You are welcome, Erik :) Sincerely, Dèjì Akómöláfé, MCSE+M MCSA+M MCT Microsoft MVP - Directory Services www.readymaids.com - we know IT www.akomolafe.com Do you now realize that Today is the Tomorrow you were worried about Yesterday? -anon
________________________________ From: [EMAIL PROTECTED] on behalf of Erik Brown Sent: Tue 1/10/2006 7:12 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Scripting Issue. Here is the solution that I found that works for me now. Thanks for all of your help. On Error Resume Next Const ADS_SCOPE_SUBTREE = 2 Set objConnection = CreateObject("ADODB.Connection") Set objCommand = CreateObject("ADODB.Command") objConnection.Provider = "ADsDSOObject" objConnection.Open "Active Directory Provider" Set objCommand.ActiveConnection = objConnection objCommand.Properties("Page Size") = 1000 objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE objCommand.CommandText = _ "SELECT Name FROM 'LDAP://dc=corp,dc=fcfs,dc=int' WHERE objectCategory='user' " & _ "AND msNPAllowDialin = TRUE" Set objRecordSet = objCommand.Execute objRecordSet.MoveFirst Do Until objRecordSet.EOF Wscript.Echo objRecordSet.Fields("Name").Value objRecordSet.MoveNext Loop Erik -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Brown Sent: Tuesday, January 10, 2006 8:53 AM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Scripting Issue. Excellent! Thanks for all of the responses. Not sure how I missed all of that in my search... Erik -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith Sent: Monday, January 09, 2006 7:35 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] OT: Scripting Issue. Didn't like my answer in the Sunbelt group, eh? Server Data Objects are your portable way to do this, regardless of your domain mode (at least through Windows Server 2003). It wraps the MprAdminUserSetInfo and MprAdminUserGetInfo functions on both Windows 2000 and Windows 2003. For example, http://msdn.microsoft.com/library/en-us/sdo/sdo/changing_dial_in_setting s.asp I use SDO all over the place (unfortunately). Sub RasInfo (ByVal objWinNT, ByVal strServer, ByVal strName) Dim objWinUser Dim element, v, msg, str Dim objSDOMachine, objU Set objSDOMachine = CreateObject ("IAS.SDOMachine") objSDOMachine.Attach (strServer) Set objWinUser = GetObject ("WinNT://" & strServer & "/" & strName & ",user") Set objU = objSDOMachine.GetUserSDO (0, strName) msg = "%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%" & vbCrLf & _ "Name: " & objU.GetProperty (PROPERTY_SDO_NAME) & vbCrLf & _ "Full name: " & objWinUser.Get ("fullname") & vbCrLf & _ "Description: " & objWinUser.Get ("description") & vbCrLf & _ "------------" & vbCrLf v = objU.getproperty (PROPERTY_USER_ALLOW_DIALIN) If IsEmpty (v) Then str = "Control access through Remote Access Policy" Else If v = True Then str = "Allow access" Else str = "Deny access" End If End If msg = msg & "Remote access permission: " & str & vbcrlf Set v = Nothing ... ... ... -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Erik Brown Sent: Monday, January 09, 2006 5:06 PM To: ActiveDir@mail.activedir.org Subject: [ActiveDir] OT: Scripting Issue. I have a script that I run in an ASP page to list all RAS Users as a check to make sure that we don't have anyone with permissions that shouldn't have them. However, I'm finding now that we are migrating to W2k3 that this script doesn't work on 2k3. I read in a newsgroup that the "RasPermissions" in ADSI was removed due to security concerns. Is this correct? Is there another way to access this information via ADSI? <Script is below> Thanks, Erik Function ReportRasUsers() If DOM = "" Then DOM = "corp" strRasUsers="<Table id="""& "table1""" & " cellspacing=""" & "1""" & " cellPadding=""" & "1""" & " width="""& "500""" & " border="""& "1""" & ">" strRasUsers=strRasUsers & "<TH>User Name</TH><TH>Full Name</TH><TH>RAS Type</TH>" Dim AccountObj,MachObj,PassAge,fs,fsOut,strRasUsers,strFN Set AccountObj = GetObject("WinNT://"&DOM) AccountObj.Filter = Array("User") For Each User In AccountObj Set UserObj = GetObject("WinNT://" &DOM&"/" & User.Name) Ras=UserObj.get("RasPermissions") strFN=UserObj.get("FullName") If Ras=9 Then strRasUsers=strRasUsers & "<TR><TD>" & User.Name & "</TD><TD>"& strFN & "</TD><TD>No Dial Back</TD></TR>" ElseIf Ras=10 Then strRasUsers=strRasUsers & "<TR><TD bgcolor=""" & "Red""" & ">" & User.Name & "</TD><TD bgcolor=""" & "Red""" & ">"& strFN & "</TD><TD bgcolor=""" & "Red""" & ">Dial Back Enabled</TD></TR>" ElseIf Ras=12 Then strRasUsers=strRasUsers & "<TR><TD bgcolor=""" & "Red""" & ">" & User.Name & "</TD><TD bgcolor=""" & "Red""" & ">"& strFN & "</TD><TD bgcolor=""" & "Red""" & ">Dial Back Enabled</TD></TR>" End If Next response.Write(strRasUsers) End Function List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/