Page 1 of 3 123>
Topic Options
#205584 - 2012-08-26 02:48 PM how to list computers that are a member of an active directory group or OU
Robdutoit Offline
Hey THIS is FUN
***

Registered: 2012-03-27
Posts: 363
Loc: London, England
What I am trying to do is the following: List all computers that are a member of either a certain group or a certain OU (whichever is easier to code). I want to "write" that list to memory, then I want the server to ping every computer in that list in memory and if the computer responds, then I want to shut the computer down.

I have managed to adapt existing code to ping a computer and if online, then shut the computer down

 Quote:

;=============
; Ping computer
;=============

Function OSPing($sComputer)
Shell '"'+%COMSPEC%+'" /c ping -n 1 '+$sComputer+' |find /C "TTL=" >nul'
$OSPing = NOT @ERROR
If $OSPing = 1
$ShellCMD = 'shutdown -s -f -m ' + $sComputer + ' -t 300'
Shell $ShellCMD
Else
? "computer is not on the network"
Endif
EndFunction

What I will obviously need to do is make $sComputer read from the list in memory and loop for each computer in that list. That I am sure that I can work out. However I have spent hours online trying to adapt existing code to list all computers that are a member of either an OU or group, but I have failed to get anything to work.

The closest that I have come is using this UDF

 Quote:

;================================================================================================
; Checks which security group the computer belongs to
;================================================================================================

Function ComputerInGroup($group,optional $Domain)

Dim $oGrp
if not $domain $domain=@domain endif
$oGrp = GetObject("WinNT://" + $domain + "/" + $group + ",group" )
if @error exit 1 endif

if $oGrp.IsMember("WinNT://" + $domain + "/" + @wksta + "$$" )
$ComputerInGroup=1
else
$ComputerInGroup=0
endif
EndFunction

What I have done is tried to modify the above UDF to output the list of computers to memory, instead of checking whether this computer is a member of specified group.

so I did this:

 Quote:

;================================================================================================
; Obtain list of computers in global group
;
;===============================================================================================

Function groupmembers($group,optional $Domain)

Dim $oGrp
if not $domain $domain=@domain endif
$oGrp = GetObject("WinNT://" + $domain + "/" + $group + ",group" )
if @error exit 1 endif

for each $x in $oGrp.Ismember
? $X
; OSPing($sComputer) (remmed out for the moment, as should not be here)
loop
EndFunction

I am aware that you cannot use a function within a function, so I should not be using Osping($sComputer) in the function groupmembers. I am just displaying it here to illustrate how the logic of my udf is supposed to work. My problem is that my modified script for obtaining list of computers in global group does not seem to do anything. $x shows nothing and the script does not seem to do anything. I am sure its because I don't understand how to code this properly. The problem seems to be that I can find any number of examples of checking if user or computer is a member of something, but I cannot find anything to list all computers that are a member of a group/OU. I found something with users, but I couldn't get it to work for computers. what am I doing wrong? Thanks

Top
#205585 - 2012-08-26 04:33 PM Re: how to list computers that are a member of an active directory group or OU [Re: Robdutoit]
Allen Administrator Offline
KiX Supporter
*****

Registered: 2003-04-19
Posts: 4545
Loc: USA
Before I dig into the functions, I wanted to suggest you read up on the User Defined Functions (UDF) in the FAQs.

How to use UDFs -
http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=81943#Post81943

How to write a UDF -
http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=82017#Post82017

All of FAQs are here -
http://www.kixtart.org/forums/ubbthreads.php?ubb=postlist&Board=5&page=1

Top
#205599 - 2012-08-28 05:10 PM Re: how to list computers that are a member of an active directory group or OU [Re: Allen]
Robdutoit Offline
Hey THIS is FUN
***

Registered: 2012-03-27
Posts: 363
Loc: London, England
I will have another read up on the subject to see if I can understand it better. I also have the kixtart book "start to finish guide - scripting with kixtart", which I bought about 5 years ago. I will have another browse through that and see if can understand it better.

Just to clarify, my problem is not about understanding how UDF's work, although I realise that my UDF's are not correct in that I have not declared variables etc. My problem is more to do with understanding how to extract information from active directory and use that information in a script. This ADSI and WIMS stuff is where I go wrong. Thanks

Top
#205600 - 2012-08-28 05:35 PM Re: how to list computers that are a member of an active directory group or OU [Re: Robdutoit]
Allen Administrator Offline
KiX Supporter
*****

Registered: 2003-04-19
Posts: 4545
Loc: USA
The big thing I wanted to point out in showing those faqs is, most UDFs are to be considered a black box, that you don't edit. You use them in your scripts, as is, to obtain the information you need.

I've been beyond backed up, but I will try to put together a framework for you to do what you want.

Top
#205601 - 2012-08-28 05:39 PM Re: how to list computers that are a member of an active directory group or OU [Re: Allen]
Allen Administrator Offline
KiX Supporter
*****

Registered: 2003-04-19
Posts: 4545
Loc: USA
Hmmm, is it me or does it appear that GroupMembers only returns user and groups?

http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=82136

Top
#205602 - 2012-08-28 05:56 PM Re: how to list computers that are a member of an active directory group or OU [Re: Allen]
Robdutoit Offline
Hey THIS is FUN
***

Registered: 2012-03-27
Posts: 363
Loc: London, England
Yes, I realise that one is not supposed to modify the udf's as they are created to be used as the author intended. The problem is, I have looked high and low to find a udf that does what I want it to do. I can find any number of UDF's that returns users and groups, but more specifically most of them seem to check whether xyz is a member of abc. I cannot seem to find a udf that lists all computers in group or OU. Hence, the reason why I tried to modify the function computeringroup as the first part of that udf does what I want it to do, namely read the computers that are in a specific group. So I thought that I would just use that and modify as there does not seem to be anything like what I am looking for.
Yes, I also looked at the groupmembers one as well and realised it doesn't return computers and I couldn't understand the coding written there to understand what I needed to modify in order to return computers lol. My coding is not that great, as I am not a programmer by trade, I only use Kixtart for a login script.

Top
#205603 - 2012-08-28 06:07 PM Re: how to list computers that are a member of an active directory group or OU [Re: Robdutoit]
Allen Administrator Offline
KiX Supporter
*****

Registered: 2003-04-19
Posts: 4545
Loc: USA
 Quote:
I am not a programmer by trade, I only use Kixtart for a login script


You just described 99% of the users here (including myself). \:\)

A long time ago, I wrote a script that would enumerate OUs. It is not what I consider some of my better code, as I was still new to kix at the time. At one point I started to rewrite it, but stopped for more reasons than I care to get into. The old function might be of use to you...

http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Main=12245&Number=75055#Post75055

I still find it hard to believe this type of function has not already been done.

Top
#205605 - 2012-08-29 01:01 PM Re: how to list computers that are a member of an active directory group or OU [Re: Allen]
BradV Offline
Seasoned Scripter
****

Registered: 2006-08-16
Posts: 686
Loc: Maryland, USA
Have a look at Scripting Guy. I have some code that just retrieves all of the system names in my current OU. Not quite the same. \:\)
Top
#205610 - 2012-08-29 06:48 PM Re: how to list computers that are a member of an active directory group or OU [Re: BradV]
Robdutoit Offline
Hey THIS is FUN
***

Registered: 2012-03-27
Posts: 363
Loc: London, England
I will have a look at both of these scripts over the weekend, when I have more energy. I agree Allen, I cannot understand why there don't seem to be any functions for this particular AD query. I would have thought that any number of people would want to determine which computers are members of any given group or OU. When I get something that works, I will put it up on the forum.
Top
#205612 - 2012-08-29 10:32 PM Re: how to list computers that are a member of an active directory group or OU [Re: Robdutoit]
Mart Moderator Offline
KiX Supporter
*****

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands
Did some Googling and found the script below. It is VBS and I tried to translate it to kix but failed. As a VBS script it works just fine. I have to admit that I tried to translate it just once and that I'm not so familiar with VBS but I guess it can be translated to kix by someone who is more familiar with VBS.

You could use the good old ComNetView() udf to get all computers, get their OU and filter on the OU you need.

Source: http://www.wisesoft.co.uk/scripts/vbscript_find_computer's_organizational_unit.aspx

 Code:
Option Explicit
Dim objNetwork
Dim computerName
Dim ou

' Get the computerName of PC
Set objNetwork = CreateObject("Wscript.Network")
computerName = objNetwork.ComputerName

' Call function to find OU from computer name
ou = getOUByComputerName(computerName)

WScript.echo ou


Function getOUByComputerName(byval computerName)
	' *** Function to find ou/container of computer object from computer name ***
		
	Dim namingContext, ldapFilter, ou
	Dim cn, cmd, rs
	Dim objRootDSE
		
	' Bind to the RootDSE to get the default naming context for
	' the domain.  e.g. dc=wisesoft,dc=co,dc=uk
	Set objRootDSE = GetObject("LDAP://RootDSE")
	namingContext = objRootDSE.Get("defaultNamingContext")
	Set objRootDSE = Nothing
	
	' Construct an ldap filter to search for a computer object
	' anywhere in the domain with a name of the value specified.
	ldapFilter = "<LDAP://" & namingContext & _
	">;(&(objectCategory=Computer)(name=" & computerName & "))" & _
	";distinguishedName;subtree"
	
	' Standard ADO code to query database
	Set cn = CreateObject("ADODB.Connection")
	Set cmd = CreateObject("ADODB.Command")
	
	cn.open "Provider=ADsDSOObject;"
	cmd.activeconnection = cn
	cmd.commandtext = ldapFilter
		
	Set rs = cmd.execute
	
	If rs.eof <> True And rs.bof <> True Then
		ou = rs(0)
		' Convert distinguished name into OU.
		' e.g. cn=CLIENT01,OU=WiseSoft_Computers,dc=wisesoft,dc=co,dc=uk
		' to: OU=WiseSoft_Computers,dc=wisesoft,dc=co,dc=uk
		ou = Mid(ou, InStr(ou, ",") + 1, Len(ou) - InStr(ou, ","))
		getOUByComputerName = ou
		
	End If
	
	rs.close
	cn.close
	
End Function
_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top
#205613 - 2012-08-30 10:14 AM Re: how to list computers that are a member of an active directory group or OU [Re: Mart]
Arend_ Moderator Offline
MM club member
*****

Registered: 2005-01-17
Posts: 1894
Loc: Hilversum, The Netherlands
I've translated it:
 Code:
$=SetOption('Explicit','On')
Dim $strComputerName, $strOU

; Get the computerName of PC
$strComputerName = @WKSTA

; Call function to find OU from computer name
$strOU = GetOUByComputerName($strComputerName)

? $strOU

Function GetOUByComputerName($strComputerName)
  ; *** Function to find ou/container of computer object from computer name ***

  Dim $strNamingContext, $strFilter
  Dim $objConnection, $objCommand, $objRecordSet, $objRootDSE
  Dim $aR, $R, $C, $x

  ; Bind to the RootDSE to get the default naming context for
  ; the domain.  e.g. dc=wisesoft,dc=co,dc=uk
  $objRootDSE = GetObject("LDAP://RootDSE")
  $strNamingContext = $objRootDSE.Get("defaultNamingContext")
  $objRootDSE = ""

  ; Construct an ldap filter to search for a computer object
  ; anywhere in the domain with a name of the value specified.
  $strFilter = "<LDAP://"+$strNamingContext+">;(&(objectClass=Computer)(name="+$strComputerName+"));distinguishedName;subtree"

  ; Standard ADO code to query database
  $objConnection = CreateObject("ADODB.Connection")
  $objCommand = CreateObject("ADODB.Command")

  $objConnection.Provider = "ADsDSOObject"
  $objConnection.Open("Active Directory Provider")
  $objCommand.activeconnection = $objConnection
  $objCommand.commandtext = $strFilter

  $objRecordSet = $objCommand.Execute
  
  $aR = $objRecordSet.GetRows()
  Dim $aFR[Ubound($aR,2),Ubound($aR,1)]
  For $R=0 to Ubound($aR,2)
    $x=0
    For $C=0 to Ubound($aR,1)
      $aFR[$R,$C]=$aR[$C,$R]
      If $x=0
        $getOUByComputerName = $aFR[$R,$C]
        $x=1
      EndIf
    Next
  Next

  $objRecordSet.Close
  $objConnection.Close
EndFunction


Edited by Arend_ (2012-08-31 06:13 PM)
Edit Reason: Translated, Cleaned up, and made it work.

Top
#205620 - 2012-08-31 06:13 PM Re: how to list computers that are a member of an active directory group or OU [Re: Arend_]
Arend_ Moderator Offline
MM club member
*****

Registered: 2005-01-17
Posts: 1894
Loc: Hilversum, The Netherlands
The VBS code does not work when translated to Kix, so I've made it work, cleaned it up and made it Option Explicit compliant. Enjoy!
Top
#205621 - 2012-08-31 06:29 PM Re: how to list computers that are a member of an active directory group or OU [Re: Arend_]
Allen Administrator Offline
KiX Supporter
*****

Registered: 2003-04-19
Posts: 4545
Loc: USA
I always hate it when people do this to me... but that code can be summed up in one line:

 Code:
?  CreateObject("ADSystemInfo").computername


The problem is, the starter of the thread is not looking for the OU of the current computer, but all the computers in a specific OU or Group. The code is out there, but it is work to get it all nice and tidy.

Top
#205622 - 2012-08-31 07:07 PM Re: how to list computers that are a member of an active directory group or OU [Re: Allen]
Arend_ Moderator Offline
MM club member
*****

Registered: 2005-01-17
Posts: 1894
Loc: Hilversum, The Netherlands
Haha Allen, off course I thought of that!
But it is to list the OU of ANOTHER computer ;\)

Top
#205623 - 2012-08-31 07:12 PM Re: how to list computers that are a member of an active directory group or OU [Re: Arend_]
Arend_ Moderator Offline
MM club member
*****

Registered: 2005-01-17
Posts: 1894
Loc: Hilversum, The Netherlands
Listing all computers is dead easy Btw:
 Code:
Dim $objAdsPath, $obj, $filter[0]
$filter[0] = "Computer"
$objADsPath = GetObject("LDAP://OU=Servers,OU=Computers,OU=Company,DC=domain,DC=local")
$objAdsPath.filter = $filter
For Each $obj In $objAdsPath
  ? $obj.Name
Next

Enjoy!

Top
#205624 - 2012-08-31 07:40 PM Re: how to list computers that are a member of an active directory group or OU [Re: Arend_]
Allen Administrator Offline
KiX Supporter
*****

Registered: 2003-04-19
Posts: 4545
Loc: USA
Hmmm.. that does look nice and easy. I'll have to give that a try for my own needs. Thanks.
Top
#205625 - 2012-08-31 07:58 PM Re: how to list computers that are a member of an active directory group or OU [Re: Arend_]
Robdutoit Offline
Hey THIS is FUN
***

Registered: 2012-03-27
Posts: 363
Loc: London, England
I am ready for the weekend to start this troubleshooting into getting the list of computers. I see that I have more replies to my question, so I thought that I would start with the shortest script. Arend, I am looking into the error as we speak, but your script
 Quote:
Dim $objAdsPath, $obj, $filter[0]
$filter[0] = "Computer"
$objADsPath = GetObject("LDAP://OU=Servers,OU=Computers,OU=Company,DC=domain,DC=local")
$objAdsPath.filter = $filter
For Each $obj In $objAdsPath
? $obj.Name
Next

comes up with this error for me

ERROR : Error in expression: this type of array not supported in expressions.!

I am running windows 2008 server here if that helps explain why I am seeing the error.
I am going to be researching the cause of this error and also looking at the other scripts to see what will accomplish the task at hand. Thanks Rob

Top
#205626 - 2012-08-31 08:38 PM Re: how to list computers that are a member of an active directory group or OU [Re: Robdutoit]
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2125
Loc: Tulsa, OK
That script works fine for me Rob. Make sure your LDAP path is correct. It will give that error if it's not able to connect.
Top
#205627 - 2012-08-31 08:39 PM Re: how to list computers that are a member of an active directory group or OU [Re: ShaneEP]
ShaneEP Moderator Offline
MM club member
*****

Registered: 2002-11-29
Posts: 2125
Loc: Tulsa, OK
Try this...

 Code:
Dim $objAdsPath, $obj, $filter[0]
$filter[0] = "Computer"
$objADsPath = GetObject("LDAP://OU=Servers,OU=Computers,OU=Company,DC=domain,DC=local")
If @Error = 0
   $objAdsPath.filter = $filter
   For Each $obj In $objAdsPath
      ? $obj.Name
   Next
Else
   ? "Not able to connect to LDAP path."
Endif

get $


Edited by ShaneEP (2012-08-31 09:17 PM)

Top
#205628 - 2012-08-31 08:52 PM Re: how to list computers that are a member of an active directory group or OU [Re: ShaneEP]
Robdutoit Offline
Hey THIS is FUN
***

Registered: 2012-03-27
Posts: 363
Loc: London, England
Hi Shane, I followed your suggestion and just used a top level OU and the error message changed to ERRORL IDispatch pointers not allowed in expressions!
the same line is causing the problem- that being
$objAdsPath.filter = $filter

If it works for you, I must be doing something wrong in the LDAP path, so I will try variations of ldap and also try using winnt. I don't know if its anything to do with my server, or me being stupid, but I will get there. Thanks

Top
Page 1 of 3 123>


Moderator:  Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart 
Hop to:
Shout Box

Who's Online
0 registered and 248 anonymous users online.
Newest Members
gespanntleuchten, DaveatAdvanced, Paulo_Alves, UsTaaa, xxJJxx
17864 Registered Users

Generated in 0.074 seconds in which 0.024 seconds were spent on a total of 14 queries. Zlib compression enabled.

Search the board with:
superb Board Search
or try with google:
Google
Web kixtart.org