locked
AD Script Help Needed RRS feed

  • Question

  • Hi there, I need a vbscript which will query active directory for computers and output the following criteria:

    Name | Operating System | Service Pack | Distinguished Name | Enabled or Disabled? | Last Logon Date / Time

    I have found the following script which gets me some of the required info but I cant get it to find the enabled / disabled or last logon bit, can anyone help? Here is what I have so far:

    Const ADS_SCOPE_SUBTREE = 2
    strDomain = "LDAP://DC=CONTOSO,DC=COM"
    Set oFSO = CreateObject("Scripting.FileSystemObject")
    Set objConnection = CreateObject("ADODB.Connection")
    Set objCommand =   CreateObject("ADODB.Command")
    objConnection.Provider = "ADsDSOObject"
    objConnection.Open "Active Directory Provider"
    Set objCOmmand.ActiveConnection = objConnection
    objCommand.CommandText = "Select name,aDSPath,operatingSystem,operatingSystemServicePack,distinguishedName from '" & strDomain & "' Where objectClass='computer'"
    objCommand.Properties("Page Size") = 1000
    objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
    Set objRecordSet = objCommand.Execute
    objRecordSet.MoveFirst
    If oFSO.FileExists("c:\users\john\documents\temp\computer_list.csv") Then oFSO.DeleteFile("c:\users\john\documents\temp\computer_list.csv")
    Set oFile = oFSO.OpenTextFile("c:\users\john\documents\temp\computer_list.csv",2,True)
    On Error Resume Next
    Do Until objRecordSet.EOF
     data = ""
     data = data & objRecordSet.Fields("name").Value & ","
     data = data & objRecordSet.Fields("operatingSystem").Value & ","
     data = data & objRecordSet.Fields("operatingSystemServicePack").Value & ","
     data = data & Left(objRecordSet.Fields("distinguishedName").Value, InStr(objRecordSet.Fields("distinguishedName").Value,",")-1) & ","
     Set oComputer = GetObject(objRecordSet.Fields("aDSPath").Value)
     data = data & oComputer.Get("description") & ","
     oFile.WriteLine data
     objRecordSet.MoveNext
    Loop
    On Error GoTo 0
    oFile.Close
    WScript.Echo("Finished")

    Thanks in advance


    • Edited by jonnyp1381 Monday, September 14, 2015 6:44 PM
    Monday, September 14, 2015 6:42 PM

Answers

  • Totally understand and will know for future - This was my first post here - normally I do manage to work through and figure things out for myself its just I am really against the clock, the logon time is not the important bit so I can do without that if it makes things easier?

    Then the PowerShell command would be the following (just remove the lastLogonTimestamp attribute and calculated property from Select-Object):


    Get-ADComputer -Filter * -Properties Name,
      OperatingSystem,
      OperatingSystemServicePack,
      DistinguishedName,
      Enabled |
      Select-Object Name,
      OperatingSystem,
      OperatingSystemServicePack,
      DistinguishedName,
      Enabled | Export-Csv MyReport.csv -NoTypeInformation
    


    -- Bill Stewart [Bill_Stewart]

    • Proposed as answer by Bill_Stewart Wednesday, September 16, 2015 3:51 PM
    • Marked as answer by Bill_Stewart Monday, October 19, 2015 4:27 PM
    Tuesday, September 15, 2015 2:08 PM

All replies

  • Well, posting a script that you don't know how it works and then asking others to extend it for you isn't really the purpose of this forum.

    First of all, I would recommend writing your script in PowerShell and use the AD cmdlets instead. With the AD cmdlets, you can use Get-ADComputer and select the properties you want. For example:


    Get-ADComputer -Filter * -Properties Name,
      OperatingSystem,
      OperatingSystemServicePack,
      DistinguishedName,
      Enabled,
      LastLogonTimestamp |
      Select-Object Name,
      OperatingSystem,
      OperatingSystemServicePack,
      DistinguishedName,
      Enabled,
      @{Name="LastLogonTimestamp"; Expression={[DateTime]::FromFileTime($_.LastLogonTimestamp)}} |
      Export-Csv MyReport.csv -NoTypeInformation
    


    -- Bill Stewart [Bill_Stewart]

    Monday, September 14, 2015 6:59 PM
  • Hi there, apologies for posting here and thanks for the script - unfortunately the script has to be in vb as our environment is very locked down and powershell scripts have been disabled by gpo and can only access via vb

    Thanks again

    Monday, September 14, 2015 7:06 PM
  • First, the above isn't even a script. Just copy and paste the lines in a PowerShell window and press Enter. (You need to load the ActiveDirectory module first, of course, which will be automatic in PowerShell 3.0 and newer.)

    Second, there's an old expression that "beggars can't be choosers."

    The purpose of this forum is to answer scripting questions, not to customize scripts on demand.


    -- Bill Stewart [Bill_Stewart]

    Monday, September 14, 2015 7:15 PM
  • Look in repository for scripts that will bet what you are asking for. 

    When you say lastlogon what are you asking for?  Are you asking who?

    Enabled is a flag in the control work and has to be decoded.  Look in repository for examples.


    \_(ツ)_/

    Monday, September 14, 2015 7:16 PM
  • I already provided the PowerShell command (above) that does what the original poster wants. It's not a script. All the OP has to do is run the command.


    -- Bill Stewart [Bill_Stewart]

    Monday, September 14, 2015 7:29 PM
  • I have had this issue with admins claiming PS was restricted by GP when, in fact, it isn't. Scripts are set to signed always but we can still paste the code at a prompt and it works.

    The last logon of a user is not the timestamp in the computer object.


    \_(ツ)_/

    Monday, September 14, 2015 7:34 PM
  • The last logon of a user is not the timestamp in the computer object.

    Correct. I am assuming that's what the OP was looking for.

    If not, then the OP will need to clarify.


    -- Bill Stewart [Bill_Stewart]

    Monday, September 14, 2015 8:09 PM
  • The last logon of a user is not the timestamp in the computer object.

    Correct. I am assuming that's what the OP was looking for.

    If not, then the OP will need to clarify.


    -- Bill Stewart [Bill_Stewart]

    Hi Thanks all and I appreciate the help - I understand the PS above is not a script however we are totally locked down in the environment to the point we cant even open command prompt as it has been disabled - the only way I can get VB to run is call it from a batch file.

    As for the above yes I meant the last time a user logged on to the machine.

    I totally understand if no one wants to help further I guess I will just have to keep digging but thanks again


    Monday, September 14, 2015 8:51 PM
  • PowerShell does not equal command prompt.

    (As an aside, I would point out that disabling the command prompt provides no security whatsoever.)

    It is not an issue of people not wanting to help. It is an issue of fairness. If you want free help, you need to ask a good question instead of expecting for someone to write the code for you. The forum is designed as to answer scripting questions, not to act as a free code-writing or code-customization service.

    For last logged on user, that is not as simple as you might think. Last logon of a user is not stored as a part of a computer object in AD.


    -- Bill Stewart [Bill_Stewart]


    Monday, September 14, 2015 9:30 PM
  • Totally understand and will know for future - This was my first post here - normally I do manage to work through and figure things out for myself its just I am really against the clock, the logon time is not the important bit so I can do without that if it makes things easier?

    Regards

    Tuesday, September 15, 2015 7:39 AM
  • Just add "UserAccoutnControl" to the returned fields and "and" it with "2' and test for zero.  If it is zero then the computer is enabled.

    \_(ツ)_/

    Tuesday, September 15, 2015 8:51 AM
  • Totally understand and will know for future - This was my first post here - normally I do manage to work through and figure things out for myself its just I am really against the clock, the logon time is not the important bit so I can do without that if it makes things easier?

    Then the PowerShell command would be the following (just remove the lastLogonTimestamp attribute and calculated property from Select-Object):


    Get-ADComputer -Filter * -Properties Name,
      OperatingSystem,
      OperatingSystemServicePack,
      DistinguishedName,
      Enabled |
      Select-Object Name,
      OperatingSystem,
      OperatingSystemServicePack,
      DistinguishedName,
      Enabled | Export-Csv MyReport.csv -NoTypeInformation
    


    -- Bill Stewart [Bill_Stewart]

    • Proposed as answer by Bill_Stewart Wednesday, September 16, 2015 3:51 PM
    • Marked as answer by Bill_Stewart Monday, October 19, 2015 4:27 PM
    Tuesday, September 15, 2015 2:08 PM