You are welcome, Erik :)
Sincerely,
Dèjì Akómöláfé, MCSE+M MCSA+M MCT
Microsoft MVP - Directory Services
www.readymaids.com - we know IT
www.akomolafe.com
Do you now realize that Today is the Tomorrow you were worried about
Yesterday? -anon
________________________________
From: [EMAIL PROTECTED] on behalf of Erik Brown
Sent: Tue 1/10/2006 7:12 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Scripting Issue.
Here is the solution that I found that works for me now. Thanks for all of
your help.
On Error Resume Next
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.CommandText = _
"SELECT Name FROM 'LDAP://dc=corp,dc=fcfs,dc=int' WHERE
objectCategory='user' " & _
"AND msNPAllowDialin = TRUE"
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
Wscript.Echo objRecordSet.Fields("Name").Value
objRecordSet.MoveNext
Loop
Erik
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Erik Brown
Sent: Tuesday, January 10, 2006 8:53 AM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Scripting Issue.
Excellent! Thanks for all of the responses. Not sure how I missed all of
that in my search...
Erik
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Michael B. Smith
Sent: Monday, January 09, 2006 7:35 PM
To: ActiveDir@mail.activedir.org
Subject: RE: [ActiveDir] OT: Scripting Issue.
Didn't like my answer in the Sunbelt group, eh?
Server Data Objects are your portable way to do this, regardless of your
domain mode (at least through Windows Server 2003). It wraps the
MprAdminUserSetInfo and MprAdminUserGetInfo functions on both Windows 2000
and Windows 2003.
For example,
http://msdn.microsoft.com/library/en-us/sdo/sdo/changing_dial_in_setting
s.asp
I use SDO all over the place (unfortunately).
Sub RasInfo (ByVal objWinNT, ByVal strServer, ByVal strName)
Dim objWinUser
Dim element, v, msg, str
Dim objSDOMachine, objU
Set objSDOMachine = CreateObject ("IAS.SDOMachine")
objSDOMachine.Attach (strServer)
Set objWinUser = GetObject ("WinNT://" & strServer & "/" & strName &
",user")
Set objU = objSDOMachine.GetUserSDO (0, strName)
msg = "%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%" &
vbCrLf & _
"Name: " & objU.GetProperty (PROPERTY_SDO_NAME) &
vbCrLf & _
"Full name: " & objWinUser.Get ("fullname") &
vbCrLf & _
"Description: " & objWinUser.Get ("description") &
vbCrLf & _
"------------" &
vbCrLf
v = objU.getproperty (PROPERTY_USER_ALLOW_DIALIN)
If IsEmpty (v) Then
str = "Control access through Remote Access Policy"
Else
If v = True Then
str = "Allow access"
Else
str = "Deny access"
End If
End If
msg = msg & "Remote access permission: " & str & vbcrlf
Set v = Nothing
...
...
...
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Erik Brown
Sent: Monday, January 09, 2006 5:06 PM
To: ActiveDir@mail.activedir.org
Subject: [ActiveDir] OT: Scripting Issue.
I have a script that I run in an ASP page to list all RAS Users as a check
to make sure that we don't have anyone with permissions that shouldn't have
them. However, I'm finding now that we are migrating to W2k3 that this
script doesn't work on 2k3. I read in a newsgroup that the "RasPermissions"
in ADSI was removed due to security concerns. Is this correct? Is there
another way to access this information via ADSI?
<Script is below>
Thanks,
Erik
Function ReportRasUsers()
If DOM = "" Then DOM = "corp"
strRasUsers="<Table id="""& "table1""" & " cellspacing=""" & "1""" & "
cellPadding=""" & "1""" & " width="""& "500""" & " border="""& "1""" & ">"
strRasUsers=strRasUsers & "<TH>User Name</TH><TH>Full Name</TH><TH>RAS
Type</TH>"
Dim AccountObj,MachObj,PassAge,fs,fsOut,strRasUsers,strFN
Set AccountObj = GetObject("WinNT://"&DOM)
AccountObj.Filter = Array("User")
For Each User In AccountObj
Set UserObj = GetObject("WinNT://" &DOM&"/" & User.Name)
Ras=UserObj.get("RasPermissions")
strFN=UserObj.get("FullName")
If Ras=9 Then
strRasUsers=strRasUsers & "<TR><TD>" & User.Name &
"</TD><TD>"& strFN & "</TD><TD>No Dial Back</TD></TR>"
ElseIf Ras=10 Then
strRasUsers=strRasUsers & "<TR><TD bgcolor=""" & "Red"""
&
">" & User.Name & "</TD><TD bgcolor=""" & "Red""" & ">"& strFN & "</TD><TD
bgcolor=""" & "Red""" & ">Dial Back Enabled</TD></TR>"
ElseIf Ras=12 Then
strRasUsers=strRasUsers & "<TR><TD bgcolor=""" & "Red"""
&
">" & User.Name & "</TD><TD bgcolor=""" & "Red""" & ">"& strFN & "</TD><TD
bgcolor=""" & "Red""" & ">Dial Back Enabled</TD></TR>"
End If
Next
response.Write(strRasUsers)
End Function
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive:
http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
List info : http://www.activedir.org/List.aspx
List FAQ : http://www.activedir.org/ListFAQ.aspx
List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
