vbscript: adsi: ldap: type mismatch with looking for members of specific group

Wednesday, July 01, 2009 4:47 PMFlorianZ

0
Sign In to Vote
hi all,

the following script in progress throws a type-mismatch error when it is in the process of reading the member-attribute of a desired group object (which has e.g. two members). i want to find out for each of the initial found groups who is member and distinguish after that those two groups in users and groups (which i want to gain via analyzing the path each object lives with string-strip-operations. however: why are those members not getting into an array i can work with?

thanks in advance.

Option Explicit
'On Error Resume Next
'----------------------------------------------------------------------------
' Script for adding/removing required Users to/from the Metadir Groups
'----------------------------------------------------------------------------
Const MyName = "MD_Groups.vbs" 'nill aendern
Const MyTask = "Add/Remove Users to/from MD Groups"
'----------------------------------------------------------------------------
Dim i, Wshshell, LogParentFolder, LogFile, LogFileBak, fso, f1
Dim UserDomain
Const LogFileMaxSize     = 500000

Set Wshshell      = CreateObject("WScript.Shell")
Set fso             = CreateObject("Scripting.FileSystemObject")

UserDomain = WshShell.ExpandEnvironmentStrings("%USERDOMAIN%")

LogParentFolder    = "c:\temp\log\md_groups\"
LogFile             = LogParentFolder & "md_groups.log"
LogFileBak          = LogParentFolder & "md_groups.bak"

'prune LogFile
If Not FolderExists (LogParentFolder) Then
   fso.CreateFolder(LogParentFolder)
Else
   If FileExists(LogFile) Then
      Set f1 = fso.GetFile(LogFile)
      If f1.Size > LogFileMaxSize Then
         fso.DeleteFile LogFileBak
         fso.CopyFile LogFile, LogFileBak
         fso.DeleteFile LogFile
      End If
   Else
      fso.CreateTextFile(LogFile)
   End If
End If

'do find all groups named MD_*
Dim arrMDGroups, MDGroup
arrMDGroups = ldapquery("(&(objectclass=group)(name=md_*))", "distinguishedname", "ou=md,ou=groups,ou=myou,dc=mydc", "onelevel")

'go through all groups and find corresponding "real" groups
For Each MDGroup In arrMDGroups
Dim temp1_strippedCN, temp2_strippedCN, strippedCN
Dim arrLogicalParentGroups

   Dim arrMDGroupMember, xyz
'   arrMDGroupMember = ldapquery("(objectclass=group)", "member", MDGroup , "base")
   arrMDGroupMember = ldapquery("(objectclass=group)", "member", "CN=MD_Notes,ou=md,ou=groups,ou=myou,dc=mydc", "base")
   For Each xyz In arrMDGroupMember
      Logline xyz
   Next

   Logline "Found MD_-Group: " & MDGroup

   ' strip out logical parent folder name(s)
   temp1_strippedCN = Split(MDGroup,",")
   temp2_strippedCN = Split(temp1_strippedCN(0),"=")
   strippedCN = Mid(temp2_strippedCN(1),4)

   ' find groups md_xxx is made for (xxx & cebra_xxx - groups)
   arrLogicalParentGroups = ldapquery("(&(objectclass=group)(|(cn=" & strippedCN & ")(cn=CEBRA_" & strippedCN & ")))", "distinguishedname", "ou=groups,ou=bank09916,dc=m09916", "subtree")

   Dim ParentGroup
   For Each ParentGroup In arrLogicalParentGroups
      Logline ParentGroup
   Next

Next

WScript.Echo "Completed - " & MyTask
Logline "Completed - " & MyTask
LogHeader

WScript.quit
'End of Program

'----------------------------------------------------------------------------
Sub Logline(LineText)
Dim fso, tf
Set fso = CreateObject("Scripting.FileSystemObject")
Set tf = fso.OpenTextFile(Logfile,8,true)
tf.WriteBlankLines(1)
tf.writeLine("***" & MyName & " = " & LineText )
tf.close()
End Sub
'----------------------------------------------------------------------------
Sub LogLin1(LineText)
Dim fso, tf
Set fso = CreateObject("Scripting.FileSystemObject")
Set tf = fso.OpenTextFile(Logfile,8,true)
tf.writeLine(String(LEN(MyName)+6," ") & LineText )
tf.close()
End Sub
'----------------------------------------------------------------------------
Sub LogHeader()
Dim fso, tf
Set fso = CreateObject("Scripting.FileSystemObject")
Set tf = fso.OpenTextFile(Logfile,8,true)
tf.WriteBlankLines(1)
tf.writeLine(String(50,"=") & " " & Date & " " & Time & " " & String(8,"=") )
tf.close()
End Sub
'----------------------------------------------------------------------------
Function FileExists(File)
DIM feo
Set feo = CreateObject("Scripting.FileSystemObject")
FileExists=feo.FileExists(File)
End Function
'----------------------------------------------------------------------------
Function FolderExists(Folder)
DIM feo
Set feo = CreateObject("Scripting.FileSystemObject")
FolderExists=feo.FolderExists(Folder)
End Function
'----------------------------------------------------------------------------
' generic function for doing a search in AD via ldap and generate list with attribute_to_return values of all found objects ,

' syntax:
' searchfilter          = ldap-compliant (&(objectlass=inetorgperson)(userprincipalname=rsmi014)) - use adsiedit.msc to find out the name of the attribute of interest
' attribute_to_return   = use adsiedit.msc to find out the name of the attribute of interest, only one can be defined (for use in a one-dimensional array)
' searchbase            = base-object from where to start the query, cn=ich,ou=users,ou=.....
' scope                 = either one: base (the base-object given itself is searched) , onelevel (search amongst siblings of the provided base-object), subtree (search all objects below base-object)

' see: http://support.microsoft.com/kb/187529

Function ldapquery(searchfilter,attribute_to_return,searchbase,scope)

   Dim objConnection, objCommand, UserDomain, Wshshell, objRecordSet, strResults

   Set Wshshell = CreateObject("WScript.Shell")
   strResults = ""
   UserDomain = WshShell.ExpandEnvironmentStrings("%USERDOMAIN%")

   Set objConnection = CreateObject("ADODB.Connection")
   Set objCommand = CreateObject("ADODB.Command")
   objConnection.Provider = "ADsDSOObject"
   objConnection.Open "Active Directory Provider"

   Set objCOmmand.ActiveConnection = objConnection
   objCommand.CommandText = "<LDAP://" & UserDomain & "/" & searchbase & ">;" & searchfilter & ";" & attribute_to_return & ";" & scope
   objCommand.Properties("Page Size") = 2000
   Set objRecordSet = objCommand.Execute

   Do Until objRecordSet.EOF
      If strResults = "" Then
         strResults = objRecordSet.Fields(attribute_to_return).Value '!schreib den aktuellen Wert des Felds "Name" rein
      Else
         strResults = strResults & "::" & objRecordSet.Fields(attribute_to_return).Value '!schreib den aktuellen Wert des Felds "Name" rein
      End If
      objRecordSet.MoveNext
   Loop

   ldapquery = Split(strResults, "::")

   objConnection.Close
   Set objConnection = Nothing
   Set objCommand = Nothing
   Set objRecordSet = Nothing

End Function
'----------------------------------------------------------------------------
- Reply
- Quote

All Replies

Thursday, July 02, 2009 8:01 AMAssafM

0
Sign In to Vote
Hi,

The Script looks OK - I havent tested it.

But here is a Script that does a simillar job, you can use it as referance

http://assaf.miron.googlepages.com/listusersingroup

Hope it helps.
Assaf Miron http://Assaf.Miron.googlepages.com
- Reply
- Quote
Thursday, July 02, 2009 2:22 PMFlorianZ

0
Sign In to Vote
thanks for your answer. i tried it via ldap because i is more familiar to me - if someone could explain why this line: ldapquery = Split(strResults, "::") (> at the end of the last function) does not result in an array the second time the script is looking for the value of the member-attribute (which is multivalued, which is a difference to the first lookup). if i´d knew how to:

- get all members in an array
or
- get all members in an array with the in-between-step of a split-operation

i´d get along.

thanks
- Reply
- Quote