------------------------
> > -------
> > WScript.Echo
> > WScript.Echo "Looking inside 'DefaultNamingContext'"
> > Set objRoot = GetObject("LDAP://RootDSE")
> > Object = objRoot.Get("DefaultNamingContext")
> >
> > Call LookInsideObject (Object)
> >
> > Set Object = Nothing
> > Set objRoot = Nothing
> >
> > WScript.Quit (0)
> >
> > '
> > ----------------------------------------------------------------------------
> > -------
> > Private Sub LookInsideObject (Object)
> >
> > Dim objMember
> > Dim Member
> >
> > Set objMember = GetObject ("LDAP://" & Object)
> >
> > if objMember.Class <> "sitesContainer" And _
> > objMember.Class <> "container" And _
> > objMember.Class <> "configuration" _
> > Then Call ShowMemberInfo (objMember)
> >
> > For Each Member in objMember
> > If Member.Class = "domainDNS" Or _
> > Member.Class = "organizationalUnit" Or _
> > Member.Class = "sitesContainer" Or _
> > Member.Class = "site" Or _
> > Member.Class = "container" _
> > Then Call LookInsideObject (Member.Name & "," & Object)
> > Next
> >
> > Set objMember = Nothing
> >
> > End Sub
> >
> > '
> > ----------------------------------------------------------------------------
> > -------
> > Private Sub ShowMemberInfo (Object)
> >
> > Dim longStartPolicyPath
> > Dim longEndPolicyPath
> > Dim strPolicyPathSource
> > Dim strPolicyPath
> >
> > Dim objPolicy
> > Dim objPolicyClassDef
> > Dim objPolicyProperty
> >
> > Dim strPropertyName
> >
> > Object.GetInfo
> >
> > If Object.GPLink = "" Then
> > WScript.Echo Object.Name & " (" & Object.Class & ")"
> > WScript.Echo "(No Group Policy Defined)"
> > WScript.Echo
> > End If
> >
> > strPolicyPathSource = Object.GPLink
> >
> > While (strPolicyPathSource <> "")
> >
> > WScript.Echo Object.Name & " (" & Object.Class & ")"
> >
> > ' Extract each LDAP pointer from the GPLink.
> > longStartPolicyPath = InStr(1, strPolicyPathSource, "[",
> > vbTextCompare)
> > longEndPolicyPath = InStr(1, strPolicyPathSource, "]", vbTextCompare)
> > strPolicyPath = Mid(strPolicyPathSource, longStartPolicyPath + 1,
> > longEndPolicyPath - 4)
> > strPolicyPathSource = Mid(strPolicyPathSource, longEndPolicyPath + 1)
> >
> > Set objPolicy = GetObject(strPolicyPath)
> >
> > objPolicy.GetInfo
> >
> > WScript.Echo "Found an existing Policy: '" &
> > objPolicy.Get("displayName") & "' (" & objPolicy.Class & ")"
> > WScript.Echo " GPLink=" & strPolicyPath
> >
> > Set objPolicyClassDef = GetObject (objPolicy.Schema)
> >
> > On error Goto ErrorHandler
> >
> > For Each strPropertyName In objPolicyClassDef.MandatoryProperties
> > Set objPolicyProperty = GetObject (objPolicyClassDef.Parent
> > + "/" + strPropertyName)
> > WScript.Echo " " & strPropertyName & "=" &
> > objPolicy.Get(strPropertyName) & " (" & objPolicyProperty.Syntax & ")"
> > Set objPolicyProperty = Nothing
> > Next
> >
> > For Each strPropertyName In objPolicyClassDef.OptionalProperties
> > Set objPolicyProperty = GetObject (objPolicyClassDef.Parent
> > + "/" + strPropertyName)
> > WScript.Echo " " & strPropertyName & "=" &
> > objPolicy.Get(strPropertyName) & " (" & objPolicyProperty.Syntax & ")"
> > Set objPolicyProperty = Nothing
> > Next
> >
> > Set objPolicyClassDef = Nothing
> >
> > Set objPolicy = Nothing
> >
> > WScript.Echo
> >
> > Wend
> >
> > Exit Sub
> >
> > ErrorHandler:
> >
> > WScript.Echo Err.Description & "(" & Err.Number & ")"
> > Resume Next
> >
> > End Sub
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern
> > Sent: Wednesday, August 10, 2005 6:19 AM
> > To: activedirectory
> > Subject: [ActiveDir] 2 quick favors
> >
> > Does anyone know of a tool to enumerate all GPO's in a domain listing all
> > the specific settings enabled that i can spit out to text file.
> > the enviorment i work in is all win2k pro/server so GPMC is out.
> > Also, gpotool doesn't seem to show specific links and what settings are
> > enabled.
> >
> > Second question is, does anyone have a script that can enumerate all the
> > local accounts and groups on domain memeber servers and workstations?
> >
> > Thanks a lot.
> > I apologize for being so needy.
> > List info : http://www.activedir.org/List.aspx
> > List FAQ : http://www.activedir.org/ListFAQ.aspx
> > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
> >
> > List info : http://www.activedir.org/List.aspx
> > List FAQ : http://www.activedir.org/ListFAQ.aspx
> > List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
> >
>
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
