RE: [ActiveDir] 2 quick favors
I didn't see anywhere in the thread where anyone said you can't enumerate the settings with scripts. MS hasn't exposed any functionality like that, you could read the text files directly and try to work it out yourself though. The only thing you can get from AD is that the GPOs are linked in certain areas and what files they are linked to. The GPMC script extensions don't do much more, they just wrap up the AD properties into nice titles. joe -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 10, 2005 9:19 AM To: activedirectory Subject: [ActiveDir] 2 quick favors Does anyone know of a tool to enumerate all GPO's in a domain listing all the specific settings enabled that i can spit out to text file. the enviorment i work in is all win2k pro/server so GPMC is out. Also, gpotool doesn't seem to show specific links and what settings are enabled. Second question is, does anyone have a script that can enumerate all the local accounts and groups on domain memeber servers and workstations? Thanks a lot. I apologize for being so needy. List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/ List info : http://www.activedir.org/List.aspx List FAQ: http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
RE: [ActiveDir] 2 quick favors
In XP/2003, you run WSH 5.6. In 2000, you have WSH 5.1, that could be the
reason.
If you have troubles with the script as mentioned in an other reply, try
this one. I just tweaked it a bit.
Microsoft (R) Windows Script Host Version 5.6
Copyright (C) Microsoft Corporation 1996-2001. All rights reserved.
Looking inside 'configurationNamingContext'
CN=Default-First-Site-Name (site)
(No Group Policy Defined)
Looking inside 'DefaultNamingContext'
DC=LissWare (domainDNS)
Found an existing Policy: 'Windows Service Policy' (groupPolicyContainer)
GPLink=LDAP://cn={0154628E-C9EE-48C2-8FD3-306599C0B88D},cn=policies,cn=syste
m,DC=LissWare,DC=Net
cn={0154628E-C9EE-48C2-8FD3-306599C0B88D} (DirectoryString)
instanceType=4 (INTEGER)
objectCategory=CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=LissW
are,DC=Net (DN)
displayName=Windows Service Policy (DirectoryString)
distinguishedName=CN={0154628E-C9EE-48C2-8FD3-306599C0B88D},CN=Policies,CN=S
ystem,DC=LissWare,DC=Net (DN)
flags=0 (INTEGER)
gPCFileSysPath=\\LissWare.Net\SysVol\LissWare.Net\Policies\{0154628E-C9EE-48
C2-8FD3-306599C0B88D} (DirectoryString)
gPCFunctionalityVersion=2 (INTEGER)
gPCMachineExtensionNames=[{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4
FB-11D0-A0D0-00A0C90F574B}] (DirectoryString)
name={0154628E-C9EE-48C2-8FD3-306599C0B88D} (DirectoryString)
showInAdvancedViewOnly=True (Boolean)
versionNumber=5 (INTEGER)
whenChanged=21-Dec-2004 00:18:00 (GeneralizedTime)
whenCreated=20-Dec-2004 23:50:40 (GeneralizedTime)
DC=LissWare (domainDNS)
Found an existing Policy: 'Default Domain Policy' (groupPolicyContainer)
GPLink=LDAP://CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=Syste
m,DC=LissWare,DC=Net
cn={31B2F340-016D-11D2-945F-00C04FB984F9} (DirectoryString)
instanceType=4 (INTEGER)
objectCategory=CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=LissW
are,DC=Net (DN)
displayName=Default Domain Policy (DirectoryString)
distinguishedName=CN={31B2F340-016D-11D2-945F-00C04FB984F9},CN=Policies,CN=S
ystem,DC=LissWare,DC=Net (DN)
flags=0 (INTEGER)
gPCFileSysPath=\\LissWare.Net\sysvol\LissWare.Net\Policies\{31B2F340-016D-11
D2-945F-00C04FB984F9} (DirectoryString)
gPCFunctionalityVersion=2 (INTEGER)
gPCMachineExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-50
9E-11D1-A7CC-F87571E3}{53D6AB1B-2488-11D1-A28C-00C04FB94F17}][{827D319E-
6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-B4FB-11D0-A
gPCUserExtensionNames=[{3060E8D0-7020-11D2-842D-00C04FA372D4}{3060E8CE-7020-
11D2-842D-00C04FA372D4}] (DirectoryString)
isCriticalSystemObject=True (Boolean)
name={31B2F340-016D-11D2-945F-00C04FB984F9} (DirectoryString)
showInAdvancedViewOnly=True (Boolean)
systemFlags=-1946157056 (INTEGER)
versionNumber=65546 (INTEGER)
whenChanged=08-Jun-2004 21:11:01 (GeneralizedTime)
whenCreated=01-Jun-2004 19:07:23 (GeneralizedTime)
OU=Domain Controllers (organizationalUnit)
Found an existing Policy: 'Default Domain Controllers Policy'
(groupPolicyContainer)
GPLink=LDAP://CN={6AC1786C-016F-11D2-945F-00C04fB984F9},CN=Policies,CN=Syste
m,DC=LissWare,DC=Net
cn={6AC1786C-016F-11D2-945F-00C04fB984F9} (DirectoryString)
instanceType=4 (INTEGER)
objectCategory=CN=Group-Policy-Container,CN=Schema,CN=Configuration,DC=LissW
are,DC=Net (DN)
displayName=Default Domain Controllers Policy (DirectoryString)
distinguishedName=CN={6AC1786C-016F-11D2-945F-00C04fB984F9},CN=Policies,CN=S
ystem,DC=LissWare,DC=Net (DN)
flags=0 (INTEGER)
gPCFileSysPath=\\LissWare.Net\sysvol\LissWare.Net\Policies\{6AC1786C-016F-11
D2-945F-00C04fB984F9} (DirectoryString)
gPCFunctionalityVersion=2 (INTEGER)
gPCMachineExtensionNames=[{35378EAC-683F-11D2-A89A-00C04FBBCFA2}{0F6B957D-50
9E-11D1-A7CC-F87571E3}][{827D319E-6EAC-11D2-A4EA-00C04F79F83A}{803E14A0-
B4FB-11D0-A0D0-00A0C90F574B}] (DirectoryString)
isCriticalSystemObject=True (Boolean)
name={6AC1786C-016F-11D2-945F-00C04fB984F9} (DirectoryString)
showInAdvancedViewOnly=True (Boolean)
systemFlags=-1946157056 (INTEGER)
versionNumber=12 (INTEGER)
whenChanged=31-Mar-2005 19:40:09 (GeneralizedTime)
whenCreated=01-Jun-2004 19:07:23 (GeneralizedTime)
HTH
/Alain
-Original Message-
From: Alain Lissoir [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 10, 2005 6:29 AM
To: 'ActiveDir@mail.activedir.org'
Subject: RE: [ActiveDir] 2 quick favors
For 1/, try this one below. For 2/ I don't have one close but I'm sure some
folks here can feed you ...
The script doesn't dump in a text file, but that's an easy addition. HTH
' FindGPOLinks v1.04.vbs - Version 1.04 - Alain Lissoir '
' WSH Script browsing the 'DefaultNamingContext' and the
'configurationNamingContext'
' to retrieve the Group Policies linked to AD objects.
' This should facilitate the search of created policies in the Active
Directory.
'
' The script is using a basic LDAP access in the current user context, ' so,
you should have enough rights to access AD objects.
'
' Change in version 1.04
'
' - Add an error
Re: [ActiveDir] 2 quick favors
I think i'm screwing up the syntax. this is a sample output in logfile.txt- workstationpc psexec \\workstationpc net user thats all. thanks On 8/10/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: For part 2 Download psexec.exe (sysinternals) Create a computerlist.txt with all the pcnames (FQDN if you don't trust your wins) From command line (replace %i with %%i if using batch file) using your DA/EA credentials for example For /F %i IN (computerlist.txt) do echo %i logfile.txt psexec \\%i net user logfile.txt Note: Above will query remotely irregardless if computer is online or offline (slow if offline) - you can modify to include ping test if you want. Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 10, 2005 11:47 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2 quick favors I get errors with this script- the active directory property cannot be found in the cache I'm running win2k native mode domain. thanks. sorry to bother. On 8/10/05, Alain Lissoir [EMAIL PROTECTED] wrote: For 1/, try this one below. For 2/ I don't have one close but I'm sure some folks here can feed you ... The script doesn't dump in a text file, but that's an easy addition. HTH ' FindGPOLinks v1.04.vbs - Version 1.04 - Alain Lissoir ' ' WSH Script browsing the 'DefaultNamingContext' and the 'configurationNamingContext' ' to retrieve the Group Policies linked to AD objects. ' This should facilitate the search of created policies in the Active Directory. ' ' The script is using a basic LDAP access in the current user context, ' so, you should have enough rights to access AD objects. ' ' Change in version 1.04 ' ' - Add an error Handler in the ShowMemberInfo Private Sub ' ' Change in version 1.02 ' ' - Query the schema to get the property list associated to the 'groupPolicyContainer' class. ' - Display only the defined properties for that class. ' - For the defined properties, the scripts shows the syntax to be used by the property. ' - Take in account the fact that more than one policy can be defined at the container level. ' ' Change in version 1.01 ' ' - Add some code to bind to the GPLink LDAP Pointer to extract some properties. ' ' Any comments or questions:EMail:[EMAIL PROTECTED] Option Explicit Dim ObjRoot Dim Object Dim ObjMember ' --- WScript.Echo WScript.Echo Looking inside 'configurationNamingContext' Set objRoot = GetObject(LDAP://RootDSE) Object = objRoot.Get(configurationNamingContext) Call LookInsideObject (Object) Set Object = Nothing Set objRoot = Nothing ' --- WScript.Echo WScript.Echo Looking inside 'DefaultNamingContext' Set objRoot = GetObject(LDAP://RootDSE) Object = objRoot.Get(DefaultNamingContext) Call LookInsideObject (Object) Set Object = Nothing Set objRoot = Nothing WScript.Quit (0) ' --- Private Sub LookInsideObject (Object) Dim objMember Dim Member Set objMember = GetObject (LDAP:// Object) if objMember.Class sitesContainer And _ objMember.Class container And _ objMember.Class configuration _ Then Call ShowMemberInfo (objMember) For Each Member in objMember If Member.Class = domainDNS Or _ Member.Class = organizationalUnit Or _ Member.Class = sitesContainer Or _ Member.Class = site Or _ Member.Class = container _ Then Call LookInsideObject (Member.Name , Object) Next Set objMember = Nothing End Sub ' --- Private Sub ShowMemberInfo (Object) Dim longStartPolicyPath Dim longEndPolicyPath Dim strPolicyPathSource Dim strPolicyPath Dim objPolicy Dim objPolicyClassDef Dim objPolicyProperty Dim strPropertyName Object.GetInfo If Object.GPLink = Then WScript.Echo Object.Name ( Object.Class ) WScript.Echo (No Group Policy Defined) WScript.Echo End If strPolicyPathSource = Object.GPLink While (strPolicyPathSource ) WScript.Echo Object.Name ( Object.Class ) ' Extract each LDAP pointer from the GPLink. longStartPolicyPath = InStr(1, strPolicyPathSource, [, vbTextCompare
RE: [ActiveDir] 2 quick favors
Hi Tom, For my system it shows like these below C:\Documents and Settings\fhartonopsexec \\xx net user PsExec v1.57 - Execute processes remotely Copyright (C) 2001-2005 Mark Russinovich Sysinternals - www.sysinternals.com User accounts for \\ --- locadmin RenamedGuest TsInternetUser The command completed with one or more errors. net exited on xx with error code 1. Permission issue? Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Friday, August 12, 2005 2:55 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2 quick favors I think i'm screwing up the syntax. this is a sample output in logfile.txt- workstationpc psexec \\workstationpc net user thats all. thanks On 8/10/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: For part 2 Download psexec.exe (sysinternals) Create a computerlist.txt with all the pcnames (FQDN if you don't trust your wins) From command line (replace %i with %%i if using batch file) using your DA/EA credentials for example For /F %i IN (computerlist.txt) do echo %i logfile.txt psexec \\%i net user logfile.txt Note: Above will query remotely irregardless if computer is online or offline (slow if offline) - you can modify to include ping test if you want. Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 10, 2005 11:47 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2 quick favors I get errors with this script- the active directory property cannot be found in the cache I'm running win2k native mode domain. thanks. sorry to bother. On 8/10/05, Alain Lissoir [EMAIL PROTECTED] wrote: For 1/, try this one below. For 2/ I don't have one close but I'm sure some folks here can feed you ... The script doesn't dump in a text file, but that's an easy addition. HTH ' FindGPOLinks v1.04.vbs - Version 1.04 - Alain Lissoir ' ' WSH Script browsing the 'DefaultNamingContext' and the 'configurationNamingContext' ' to retrieve the Group Policies linked to AD objects. ' This should facilitate the search of created policies in the Active Directory. ' ' The script is using a basic LDAP access in the current user context, ' so, you should have enough rights to access AD objects. ' ' Change in version 1.04 ' ' - Add an error Handler in the ShowMemberInfo Private Sub ' ' Change in version 1.02 ' ' - Query the schema to get the property list associated to the 'groupPolicyContainer' class. ' - Display only the defined properties for that class. ' - For the defined properties, the scripts shows the syntax to be used by the property. ' - Take in account the fact that more than one policy can be defined at the container level. ' ' Change in version 1.01 ' ' - Add some code to bind to the GPLink LDAP Pointer to extract some properties. ' ' Any comments or questions:EMail:[EMAIL PROTECTED] Option Explicit Dim ObjRoot Dim Object Dim ObjMember ' --- WScript.Echo WScript.Echo Looking inside 'configurationNamingContext' Set objRoot = GetObject(LDAP://RootDSE) Object = objRoot.Get(configurationNamingContext) Call LookInsideObject (Object) Set Object = Nothing Set objRoot = Nothing ' --- WScript.Echo WScript.Echo Looking inside 'DefaultNamingContext' Set objRoot = GetObject(LDAP://RootDSE) Object = objRoot.Get(DefaultNamingContext) Call LookInsideObject (Object) Set Object = Nothing Set objRoot = Nothing WScript.Quit (0) ' --- Private Sub LookInsideObject (Object) Dim objMember Dim Member Set objMember = GetObject (LDAP:// Object) if objMember.Class sitesContainer And _ objMember.Class container And _ objMember.Class configuration _ Then Call ShowMemberInfo (objMember) For Each Member in objMember If Member.Class = domainDNS Or _ Member.Class = organizationalUnit Or _ Member.Class = sitesContainer Or _ Member.Class = site Or _ Member.Class = container
Re: [ActiveDir] 2 quick favors
i'm running as EA, so i don't think so. the command just echo's everything after echo' for some reason. i'm running it from a winxp sp2 box. it doesn't seem like perms but i'm screwing up the syntax. turn echo off? as it is now, it just echos the psexec invoking net user with no output to the stdout and the logfile. very strange. i don't know where to begin to figure this out thanks On 8/11/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi Tom, For my system it shows like these below C:\Documents and Settings\fhartonopsexec \\xx net user PsExec v1.57 - Execute processes remotely Copyright (C) 2001-2005 Mark Russinovich Sysinternals - www.sysinternals.com User accounts for \\ --- locadmin RenamedGuest TsInternetUser The command completed with one or more errors. net exited on xx with error code 1. Permission issue? Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Friday, August 12, 2005 2:55 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2 quick favors I think i'm screwing up the syntax. this is a sample output in logfile.txt- workstationpc psexec \\workstationpc net user thats all. thanks On 8/10/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: For part 2 Download psexec.exe (sysinternals) Create a computerlist.txt with all the pcnames (FQDN if you don't trust your wins) From command line (replace %i with %%i if using batch file) using your DA/EA credentials for example For /F %i IN (computerlist.txt) do echo %i logfile.txt psexec \\%i net user logfile.txt Note: Above will query remotely irregardless if computer is online or offline (slow if offline) - you can modify to include ping test if you want. Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 10, 2005 11:47 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2 quick favors I get errors with this script- the active directory property cannot be found in the cache I'm running win2k native mode domain. thanks. sorry to bother. On 8/10/05, Alain Lissoir [EMAIL PROTECTED] wrote: For 1/, try this one below. For 2/ I don't have one close but I'm sure some folks here can feed you ... The script doesn't dump in a text file, but that's an easy addition. HTH ' FindGPOLinks v1.04.vbs - Version 1.04 - Alain Lissoir ' ' WSH Script browsing the 'DefaultNamingContext' and the 'configurationNamingContext' ' to retrieve the Group Policies linked to AD objects. ' This should facilitate the search of created policies in the Active Directory. ' ' The script is using a basic LDAP access in the current user context, ' so, you should have enough rights to access AD objects. ' ' Change in version 1.04 ' ' - Add an error Handler in the ShowMemberInfo Private Sub ' ' Change in version 1.02 ' ' - Query the schema to get the property list associated to the 'groupPolicyContainer' class. ' - Display only the defined properties for that class. ' - For the defined properties, the scripts shows the syntax to be used by the property. ' - Take in account the fact that more than one policy can be defined at the container level. ' ' Change in version 1.01 ' ' - Add some code to bind to the GPLink LDAP Pointer to extract some properties. ' ' Any comments or questions:EMail:[EMAIL PROTECTED] Option Explicit Dim ObjRoot Dim Object Dim ObjMember ' --- WScript.Echo WScript.Echo Looking inside 'configurationNamingContext' Set objRoot = GetObject(LDAP://RootDSE) Object = objRoot.Get(configurationNamingContext) Call LookInsideObject (Object) Set Object = Nothing Set objRoot = Nothing ' --- WScript.Echo WScript.Echo Looking inside 'DefaultNamingContext' Set objRoot = GetObject(LDAP://RootDSE) Object = objRoot.Get(DefaultNamingContext) Call LookInsideObject (Object) Set Object = Nothing Set objRoot = Nothing WScript.Quit (0
RE: [ActiveDir] 2 quick favors
Hi Tom A big woops I guess - a was missing :) For /F %i IN (computerlist.txt) do echo %i logfile.txt psexec \\%i net user logfile.txt Try that - and see if it works - im using rcmd.exe (windows resource kit) instead of psexec (works faster) Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Friday, August 12, 2005 7:27 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2 quick favors i'm running as EA, so i don't think so. the command just echo's everything after echo' for some reason. i'm running it from a winxp sp2 box. it doesn't seem like perms but i'm screwing up the syntax. turn echo off? as it is now, it just echos the psexec invoking net user with no output to the stdout and the logfile. very strange. i don't know where to begin to figure this out thanks On 8/11/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Hi Tom, For my system it shows like these below C:\Documents and Settings\fhartonopsexec \\xx net user PsExec v1.57 - Execute processes remotely Copyright (C) 2001-2005 Mark Russinovich Sysinternals - www.sysinternals.com User accounts for \\ --- locadmin RenamedGuest TsInternetUser The command completed with one or more errors. net exited on xx with error code 1. Permission issue? Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Friday, August 12, 2005 2:55 AM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2 quick favors I think i'm screwing up the syntax. this is a sample output in logfile.txt- workstationpc psexec \\workstationpc net user thats all. thanks On 8/10/05, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: For part 2 Download psexec.exe (sysinternals) Create a computerlist.txt with all the pcnames (FQDN if you don't trust your wins) From command line (replace %i with %%i if using batch file) using your DA/EA credentials for example For /F %i IN (computerlist.txt) do echo %i logfile.txt psexec \\%i net user logfile.txt Note: Above will query remotely irregardless if computer is online or offline (slow if offline) - you can modify to include ping test if you want. Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 10, 2005 11:47 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2 quick favors I get errors with this script- the active directory property cannot be found in the cache I'm running win2k native mode domain. thanks. sorry to bother. On 8/10/05, Alain Lissoir [EMAIL PROTECTED] wrote: For 1/, try this one below. For 2/ I don't have one close but I'm sure some folks here can feed you ... The script doesn't dump in a text file, but that's an easy addition. HTH ' FindGPOLinks v1.04.vbs - Version 1.04 - Alain Lissoir ' ' WSH Script browsing the 'DefaultNamingContext' and the 'configurationNamingContext' ' to retrieve the Group Policies linked to AD objects. ' This should facilitate the search of created policies in the Active Directory. ' ' The script is using a basic LDAP access in the current user context, ' so, you should have enough rights to access AD objects. ' ' Change in version 1.04 ' ' - Add an error Handler in the ShowMemberInfo Private Sub ' ' Change in version 1.02 ' ' - Query the schema to get the property list associated to the 'groupPolicyContainer' class. ' - Display only the defined properties for that class. ' - For the defined properties, the scripts shows the syntax to be used by the property. ' - Take in account the fact that more than one policy can be defined at the container level. ' ' Change in version 1.01 ' ' - Add some code to bind to the GPLink LDAP Pointer to extract some properties. ' ' Any comments or questions:EMail:[EMAIL PROTECTED] Option Explicit Dim ObjRoot Dim Object Dim ObjMember ' --- WScript.Echo WScript.Echo Looking inside
RE: [ActiveDir] 2 quick favors
For 1/, try this one below. For 2/ I don't have one close but I'm sure some folks here can feed you ... The script doesn't dump in a text file, but that's an easy addition. HTH ' FindGPOLinks v1.04.vbs - Version 1.04 - Alain Lissoir ' ' WSH Script browsing the 'DefaultNamingContext' and the 'configurationNamingContext' ' to retrieve the Group Policies linked to AD objects. ' This should facilitate the search of created policies in the Active Directory. ' ' The script is using a basic LDAP access in the current user context, ' so, you should have enough rights to access AD objects. ' ' Change in version 1.04 ' ' - Add an error Handler in the ShowMemberInfo Private Sub ' ' Change in version 1.02 ' ' - Query the schema to get the property list associated to the 'groupPolicyContainer' class. ' - Display only the defined properties for that class. ' - For the defined properties, the scripts shows the syntax to be used by the property. ' - Take in account the fact that more than one policy can be defined at the container level. ' ' Change in version 1.01 ' ' - Add some code to bind to the GPLink LDAP Pointer to extract some properties. ' ' Any comments or questions:EMail:[EMAIL PROTECTED] Option Explicit Dim ObjRoot Dim Object Dim ObjMember ' --- WScript.Echo WScript.Echo Looking inside 'configurationNamingContext' Set objRoot = GetObject(LDAP://RootDSE) Object = objRoot.Get(configurationNamingContext) Call LookInsideObject (Object) Set Object = Nothing Set objRoot = Nothing ' --- WScript.Echo WScript.Echo Looking inside 'DefaultNamingContext' Set objRoot = GetObject(LDAP://RootDSE) Object = objRoot.Get(DefaultNamingContext) Call LookInsideObject (Object) Set Object = Nothing Set objRoot = Nothing WScript.Quit (0) ' --- Private Sub LookInsideObject (Object) Dim objMember Dim Member Set objMember = GetObject (LDAP:// Object) if objMember.Class sitesContainer And _ objMember.Class container And _ objMember.Class configuration _ Then Call ShowMemberInfo (objMember) For Each Member in objMember If Member.Class = domainDNS Or _ Member.Class = organizationalUnit Or _ Member.Class = sitesContainer Or _ Member.Class = site Or _ Member.Class = container _ Then Call LookInsideObject (Member.Name , Object) Next Set objMember = Nothing End Sub ' --- Private Sub ShowMemberInfo (Object) Dim longStartPolicyPath Dim longEndPolicyPath Dim strPolicyPathSource Dim strPolicyPath Dim objPolicy Dim objPolicyClassDef Dim objPolicyProperty Dim strPropertyName Object.GetInfo If Object.GPLink = Then WScript.Echo Object.Name ( Object.Class ) WScript.Echo (No Group Policy Defined) WScript.Echo End If strPolicyPathSource = Object.GPLink While (strPolicyPathSource ) WScript.Echo Object.Name ( Object.Class ) ' Extract each LDAP pointer from the GPLink. longStartPolicyPath = InStr(1, strPolicyPathSource, [, vbTextCompare) longEndPolicyPath = InStr(1, strPolicyPathSource, ], vbTextCompare) strPolicyPath = Mid(strPolicyPathSource, longStartPolicyPath + 1, longEndPolicyPath - 4) strPolicyPathSource = Mid(strPolicyPathSource, longEndPolicyPath + 1) Set objPolicy = GetObject(strPolicyPath) objPolicy.GetInfo WScript.Echo Found an existing Policy: ' objPolicy.Get(displayName) ' ( objPolicy.Class ) WScript.Echo GPLink= strPolicyPath Set objPolicyClassDef = GetObject (objPolicy.Schema) On error Goto ErrorHandler For Each strPropertyName In objPolicyClassDef.MandatoryProperties Set objPolicyProperty = GetObject (objPolicyClassDef.Parent + / + strPropertyName) WScript.EchostrPropertyName = objPolicy.Get(strPropertyName) ( objPolicyProperty.Syntax ) Set objPolicyProperty = Nothing Next For Each strPropertyName In objPolicyClassDef.OptionalProperties Set objPolicyProperty = GetObject (objPolicyClassDef.Parent + / + strPropertyName) WScript.EchostrPropertyName = objPolicy.Get(strPropertyName) ( objPolicyProperty.Syntax ) Set objPolicyProperty = Nothing Next Set objPolicyClassDef = Nothing Set objPolicy = Nothing WScript.Echo Wend Exit Sub ErrorHandler: WScript.Echo Err.Description ( Err.Number ) Resume Next End Sub -Original Message- From: [EMAIL PROTECTED]
Re: [ActiveDir] 2 quick favors
I get errors with this script- the active directory property cannot be found in the cache I'm running win2k native mode domain. thanks. sorry to bother. On 8/10/05, Alain Lissoir [EMAIL PROTECTED] wrote: For 1/, try this one below. For 2/ I don't have one close but I'm sure some folks here can feed you ... The script doesn't dump in a text file, but that's an easy addition. HTH ' FindGPOLinks v1.04.vbs - Version 1.04 - Alain Lissoir ' ' WSH Script browsing the 'DefaultNamingContext' and the 'configurationNamingContext' ' to retrieve the Group Policies linked to AD objects. ' This should facilitate the search of created policies in the Active Directory. ' ' The script is using a basic LDAP access in the current user context, ' so, you should have enough rights to access AD objects. ' ' Change in version 1.04 ' ' - Add an error Handler in the ShowMemberInfo Private Sub ' ' Change in version 1.02 ' ' - Query the schema to get the property list associated to the 'groupPolicyContainer' class. ' - Display only the defined properties for that class. ' - For the defined properties, the scripts shows the syntax to be used by the property. ' - Take in account the fact that more than one policy can be defined at the container level. ' ' Change in version 1.01 ' ' - Add some code to bind to the GPLink LDAP Pointer to extract some properties. ' ' Any comments or questions:EMail:[EMAIL PROTECTED] Option Explicit Dim ObjRoot Dim Object Dim ObjMember ' --- WScript.Echo WScript.Echo Looking inside 'configurationNamingContext' Set objRoot = GetObject(LDAP://RootDSE) Object = objRoot.Get(configurationNamingContext) Call LookInsideObject (Object) Set Object = Nothing Set objRoot = Nothing ' --- WScript.Echo WScript.Echo Looking inside 'DefaultNamingContext' Set objRoot = GetObject(LDAP://RootDSE) Object = objRoot.Get(DefaultNamingContext) Call LookInsideObject (Object) Set Object = Nothing Set objRoot = Nothing WScript.Quit (0) ' --- Private Sub LookInsideObject (Object) Dim objMember Dim Member Set objMember = GetObject (LDAP:// Object) if objMember.Class sitesContainer And _ objMember.Class container And _ objMember.Class configuration _ Then Call ShowMemberInfo (objMember) For Each Member in objMember If Member.Class = domainDNS Or _ Member.Class = organizationalUnit Or _ Member.Class = sitesContainer Or _ Member.Class = site Or _ Member.Class = container _ Then Call LookInsideObject (Member.Name , Object) Next Set objMember = Nothing End Sub ' --- Private Sub ShowMemberInfo (Object) Dim longStartPolicyPath Dim longEndPolicyPath Dim strPolicyPathSource Dim strPolicyPath Dim objPolicy Dim objPolicyClassDef Dim objPolicyProperty Dim strPropertyName Object.GetInfo If Object.GPLink = Then WScript.Echo Object.Name ( Object.Class ) WScript.Echo (No Group Policy Defined) WScript.Echo End If strPolicyPathSource = Object.GPLink While (strPolicyPathSource ) WScript.Echo Object.Name ( Object.Class ) ' Extract each LDAP pointer from the GPLink. longStartPolicyPath = InStr(1, strPolicyPathSource, [, vbTextCompare) longEndPolicyPath = InStr(1, strPolicyPathSource, ], vbTextCompare) strPolicyPath = Mid(strPolicyPathSource, longStartPolicyPath + 1, longEndPolicyPath - 4) strPolicyPathSource = Mid(strPolicyPathSource, longEndPolicyPath + 1) Set objPolicy = GetObject(strPolicyPath) objPolicy.GetInfo WScript.Echo Found an existing Policy: ' objPolicy.Get(displayName) ' ( objPolicy.Class ) WScript.Echo GPLink= strPolicyPath Set objPolicyClassDef = GetObject (objPolicy.Schema) On error Goto ErrorHandler For Each strPropertyName In objPolicyClassDef.MandatoryProperties Set objPolicyProperty = GetObject (objPolicyClassDef.Parent + / + strPropertyName) WScript.EchostrPropertyName = objPolicy.Get(strPropertyName) ( objPolicyProperty.Syntax ) Set objPolicyProperty = Nothing Next For Each strPropertyName In objPolicyClassDef.OptionalProperties Set objPolicyProperty = GetObject (objPolicyClassDef.Parent + / + strPropertyName) WScript.EchostrPropertyName = objPolicy.Get(strPropertyName) ( objPolicyProperty.Syntax ) Set objPolicyProperty =
Re: [ActiveDir] 2 quick favors
Ok, I think i'm finding it impossible to create a VBScript or use a tool to enumerate all the settings which are enabled in all or a specific gpo in a win2k domain from a win2k workstation. am i correct? On 8/10/05, Tom Kern [EMAIL PROTECTED] wrote: I get errors with this script- the active directory property cannot be found in the cache I'm running win2k native mode domain. thanks. sorry to bother. On 8/10/05, Alain Lissoir [EMAIL PROTECTED] wrote: For 1/, try this one below. For 2/ I don't have one close but I'm sure some folks here can feed you ... The script doesn't dump in a text file, but that's an easy addition. HTH ' FindGPOLinks v1.04.vbs - Version 1.04 - Alain Lissoir ' ' WSH Script browsing the 'DefaultNamingContext' and the 'configurationNamingContext' ' to retrieve the Group Policies linked to AD objects. ' This should facilitate the search of created policies in the Active Directory. ' ' The script is using a basic LDAP access in the current user context, ' so, you should have enough rights to access AD objects. ' ' Change in version 1.04 ' ' - Add an error Handler in the ShowMemberInfo Private Sub ' ' Change in version 1.02 ' ' - Query the schema to get the property list associated to the 'groupPolicyContainer' class. ' - Display only the defined properties for that class. ' - For the defined properties, the scripts shows the syntax to be used by the property. ' - Take in account the fact that more than one policy can be defined at the container level. ' ' Change in version 1.01 ' ' - Add some code to bind to the GPLink LDAP Pointer to extract some properties. ' ' Any comments or questions:EMail:[EMAIL PROTECTED] Option Explicit Dim ObjRoot Dim Object Dim ObjMember ' --- WScript.Echo WScript.Echo Looking inside 'configurationNamingContext' Set objRoot = GetObject(LDAP://RootDSE) Object = objRoot.Get(configurationNamingContext) Call LookInsideObject (Object) Set Object = Nothing Set objRoot = Nothing ' --- WScript.Echo WScript.Echo Looking inside 'DefaultNamingContext' Set objRoot = GetObject(LDAP://RootDSE) Object = objRoot.Get(DefaultNamingContext) Call LookInsideObject (Object) Set Object = Nothing Set objRoot = Nothing WScript.Quit (0) ' --- Private Sub LookInsideObject (Object) Dim objMember Dim Member Set objMember = GetObject (LDAP:// Object) if objMember.Class sitesContainer And _ objMember.Class container And _ objMember.Class configuration _ Then Call ShowMemberInfo (objMember) For Each Member in objMember If Member.Class = domainDNS Or _ Member.Class = organizationalUnit Or _ Member.Class = sitesContainer Or _ Member.Class = site Or _ Member.Class = container _ Then Call LookInsideObject (Member.Name , Object) Next Set objMember = Nothing End Sub ' --- Private Sub ShowMemberInfo (Object) Dim longStartPolicyPath Dim longEndPolicyPath Dim strPolicyPathSource Dim strPolicyPath Dim objPolicy Dim objPolicyClassDef Dim objPolicyProperty Dim strPropertyName Object.GetInfo If Object.GPLink = Then WScript.Echo Object.Name ( Object.Class ) WScript.Echo (No Group Policy Defined) WScript.Echo End If strPolicyPathSource = Object.GPLink While (strPolicyPathSource ) WScript.Echo Object.Name ( Object.Class ) ' Extract each LDAP pointer from the GPLink. longStartPolicyPath = InStr(1, strPolicyPathSource, [, vbTextCompare) longEndPolicyPath = InStr(1, strPolicyPathSource, ], vbTextCompare) strPolicyPath = Mid(strPolicyPathSource, longStartPolicyPath + 1, longEndPolicyPath - 4) strPolicyPathSource = Mid(strPolicyPathSource, longEndPolicyPath + 1) Set objPolicy = GetObject(strPolicyPath) objPolicy.GetInfo WScript.Echo Found an existing Policy: ' objPolicy.Get(displayName) ' ( objPolicy.Class ) WScript.Echo GPLink= strPolicyPath Set objPolicyClassDef = GetObject (objPolicy.Schema) On error Goto ErrorHandler For Each strPropertyName In objPolicyClassDef.MandatoryProperties Set objPolicyProperty = GetObject (objPolicyClassDef.Parent + / + strPropertyName) WScript.EchostrPropertyName = objPolicy.Get(strPropertyName) ( objPolicyProperty.Syntax )
RE: [ActiveDir] 2 quick favors
the enviorment i work in is all win2k pro/server so GPMC is out. Are you saying you don't even have a single WinXP box in this environment? If you have one, you could still install GPMC on the XP client - this will work fine against a win2k AD. Then execute the GetReportsForAllGPOs.wsf script that comes with GPMC (typically in the C:\Program Files\GPMC\Scripts folder). This will dump all settings of all GPOs in a domain including the links where the GPOs are applied. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Mittwoch, 10. August 2005 19:26 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2 quick favors Ok, I think i'm finding it impossible to create a VBScript or use a tool to enumerate all the settings which are enabled in all or a specific gpo in a win2k domain from a win2k workstation. am i correct? On 8/10/05, Tom Kern [EMAIL PROTECTED] wrote: I get errors with this script- the active directory property cannot be found in the cache I'm running win2k native mode domain. thanks. sorry to bother. On 8/10/05, Alain Lissoir [EMAIL PROTECTED] wrote: For 1/, try this one below. For 2/ I don't have one close but I'm sure some folks here can feed you ... The script doesn't dump in a text file, but that's an easy addition. HTH ' FindGPOLinks v1.04.vbs - Version 1.04 - Alain Lissoir ' ' WSH Script browsing the 'DefaultNamingContext' and the 'configurationNamingContext' ' to retrieve the Group Policies linked to AD objects. ' This should facilitate the search of created policies in the Active Directory. ' ' The script is using a basic LDAP access in the current user context, ' so, you should have enough rights to access AD objects. ' ' Change in version 1.04 ' ' - Add an error Handler in the ShowMemberInfo Private Sub ' ' Change in version 1.02 ' ' - Query the schema to get the property list associated to the 'groupPolicyContainer' class. ' - Display only the defined properties for that class. ' - For the defined properties, the scripts shows the syntax to be used by the property. ' - Take in account the fact that more than one policy can be defined at the container level. ' ' Change in version 1.01 ' ' - Add some code to bind to the GPLink LDAP Pointer to extract some properties. ' ' Any comments or questions:EMail:[EMAIL PROTECTED] Option Explicit Dim ObjRoot Dim Object Dim ObjMember ' --- WScript.Echo WScript.Echo Looking inside 'configurationNamingContext' Set objRoot = GetObject(LDAP://RootDSE) Object = objRoot.Get(configurationNamingContext) Call LookInsideObject (Object) Set Object = Nothing Set objRoot = Nothing ' --- WScript.Echo WScript.Echo Looking inside 'DefaultNamingContext' Set objRoot = GetObject(LDAP://RootDSE) Object = objRoot.Get(DefaultNamingContext) Call LookInsideObject (Object) Set Object = Nothing Set objRoot = Nothing WScript.Quit (0) ' --- Private Sub LookInsideObject (Object) Dim objMember Dim Member Set objMember = GetObject (LDAP:// Object) if objMember.Class sitesContainer And _ objMember.Class container And _ objMember.Class configuration _ Then Call ShowMemberInfo (objMember) For Each Member in objMember If Member.Class = domainDNS Or _ Member.Class = organizationalUnit Or _ Member.Class = sitesContainer Or _ Member.Class = site Or _ Member.Class = container _ Then Call LookInsideObject (Member.Name , Object) Next Set objMember = Nothing End Sub ' --- Private Sub ShowMemberInfo (Object) Dim longStartPolicyPath Dim longEndPolicyPath Dim strPolicyPathSource Dim strPolicyPath Dim objPolicy Dim objPolicyClassDef Dim objPolicyProperty Dim strPropertyName Object.GetInfo If Object.GPLink = Then WScript.Echo Object.Name ( Object.Class ) WScript.Echo (No Group Policy Defined) WScript.Echo End If strPolicyPathSource = Object.GPLink While (strPolicyPathSource ) WScript.Echo Object.Name ( Object.Class ) ' Extract each LDAP pointer from the GPLink. longStartPolicyPath = InStr(1, strPolicyPathSource, [, vbTextCompare) longEndPolicyPath = InStr(1, strPolicyPathSource, ], vbTextCompare) strPolicyPath = Mid(strPolicyPathSource, longStartPolicyPath + 1, longEndPolicyPath - 4
Re: [ActiveDir] 2 quick favors
yeah, unfortunately, i'm saying there is not one xp box to be seen... can this be done from a win2k box somehow? thanks On 8/10/05, Grillenmeier, Guido [EMAIL PROTECTED] wrote: the enviorment i work in is all win2k pro/server so GPMC is out. Are you saying you don't even have a single WinXP box in this environment? If you have one, you could still install GPMC on the XP client - this will work fine against a win2k AD. Then execute the GetReportsForAllGPOs.wsf script that comes with GPMC (typically in the C:\Program Files\GPMC\Scripts folder). This will dump all settings of all GPOs in a domain including the links where the GPOs are applied. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Mittwoch, 10. August 2005 19:26 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2 quick favors Ok, I think i'm finding it impossible to create a VBScript or use a tool to enumerate all the settings which are enabled in all or a specific gpo in a win2k domain from a win2k workstation. am i correct? On 8/10/05, Tom Kern [EMAIL PROTECTED] wrote: I get errors with this script- the active directory property cannot be found in the cache I'm running win2k native mode domain. thanks. sorry to bother. On 8/10/05, Alain Lissoir [EMAIL PROTECTED] wrote: For 1/, try this one below. For 2/ I don't have one close but I'm sure some folks here can feed you ... The script doesn't dump in a text file, but that's an easy addition. HTH ' FindGPOLinks v1.04.vbs - Version 1.04 - Alain Lissoir ' ' WSH Script browsing the 'DefaultNamingContext' and the 'configurationNamingContext' ' to retrieve the Group Policies linked to AD objects. ' This should facilitate the search of created policies in the Active Directory. ' ' The script is using a basic LDAP access in the current user context, ' so, you should have enough rights to access AD objects. ' ' Change in version 1.04 ' ' - Add an error Handler in the ShowMemberInfo Private Sub ' ' Change in version 1.02 ' ' - Query the schema to get the property list associated to the 'groupPolicyContainer' class. ' - Display only the defined properties for that class. ' - For the defined properties, the scripts shows the syntax to be used by the property. ' - Take in account the fact that more than one policy can be defined at the container level. ' ' Change in version 1.01 ' ' - Add some code to bind to the GPLink LDAP Pointer to extract some properties. ' ' Any comments or questions:EMail:[EMAIL PROTECTED] Option Explicit Dim ObjRoot Dim Object Dim ObjMember ' --- WScript.Echo WScript.Echo Looking inside 'configurationNamingContext' Set objRoot = GetObject(LDAP://RootDSE) Object = objRoot.Get(configurationNamingContext) Call LookInsideObject (Object) Set Object = Nothing Set objRoot = Nothing ' --- WScript.Echo WScript.Echo Looking inside 'DefaultNamingContext' Set objRoot = GetObject(LDAP://RootDSE) Object = objRoot.Get(DefaultNamingContext) Call LookInsideObject (Object) Set Object = Nothing Set objRoot = Nothing WScript.Quit (0) ' --- Private Sub LookInsideObject (Object) Dim objMember Dim Member Set objMember = GetObject (LDAP:// Object) if objMember.Class sitesContainer And _ objMember.Class container And _ objMember.Class configuration _ Then Call ShowMemberInfo (objMember) For Each Member in objMember If Member.Class = domainDNS Or _ Member.Class = organizationalUnit Or _ Member.Class = sitesContainer Or _ Member.Class = site Or _ Member.Class = container _ Then Call LookInsideObject (Member.Name , Object) Next Set objMember = Nothing End Sub ' --- Private Sub ShowMemberInfo (Object) Dim longStartPolicyPath Dim longEndPolicyPath Dim strPolicyPathSource Dim strPolicyPath Dim objPolicy Dim objPolicyClassDef Dim objPolicyProperty Dim strPropertyName Object.GetInfo If Object.GPLink = Then WScript.Echo Object.Name ( Object.Class ) WScript.Echo (No Group Policy Defined) WScript.Echo End If strPolicyPathSource = Object.GPLink While (strPolicyPathSource ) WScript.Echo
Re: [ActiveDir] 2 quick favors
Upgrade your workstation to XP and run it from there? Install a VPC that is running XP and run it from there? Phil On 8/10/05, Tom Kern [EMAIL PROTECTED] wrote: yeah, unfortunately, i'm saying there is not one xp box to be seen... can this be done from a win2k box somehow? thanks On 8/10/05, Grillenmeier, Guido [EMAIL PROTECTED] wrote: the enviorment i work in is all win2k pro/server so GPMC is out. Are you saying you don't even have a single WinXP box in this environment? If you have one, you could still install GPMC on the XP client - this will work fine against a win2k AD. Then execute the GetReportsForAllGPOs.wsf script that comes with GPMC (typically in the C:\Program Files\GPMC\Scripts folder). This will dump all settings of all GPOs in a domain including the links where the GPOs are applied. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Mittwoch, 10. August 2005 19:26 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2 quick favors Ok, I think i'm finding it impossible to create a VBScript or use a tool to enumerate all the settings which are enabled in all or a specific gpo in a win2k domain from a win2k workstation. am i correct? On 8/10/05, Tom Kern [EMAIL PROTECTED] wrote: I get errors with this script- the active directory property cannot be found in the cache I'm running win2k native mode domain. thanks. sorry to bother. On 8/10/05, Alain Lissoir [EMAIL PROTECTED] wrote: For 1/, try this one below. For 2/ I don't have one close but I'm sure some folks here can feed you ... The script doesn't dump in a text file, but that's an easy addition. HTH ' FindGPOLinks v1.04.vbs - Version 1.04 - Alain Lissoir ' ' WSH Script browsing the 'DefaultNamingContext' and the 'configurationNamingContext' ' to retrieve the Group Policies linked to AD objects. ' This should facilitate the search of created policies in the Active Directory. ' ' The script is using a basic LDAP access in the current user context, ' so, you should have enough rights to access AD objects. ' ' Change in version 1.04 ' ' - Add an error Handler in the ShowMemberInfo Private Sub ' ' Change in version 1.02 ' ' - Query the schema to get the property list associated to the 'groupPolicyContainer' class. ' - Display only the defined properties for that class. ' - For the defined properties, the scripts shows the syntax to be used by the property. ' - Take in account the fact that more than one policy can be defined at the container level. ' ' Change in version 1.01 ' ' - Add some code to bind to the GPLink LDAP Pointer to extract some properties. ' ' Any comments or questions:EMail:[EMAIL PROTECTED] Option Explicit Dim ObjRoot Dim Object Dim ObjMember ' --- WScript.Echo WScript.Echo Looking inside 'configurationNamingContext' Set objRoot = GetObject(LDAP://RootDSE) Object = objRoot.Get(configurationNamingContext) Call LookInsideObject (Object) Set Object = Nothing Set objRoot = Nothing ' --- WScript.Echo WScript.Echo Looking inside 'DefaultNamingContext' Set objRoot = GetObject(LDAP://RootDSE) Object = objRoot.Get(DefaultNamingContext) Call LookInsideObject (Object) Set Object = Nothing Set objRoot = Nothing WScript.Quit (0) ' --- Private Sub LookInsideObject (Object) Dim objMember Dim Member Set objMember = GetObject (LDAP:// Object) if objMember.Class sitesContainer And _ objMember.Class container And _ objMember.Class configuration _ Then Call ShowMemberInfo (objMember) For Each Member in objMember If Member.Class = domainDNS Or _ Member.Class = organizationalUnit Or _ Member.Class = sitesContainer Or _ Member.Class = site Or _ Member.Class = container _ Then Call LookInsideObject (Member.Name , Object) Next Set objMember = Nothing End Sub ' --- Private Sub ShowMemberInfo (Object) Dim longStartPolicyPath Dim longEndPolicyPath Dim strPolicyPathSource Dim strPolicyPath Dim objPolicy Dim objPolicyClassDef Dim objPolicyProperty Dim
Re: [ActiveDir] 2 quick favors
everything is locked down in this enviorment. there's 802.1x security on the switchport,etc so its a major pain to introduce any new machine. i have an xp laptop that i can't plug in without going thru 5 diff people so in the end i just thought this might be done thru win2k somehow via vbscript or some third party tool. if no one can figure out a solution to this query, how 'bout my second one- enumerate every local account/group(non-default) on every local machine sam in the domain? Thanks for all your help guys! On 8/10/05, Phil Renouf [EMAIL PROTECTED] wrote: Upgrade your workstation to XP and run it from there? Install a VPC that is running XP and run it from there? Phil On 8/10/05, Tom Kern [EMAIL PROTECTED] wrote: yeah, unfortunately, i'm saying there is not one xp box to be seen... can this be done from a win2k box somehow? thanks On 8/10/05, Grillenmeier, Guido [EMAIL PROTECTED] wrote: the enviorment i work in is all win2k pro/server so GPMC is out. Are you saying you don't even have a single WinXP box in this environment? If you have one, you could still install GPMC on the XP client - this will work fine against a win2k AD. Then execute the GetReportsForAllGPOs.wsf script that comes with GPMC (typically in the C:\Program Files\GPMC\Scripts folder). This will dump all settings of all GPOs in a domain including the links where the GPOs are applied. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Mittwoch, 10. August 2005 19:26 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2 quick favors Ok, I think i'm finding it impossible to create a VBScript or use a tool to enumerate all the settings which are enabled in all or a specific gpo in a win2k domain from a win2k workstation. am i correct? On 8/10/05, Tom Kern [EMAIL PROTECTED] wrote: I get errors with this script- the active directory property cannot be found in the cache I'm running win2k native mode domain. thanks. sorry to bother. On 8/10/05, Alain Lissoir [EMAIL PROTECTED] wrote: For 1/, try this one below. For 2/ I don't have one close but I'm sure some folks here can feed you ... The script doesn't dump in a text file, but that's an easy addition. HTH ' FindGPOLinks v1.04.vbs - Version 1.04 - Alain Lissoir ' ' WSH Script browsing the 'DefaultNamingContext' and the 'configurationNamingContext' ' to retrieve the Group Policies linked to AD objects. ' This should facilitate the search of created policies in the Active Directory. ' ' The script is using a basic LDAP access in the current user context, ' so, you should have enough rights to access AD objects. ' ' Change in version 1.04 ' ' - Add an error Handler in the ShowMemberInfo Private Sub ' ' Change in version 1.02 ' ' - Query the schema to get the property list associated to the 'groupPolicyContainer' class. ' - Display only the defined properties for that class. ' - For the defined properties, the scripts shows the syntax to be used by the property. ' - Take in account the fact that more than one policy can be defined at the container level. ' ' Change in version 1.01 ' ' - Add some code to bind to the GPLink LDAP Pointer to extract some properties. ' ' Any comments or questions:EMail:[EMAIL PROTECTED] Option Explicit Dim ObjRoot Dim Object Dim ObjMember ' --- WScript.Echo WScript.Echo Looking inside 'configurationNamingContext' Set objRoot = GetObject(LDAP://RootDSE) Object = objRoot.Get(configurationNamingContext) Call LookInsideObject (Object) Set Object = Nothing Set objRoot = Nothing ' --- WScript.Echo WScript.Echo Looking inside 'DefaultNamingContext' Set objRoot = GetObject(LDAP://RootDSE) Object = objRoot.Get(DefaultNamingContext) Call LookInsideObject (Object) Set Object = Nothing Set objRoot = Nothing WScript.Quit (0) ' --- Private Sub LookInsideObject (Object) Dim objMember Dim Member Set objMember = GetObject (LDAP:// Object) if objMember.Class sitesContainer And _ objMember.Class container And _ objMember.Class configuration _ Then Call ShowMemberInfo (objMember) For Each Member in objMember
RE: [ActiveDir] 2 quick favors
Scripts to enumerate users on the workstations and member servers, would likely take you enumerating that class and then iterating through each one (connecting and gathering the information). Chock full of reasons why that might not work. That said, I think a pretty good approach would be to use a logon script for the workstations and use a centralized script for the member servers. Something like: http://groups-beta.google.com/group/microsoft.public.scripting.wsh/browse_frm/thread/e97b62e4801a877b/58e383209f49a891?lnk=stq=vbscript+enumerate+groups+site:technet.comrnum=2hl=en#58e383209f49a891 Or http://www.microsoft.com/technet/scriptcenter/scripts/ad/computer/default.mspx http://groups-beta.google.com/group/microsoft.public.scripting.vbscript/browse_frm/thread/272360ec34f8ae9b/649cc13d7c44b99f?lnk=stq=vbscript+list+administrators+group+membership+local+site:microsoft.comrnum=1hl=en#649cc13d7c44b99f -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 10, 2005 2:47 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2 quick favors everything is locked down in this enviorment. there's 802.1x security on the switchport,etc so its a major pain to introduce any new machine. i have an xp laptop that i can't plug in without going thru 5 diff people so in the end i just thought this might be done thru win2k somehow via vbscript or some third party tool. if no one can figure out a solution to this query, how 'bout my second one- enumerate every local account/group(non-default) on every local machine sam in the domain? Thanks for all your help guys! On 8/10/05, Phil Renouf [EMAIL PROTECTED] wrote: Upgrade your workstation to XP and run it from there? Install a VPC that is running XP and run it from there? Phil On 8/10/05, Tom Kern [EMAIL PROTECTED] wrote: yeah, unfortunately, i'm saying there is not one xp box to be seen... can this be done from a win2k box somehow? thanks On 8/10/05, Grillenmeier, Guido [EMAIL PROTECTED] wrote: the enviorment i work in is all win2k pro/server so GPMC is out. Are you saying you don't even have a single WinXP box in this environment? If you have one, you could still install GPMC on the XP client - this will work fine against a win2k AD. Then execute the GetReportsForAllGPOs.wsf script that comes with GPMC (typically in the C:\Program Files\GPMC\Scripts folder). This will dump all settings of all GPOs in a domain including the links where the GPOs are applied. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Mittwoch, 10. August 2005 19:26 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2 quick favors Ok, I think i'm finding it impossible to create a VBScript or use a tool to enumerate all the settings which are enabled in all or a specific gpo in a win2k domain from a win2k workstation. am i correct? On 8/10/05, Tom Kern [EMAIL PROTECTED] wrote: I get errors with this script- the active directory property cannot be found in the cache I'm running win2k native mode domain. thanks. sorry to bother. On 8/10/05, Alain Lissoir [EMAIL PROTECTED] wrote: For 1/, try this one below. For 2/ I don't have one close but I'm sure some folks here can feed you ... The script doesn't dump in a text file, but that's an easy addition. HTH ' FindGPOLinks v1.04.vbs - Version 1.04 - Alain Lissoir ' ' WSH Script browsing the 'DefaultNamingContext' and the 'configurationNamingContext' ' to retrieve the Group Policies linked to AD objects. ' This should facilitate the search of created policies in the Active Directory. ' ' The script is using a basic LDAP access in the current user context, ' so, you should have enough rights to access AD objects. ' ' Change in version 1.04 ' ' - Add an error Handler in the ShowMemberInfo Private Sub ' ' Change in version 1.02 ' ' - Query the schema to get the property list associated to the 'groupPolicyContainer' class. ' - Display only the defined properties for that class. ' - For the defined properties, the scripts shows the syntax to be used by the property. ' - Take in account the fact that more than one policy can be defined at the container level. ' ' Change in version 1.01 ' ' - Add some code to bind to the GPLink LDAP Pointer to extract some properties. ' ' Any comments or questions:EMail:[EMAIL PROTECTED] Option Explicit Dim ObjRoot Dim Object Dim ObjMember ' -- -- --- WScript.Echo WScript.Echo
Re: [ActiveDir] 2 quick favors
I'm not an SMS guy, but would SMS have that information (or the ability to gather it with the SMS agent)? Not too useful if you don't already have SMS... Phil On 8/10/05, Al Mulnick [EMAIL PROTECTED] wrote: Scripts to enumerate users on the workstations and member servers, would likely take you enumerating that class and then iterating through each one (connecting and gathering the information). Chock full of reasons why that might not work. That said, I think a pretty good approach would be to use a logon script for the workstations and use a centralized script for the member servers. Something like: http://groups-beta.google.com/group/microsoft.public.scripting.wsh/browse_frm/thread/e97b62e4801a877b/58e383209f49a891?lnk=stq=vbscript+enumerate+groups+site:technet.comrnum=2hl=en#58e383209f49a891 Or http://www.microsoft.com/technet/scriptcenter/scripts/ad/computer/default.mspx http://groups-beta.google.com/group/microsoft.public.scripting.vbscript/browse_frm/thread/272360ec34f8ae9b/649cc13d7c44b99f?lnk=stq=vbscript+list+administrators+group+membership+local+site:microsoft.comrnum=1hl=en#649cc13d7c44b99f -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 10, 2005 2:47 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2 quick favors everything is locked down in this enviorment. there's 802.1x security on the switchport,etc so its a major pain to introduce any new machine. i have an xp laptop that i can't plug in without going thru 5 diff people so in the end i just thought this might be done thru win2k somehow via vbscript or some third party tool. if no one can figure out a solution to this query, how 'bout my second one- enumerate every local account/group(non-default) on every local machine sam in the domain? Thanks for all your help guys! On 8/10/05, Phil Renouf [EMAIL PROTECTED] wrote: Upgrade your workstation to XP and run it from there? Install a VPC that is running XP and run it from there? Phil On 8/10/05, Tom Kern [EMAIL PROTECTED] wrote: yeah, unfortunately, i'm saying there is not one xp box to be seen... can this be done from a win2k box somehow? thanks On 8/10/05, Grillenmeier, Guido [EMAIL PROTECTED] wrote: the enviorment i work in is all win2k pro/server so GPMC is out. Are you saying you don't even have a single WinXP box in this environment? If you have one, you could still install GPMC on the XP client - this will work fine against a win2k AD. Then execute the GetReportsForAllGPOs.wsf script that comes with GPMC (typically in the C:\Program Files\GPMC\Scripts folder). This will dump all settings of all GPOs in a domain including the links where the GPOs are applied. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Mittwoch, 10. August 2005 19:26 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2 quick favors Ok, I think i'm finding it impossible to create a VBScript or use a tool to enumerate all the settings which are enabled in all or a specific gpo in a win2k domain from a win2k workstation. am i correct? On 8/10/05, Tom Kern [EMAIL PROTECTED] wrote: I get errors with this script- the active directory property cannot be found in the cache I'm running win2k native mode domain. thanks. sorry to bother. On 8/10/05, Alain Lissoir [EMAIL PROTECTED] wrote: For 1/, try this one below. For 2/ I don't have one close but I'm sure some folks here can feed you ... The script doesn't dump in a text file, but that's an easy addition. HTH ' FindGPOLinks v1.04.vbs - Version 1.04 - Alain Lissoir ' ' WSH Script browsing the 'DefaultNamingContext' and the 'configurationNamingContext' ' to retrieve the Group Policies linked to AD objects. ' This should facilitate the search of created policies in the Active Directory. ' ' The script is using a basic LDAP access in the current user context, ' so, you should have enough rights to access AD objects. ' ' Change in version 1.04 ' ' - Add an error Handler in the ShowMemberInfo Private Sub ' ' Change in version 1.02 ' ' - Query the schema to get the property list associated to the 'groupPolicyContainer' class. ' - Display only the defined properties for that class. ' - For the defined properties, the scripts shows the syntax to be used by the property. ' - Take in account the fact that more than one policy can be defined at the container level. ' ' Change in version 1.01 ' ' - Add some code to bind to the GPLink LDAP Pointer
RE: [ActiveDir] 2 quick favors
I don't honestly know if it would be inherent or if you'd have to write a script and get SMS to deliver/run it for you. I suspect the latter but I'm not an SMS type either. Be interesting to hear if anyone who has SMS knows that answer. From: [EMAIL PROTECTED] on behalf of Phil Renouf Sent: Wed 8/10/2005 5:42 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2 quick favors I'm not an SMS guy, but would SMS have that information (or the ability to gather it with the SMS agent)? Not too useful if you don't already have SMS... Phil On 8/10/05, Al Mulnick [EMAIL PROTECTED] wrote: Scripts to enumerate users on the workstations and member servers, would likely take you enumerating that class and then iterating through each one (connecting and gathering the information). Chock full of reasons why that might not work. That said, I think a pretty good approach would be to use a logon script for the workstations and use a centralized script for the member servers. Something like: http://groups-beta.google.com/group/microsoft.public.scripting.wsh/browse_frm/thread/e97b62e4801a877b/58e383209f49a891?lnk=stq=vbscript+enumerate+groups+site:technet.comrnum=2hl=en#58e383209f49a891 Or http://www.microsoft.com/technet/scriptcenter/scripts/ad/computer/default.mspx http://groups-beta.google.com/group/microsoft.public.scripting.vbscript/browse_frm/thread/272360ec34f8ae9b/649cc13d7c44b99f?lnk=stq=vbscript+list+administrators+group+membership+local+site:microsoft.comrnum=1hl=en#649cc13d7c44b99f -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 10, 2005 2:47 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2 quick favors everything is locked down in this enviorment. there's 802.1x security on the switchport,etc so its a major pain to introduce any new machine. i have an xp laptop that i can't plug in without going thru 5 diff people so in the end i just thought this might be done thru win2k somehow via vbscript or some third party tool. if no one can figure out a solution to this query, how 'bout my second one- enumerate every local account/group(non-default) on every local machine sam in the domain? Thanks for all your help guys! On 8/10/05, Phil Renouf [EMAIL PROTECTED] wrote: Upgrade your workstation to XP and run it from there? Install a VPC that is running XP and run it from there? Phil On 8/10/05, Tom Kern [EMAIL PROTECTED] wrote: yeah, unfortunately, i'm saying there is not one xp box to be seen... can this be done from a win2k box somehow? thanks On 8/10/05, Grillenmeier, Guido [EMAIL PROTECTED] wrote: the enviorment i work in is all win2k pro/server so GPMC is out. Are you saying you don't even have a single WinXP box in this environment? If you have one, you could still install GPMC on the XP client - this will work fine against a win2k AD. Then execute the GetReportsForAllGPOs.wsf script that comes with GPMC (typically in the C:\Program Files\GPMC\Scripts folder). This will dump all settings of all GPOs in a domain including the links where the GPOs are applied. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Mittwoch, 10. August 2005 19:26 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2 quick favors Ok, I think i'm finding it impossible to create a VBScript or use a tool to enumerate all the settings which are enabled in all or a specific gpo in a win2k domain from a win2k workstation. am i correct? On 8/10/05, Tom Kern [EMAIL PROTECTED] wrote: I get errors with this script- the active directory property cannot be found in the cache I'm running win2k native mode domain. thanks. sorry to bother. On 8/10/05, Alain Lissoir [EMAIL PROTECTED] wrote: For 1/, try this one below. For 2/ I don't have one close but I'm sure some folks here can feed you ... The script doesn't dump in a text file, but that's an easy addition. HTH ' FindGPOLinks v1.04.vbs - Version 1.04 - Alain Lissoir ' ' WSH Script browsing the 'DefaultNamingContext' and the 'configurationNamingContext' ' to retrieve the Group Policies linked to AD objects. ' This should facilitate the search of created policies in the Active Directory. ' ' The script is using a basic LDAP access in the current user context, ' so, you should have enough rights to access AD objects. ' ' Change in version 1.04 ' ' - Add an error Handler in the ShowMemberInfo Private Sub ' ' Change in version 1.02 ' ' - Query the schema to get the property list associated
Re: [ActiveDir] 2 quick favors
no sms here. i just need to know all the local accounts on workstations and member servers. my managers want to know this info now that they broke from this outsourcing company. they need to know what accounts they may have created locally. paranoia, i guess.. On 8/10/05, Al Mulnick [EMAIL PROTECTED] wrote: I don't honestly know if it would be inherent or if you'd have to write a script and get SMS to deliver/run it for you. I suspect the latter but I'm not an SMS type either. Be interesting to hear if anyone who has SMS knows that answer. From: [EMAIL PROTECTED] on behalf of Phil Renouf Sent: Wed 8/10/2005 5:42 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2 quick favors I'm not an SMS guy, but would SMS have that information (or the ability to gather it with the SMS agent)? Not too useful if you don't already have SMS... Phil On 8/10/05, Al Mulnick [EMAIL PROTECTED] wrote: Scripts to enumerate users on the workstations and member servers, would likely take you enumerating that class and then iterating through each one (connecting and gathering the information). Chock full of reasons why that might not work. That said, I think a pretty good approach would be to use a logon script for the workstations and use a centralized script for the member servers. Something like: http://groups-beta.google.com/group/microsoft.public.scripting.wsh/browse_frm/thread/e97b62e4801a877b/58e383209f49a891?lnk=stq=vbscript+enumerate+groups+site:technet.comrnum=2hl=en#58e383209f49a891 Or http://www.microsoft.com/technet/scriptcenter/scripts/ad/computer/default.mspx http://groups-beta.google.com/group/microsoft.public.scripting.vbscript/browse_frm/thread/272360ec34f8ae9b/649cc13d7c44b99f?lnk=stq=vbscript+list+administrators+group+membership+local+site:microsoft.comrnum=1hl=en#649cc13d7c44b99f -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 10, 2005 2:47 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2 quick favors everything is locked down in this enviorment. there's 802.1x security on the switchport,etc so its a major pain to introduce any new machine. i have an xp laptop that i can't plug in without going thru 5 diff people so in the end i just thought this might be done thru win2k somehow via vbscript or some third party tool. if no one can figure out a solution to this query, how 'bout my second one- enumerate every local account/group(non-default) on every local machine sam in the domain? Thanks for all your help guys! On 8/10/05, Phil Renouf [EMAIL PROTECTED] wrote: Upgrade your workstation to XP and run it from there? Install a VPC that is running XP and run it from there? Phil On 8/10/05, Tom Kern [EMAIL PROTECTED] wrote: yeah, unfortunately, i'm saying there is not one xp box to be seen... can this be done from a win2k box somehow? thanks On 8/10/05, Grillenmeier, Guido [EMAIL PROTECTED] wrote: the enviorment i work in is all win2k pro/server so GPMC is out. Are you saying you don't even have a single WinXP box in this environment? If you have one, you could still install GPMC on the XP client - this will work fine against a win2k AD. Then execute the GetReportsForAllGPOs.wsf script that comes with GPMC (typically in the C:\Program Files\GPMC\Scripts folder). This will dump all settings of all GPOs in a domain including the links where the GPOs are applied. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Mittwoch, 10. August 2005 19:26 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2 quick favors Ok, I think i'm finding it impossible to create a VBScript or use a tool to enumerate all the settings which are enabled in all or a specific gpo in a win2k domain from a win2k workstation. am i correct? On 8/10/05, Tom Kern [EMAIL PROTECTED] wrote: I get errors with this script- the active directory property cannot be found in the cache I'm running win2k native mode domain. thanks. sorry to bother. On 8/10/05, Alain Lissoir [EMAIL PROTECTED] wrote: For 1/, try this one below. For 2/ I don't have one close but I'm sure some folks here can feed you ... The script doesn't dump in a text file, but that's an easy addition. HTH ' FindGPOLinks v1.04.vbs - Version 1.04 - Alain Lissoir ' ' WSH Script browsing the 'DefaultNamingContext' and the 'configurationNamingContext' ' to retrieve the Group Policies linked to AD objects. ' This should facilitate the search of created
RE: [ActiveDir] 2 quick favors
For part 2 Download psexec.exe (sysinternals) Create a computerlist.txt with all the pcnames (FQDN if you don't trust your wins) From command line (replace %i with %%i if using batch file) using your DA/EA credentials for example For /F %i IN (computerlist.txt) do echo %i logfile.txt psexec \\%i net user logfile.txt Note: Above will query remotely irregardless if computer is online or offline (slow if offline) - you can modify to include ping test if you want. Thank you and have a splendid day! Kind Regards, Freddy Hartono Windows Administrator (ADSM/NT Security) Spherion Technology Group, Singapore For Agilent Technologies E-mail: [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 10, 2005 11:47 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2 quick favors I get errors with this script- the active directory property cannot be found in the cache I'm running win2k native mode domain. thanks. sorry to bother. On 8/10/05, Alain Lissoir [EMAIL PROTECTED] wrote: For 1/, try this one below. For 2/ I don't have one close but I'm sure some folks here can feed you ... The script doesn't dump in a text file, but that's an easy addition. HTH ' FindGPOLinks v1.04.vbs - Version 1.04 - Alain Lissoir ' ' WSH Script browsing the 'DefaultNamingContext' and the 'configurationNamingContext' ' to retrieve the Group Policies linked to AD objects. ' This should facilitate the search of created policies in the Active Directory. ' ' The script is using a basic LDAP access in the current user context, ' so, you should have enough rights to access AD objects. ' ' Change in version 1.04 ' ' - Add an error Handler in the ShowMemberInfo Private Sub ' ' Change in version 1.02 ' ' - Query the schema to get the property list associated to the 'groupPolicyContainer' class. ' - Display only the defined properties for that class. ' - For the defined properties, the scripts shows the syntax to be used by the property. ' - Take in account the fact that more than one policy can be defined at the container level. ' ' Change in version 1.01 ' ' - Add some code to bind to the GPLink LDAP Pointer to extract some properties. ' ' Any comments or questions:EMail:[EMAIL PROTECTED] Option Explicit Dim ObjRoot Dim Object Dim ObjMember ' --- WScript.Echo WScript.Echo Looking inside 'configurationNamingContext' Set objRoot = GetObject(LDAP://RootDSE) Object = objRoot.Get(configurationNamingContext) Call LookInsideObject (Object) Set Object = Nothing Set objRoot = Nothing ' --- WScript.Echo WScript.Echo Looking inside 'DefaultNamingContext' Set objRoot = GetObject(LDAP://RootDSE) Object = objRoot.Get(DefaultNamingContext) Call LookInsideObject (Object) Set Object = Nothing Set objRoot = Nothing WScript.Quit (0) ' --- Private Sub LookInsideObject (Object) Dim objMember Dim Member Set objMember = GetObject (LDAP:// Object) if objMember.Class sitesContainer And _ objMember.Class container And _ objMember.Class configuration _ Then Call ShowMemberInfo (objMember) For Each Member in objMember If Member.Class = domainDNS Or _ Member.Class = organizationalUnit Or _ Member.Class = sitesContainer Or _ Member.Class = site Or _ Member.Class = container _ Then Call LookInsideObject (Member.Name , Object) Next Set objMember = Nothing End Sub ' --- Private Sub ShowMemberInfo (Object) Dim longStartPolicyPath Dim longEndPolicyPath Dim strPolicyPathSource Dim strPolicyPath Dim objPolicy Dim objPolicyClassDef Dim objPolicyProperty Dim strPropertyName Object.GetInfo If Object.GPLink = Then WScript.Echo Object.Name ( Object.Class ) WScript.Echo (No Group Policy Defined) WScript.Echo End If strPolicyPathSource = Object.GPLink While (strPolicyPathSource ) WScript.Echo Object.Name ( Object.Class ) ' Extract each LDAP pointer from the GPLink. longStartPolicyPath = InStr(1, strPolicyPathSource, [, vbTextCompare) longEndPolicyPath = InStr(1, strPolicyPathSource, ], vbTextCompare) strPolicyPath = Mid(strPolicyPathSource, longStartPolicyPath + 1, longEndPolicyPath - 4) strPolicyPathSource = Mid(strPolicyPathSource, longEndPolicyPath + 1) Set objPolicy = GetObject(strPolicyPath) objPolicy.GetInfo WScript.Echo Found an existing
RE: [ActiveDir] 2 quick favors
Not an SMS guy either, but ours says it's not inherent although it can be done :-) From: Al Mulnick [mailto:[EMAIL PROTECTED] On Behalf Of Al Mulnick Sent: Wednesday, August 10, 2005 3:16 PM To: ActiveDir@mail.activedir.org Subject: RE: [ActiveDir] 2 quick favors I don't honestly know if it would be inherent or if you'd have to write a script and get SMS to deliver/run it for you. I suspect the latter but I'm not an SMS type either. Be interesting to hear if anyone who has SMS knows that answer. From: [EMAIL PROTECTED] on behalf of Phil Renouf Sent: Wed 8/10/2005 5:42 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2 quick favors I'm not an SMS guy, but would SMS have that information (or the ability to gather it with the SMS agent)? Not too useful if you don't already have SMS... Phil On 8/10/05, Al Mulnick [EMAIL PROTECTED] wrote: Scripts to enumerate users on the workstations and member servers, would likely take you enumerating that class and then iterating through each one (connecting and gathering the information). Chock full of reasons why that might not work. That said, I think a pretty good approach would be to use a logon script for the workstations and use a centralized script for the member servers. Something like: http://groups-beta.google.com/group/microsoft.public.scripting.wsh/brows e_frm/thread/e97b62e4801a877b/58e383209f49a891?lnk=stq=vbscript+enumera te+groups+site:technet.comrnum=2hl=en#58e383209f49a891 Or http://www.microsoft.com/technet/scriptcenter/scripts/ad/computer/defaul t.mspx http://groups-beta.google.com/group/microsoft.public.scripting.vbscript/ browse_frm/thread/272360ec34f8ae9b/649cc13d7c44b99f?lnk=stq=vbscript+li st+administrators+group+membership+local+site:microsoft.comrnum=1hl=en #649cc13d7c44b99f -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Wednesday, August 10, 2005 2:47 PM To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2 quick favors everything is locked down in this enviorment. there's 802.1x security on the switchport,etc so its a major pain to introduce any new machine. i have an xp laptop that i can't plug in without going thru 5 diff people so in the end i just thought this might be done thru win2k somehow via vbscript or some third party tool. if no one can figure out a solution to this query, how 'bout my second one- enumerate every local account/group(non-default) on every local machine sam in the domain? Thanks for all your help guys! On 8/10/05, Phil Renouf [EMAIL PROTECTED] wrote: Upgrade your workstation to XP and run it from there? Install a VPC that is running XP and run it from there? Phil On 8/10/05, Tom Kern [EMAIL PROTECTED] wrote: yeah, unfortunately, i'm saying there is not one xp box to be seen... can this be done from a win2k box somehow? thanks On 8/10/05, Grillenmeier, Guido [EMAIL PROTECTED] wrote: the enviorment i work in is all win2k pro/server so GPMC is out. Are you saying you don't even have a single WinXP box in this environment? If you have one, you could still install GPMC on the XP client - this will work fine against a win2k AD. Then execute the GetReportsForAllGPOs.wsf script that comes with GPMC (typically in the C:\Program Files\GPMC\Scripts folder). This will dump all settings of all GPOs in a domain including the links where the GPOs are applied. /Guido -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tom Kern Sent: Mittwoch, 10. August 2005 19:26 To: ActiveDir@mail.activedir.org Subject: Re: [ActiveDir] 2 quick favors Ok, I think i'm finding it impossible to create a VBScript or use a tool to enumerate all the settings which are enabled in all or a specific gpo in a win2k domain from a win2k workstation. am i correct? On 8/10/05, Tom Kern [EMAIL PROTECTED] wrote: I get errors with this script- the active directory property cannot be found in the cache I'm running win2k native mode domain. thanks. sorry to bother. On 8/10/05, Alain Lissoir [EMAIL PROTECTED] wrote: For 1/, try this one below. For 2/ I don't have one close but I'm sure some folks here can feed you ... The script doesn't dump in a text file, but that's an easy addition. HTH ' FindGPOLinks v1.04.vbs - Version 1.04 - Alain Lissoir ' ' WSH Script browsing the 'DefaultNamingContext' and the 'configurationNamingContext' ' to retrieve the Group Policies linked to AD objects. ' This should facilitate the search of created policies in the Active Directory. ' ' The script is using a basic LDAP access in the current user context, ' so, you
