لطفا منتظر باشید ...
Hack 25 Search for Domain Users
Programmatically search for a user in a mixed
Windows NT/2000 environment.
If you are in the process of migrating from Windows NT to Windows 2000,
you can certainly appreciate the search capabilities provided in
Active Directory administrative tools. At the same time, more than
ever, you suffer from its absence in the User Manager. This issue
becomes especially acute in environments where there is no consistent
naming convention or when the naming convention happened to change
several times over years. The sorting feature might help, but only
provided that a person responsible for creating accounts entered the
full name correctly and in the same format. Misspellings or using
diminutives and nicknames are other frequent causes of confusion.
Your search becomes considerably more time consuming if you manage
multiple domains with different naming conventions.
To resolve a problem, you can employ a couple of approaches. The
first one involves exporting a user list, along with each
user's properties, into a comma-delimited file or a
database (e.g., Access or SQL). The main drawback of this solution is
the need for regular updates of the exported list. The second
drawback, which eliminates the need for maintenance, is using an
ADSI-based script.
This approach is shown in the script that follows.
The Code
The script allows searches against multiple domains. In order to
accomplish this, you need to provide as the second input argument the
list of domains (individual names need to be separated by
semicolons). The first argument of the script is the part of
the username (of any length) that you want
to match against account names. Type the script into Notepad (with
Word Wrap disabled) and save it with a .vbs
extension as FindUser.vbs:
'***************************************************************
'*** The script searches for a username in one on more domains by
'*** looking for a match on the string of characters you specify.
'***
'*** The syntax:
'*** cscript //nologo FindUser.vbs string dom1[;dom2]
'*** where string is used to match against the username
'*** dom1;dom2 is the semicolon separated list of one or
'*** more domains to search (no limit on number of entries)
'***************************************************************
'*** variable declaration
Dim sName 'string to match against
Dim sDom 'string storing list of domains
Dim aDom 'array storing list of domains
Dim iCount 'counter variable
Dim oDomain 'object representing domain
Dim oUser 'object representing user account
Dim sLine 'string containing results of the search
'***************************************************************
'*** variable initialization
sName = Wscript.Arguments(0)
sDom = Wscript.Arguments(1)
aDom = Split(sDom, ";")
'***************************************************************
'*** search for matches in the loop
For iCount=0 To UBound(aDom)
Set oDomain = GetObject("WinNT://" & aDom(iCount))
oDomain.Filter = Array("user")
For Each oUser in oDomain
If InStr(1, oUser.name, sName, 1) > 0 Then
sLine = oDomain.Name & "\" & oUser.Name & ";"
SLine = sLine & oUser.Description & ";"
SLine = sLine & OUser.FullName & ";"
WScript.Echo sLine
End If
Next
Next
Running the Hack
When you run FindUser.vbs using
Cscript.exe in a command-prompt window, you can
easily find the full name and domain for a user, given his username.
For example, when I search to see if the username bsmith
is present in the MTIT domain, I find
that user Bob Smith is assigned that
username (Figure 3-1).
Figure 3-1. Using FindUser.vbs to check whether username bsmith is already used
Marcin Policht
