how to list computers that are a member of an active directory group or OU - KiXtart.org

You are not logged in. [Log In] KiXtart.org website » Forums » KiXtart » Basic Scripting » how to list computers that are a member of an active directory group or OU

Page 1 of 3

Topic Options

#205584 - 2012-08-26 02:48 PM how to list computers that are a member of an active directory group or OU
Robdutoit Robdutoit Hey THIS is FUN Registered: 2012-03-27 Posts: 363 Loc: London, England	What I am trying to do is the following: List all computers that are a member of either a certain group or a certain OU (whichever is easier to code). I want to "write" that list to memory, then I want the server to ping every computer in that list in memory and if the computer responds, then I want to shut the computer down. I have managed to adapt existing code to ping a computer and if online, then shut the computer down Quote: ;============= ; Ping computer ;============= Function OSPing($sComputer) Shell '"'+%COMSPEC%+'" /c ping -n 1 '+$sComputer+' \|find /C "TTL=" >nul' $OSPing = NOT @ERROR If $OSPing = 1 $ShellCMD = 'shutdown -s -f -m ' + $sComputer + ' -t 300' Shell $ShellCMD Else ? "computer is not on the network" Endif EndFunction What I will obviously need to do is make $sComputer read from the list in memory and loop for each computer in that list. That I am sure that I can work out. However I have spent hours online trying to adapt existing code to list all computers that are a member of either an OU or group, but I have failed to get anything to work. The closest that I have come is using this UDF Quote: ;================================================================================================ ; Checks which security group the computer belongs to ;================================================================================================ Function ComputerInGroup($group,optional $Domain) Dim $oGrp if not $domain $domain=@domain endif $oGrp = GetObject("WinNT://" + $domain + "/" + $group + ",group" ) if @error exit 1 endif if $oGrp.IsMember("WinNT://" + $domain + "/" + @wksta + "$$" ) $ComputerInGroup=1 else $ComputerInGroup=0 endif EndFunction What I have done is tried to modify the above UDF to output the list of computers to memory, instead of checking whether this computer is a member of specified group. so I did this: Quote: ;================================================================================================ ; Obtain list of computers in global group ; ;=============================================================================================== Function groupmembers($group,optional $Domain) Dim $oGrp if not $domain $domain=@domain endif $oGrp = GetObject("WinNT://" + $domain + "/" + $group + ",group" ) if @error exit 1 endif for each $x in $oGrp.Ismember ? $X ; OSPing($sComputer) (remmed out for the moment, as should not be here) loop EndFunction I am aware that you cannot use a function within a function, so I should not be using Osping($sComputer) in the function groupmembers. I am just displaying it here to illustrate how the logic of my udf is supposed to work. My problem is that my modified script for obtaining list of computers in global group does not seem to do anything. $x shows nothing and the script does not seem to do anything. I am sure its because I don't understand how to code this properly. The problem seems to be that I can find any number of examples of checking if user or computer is a member of something, but I cannot find anything to list all computers that are a member of a group/OU. I found something with users, but I couldn't get it to work for computers. what am I doing wrong? Thanks
Top

#205585 - 2012-08-26 04:33 PM Re: how to list computers that are a member of an active directory group or OU [Re: Robdutoit]
Allen Allen KiX Supporter Registered: 2003-04-19 Posts: 4541 Loc: USA	Before I dig into the functions, I wanted to suggest you read up on the User Defined Functions (UDF) in the FAQs. How to use UDFs - http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=81943#Post81943 How to write a UDF - http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=82017#Post82017 All of FAQs are here - http://www.kixtart.org/forums/ubbthreads.php?ubb=postlist&Board=5&page=1
Top

#205599 - 2012-08-28 05:10 PM Re: how to list computers that are a member of an active directory group or OU [Re: Allen]
Robdutoit Robdutoit Hey THIS is FUN Registered: 2012-03-27 Posts: 363 Loc: London, England	I will have another read up on the subject to see if I can understand it better. I also have the kixtart book "start to finish guide - scripting with kixtart", which I bought about 5 years ago. I will have another browse through that and see if can understand it better. Just to clarify, my problem is not about understanding how UDF's work, although I realise that my UDF's are not correct in that I have not declared variables etc. My problem is more to do with understanding how to extract information from active directory and use that information in a script. This ADSI and WIMS stuff is where I go wrong. Thanks
Top

#205600 - 2012-08-28 05:35 PM Re: how to list computers that are a member of an active directory group or OU [Re: Robdutoit]
Allen Allen KiX Supporter Registered: 2003-04-19 Posts: 4541 Loc: USA	The big thing I wanted to point out in showing those faqs is, most UDFs are to be considered a black box, that you don't edit. You use them in your scripts, as is, to obtain the information you need. I've been beyond backed up, but I will try to put together a framework for you to do what you want.
Top

#205601 - 2012-08-28 05:39 PM Re: how to list computers that are a member of an active directory group or OU [Re: Allen]
Allen Allen KiX Supporter Registered: 2003-04-19 Posts: 4541 Loc: USA	Hmmm, is it me or does it appear that GroupMembers only returns user and groups? http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Number=82136
Top

#205602 - 2012-08-28 05:56 PM Re: how to list computers that are a member of an active directory group or OU [Re: Allen]
Robdutoit Robdutoit Hey THIS is FUN Registered: 2012-03-27 Posts: 363 Loc: London, England	Yes, I realise that one is not supposed to modify the udf's as they are created to be used as the author intended. The problem is, I have looked high and low to find a udf that does what I want it to do. I can find any number of UDF's that returns users and groups, but more specifically most of them seem to check whether xyz is a member of abc. I cannot seem to find a udf that lists all computers in group or OU. Hence, the reason why I tried to modify the function computeringroup as the first part of that udf does what I want it to do, namely read the computers that are in a specific group. So I thought that I would just use that and modify as there does not seem to be anything like what I am looking for. Yes, I also looked at the groupmembers one as well and realised it doesn't return computers and I couldn't understand the coding written there to understand what I needed to modify in order to return computers lol. My coding is not that great, as I am not a programmer by trade, I only use Kixtart for a login script.
Top

#205603 - 2012-08-28 06:07 PM Re: how to list computers that are a member of an active directory group or OU [Re: Robdutoit]
Allen Allen KiX Supporter Registered: 2003-04-19 Posts: 4541 Loc: USA	Quote: I am not a programmer by trade, I only use Kixtart for a login script You just described 99% of the users here (including myself). $\:\)$ A long time ago, I wrote a script that would enumerate OUs. It is not what I consider some of my better code, as I was still new to kix at the time. At one point I started to rewrite it, but stopped for more reasons than I care to get into. The old function might be of use to you... http://www.kixtart.org/forums/ubbthreads.php?ubb=showflat&Main=12245&Number=75055#Post75055 I still find it hard to believe this type of function has not already been done.
Top

#205605 - 2012-08-29 01:01 PM Re: how to list computers that are a member of an active directory group or OU [Re: Allen]
BradV BradV Seasoned Scripter Registered: 2006-08-16 Posts: 686 Loc: Maryland, USA	Have a look at Scripting Guy. I have some code that just retrieves all of the system names in my current OU. Not quite the same. $\:\)$
Top

#205610 - 2012-08-29 06:48 PM Re: how to list computers that are a member of an active directory group or OU [Re: BradV]
Robdutoit Robdutoit Hey THIS is FUN Registered: 2012-03-27 Posts: 363 Loc: London, England	I will have a look at both of these scripts over the weekend, when I have more energy. I agree Allen, I cannot understand why there don't seem to be any functions for this particular AD query. I would have thought that any number of people would want to determine which computers are members of any given group or OU. When I get something that works, I will put it up on the forum.
Top

#205612 - 2012-08-29 10:32 PM

Re: how to list computers that are a member of an active directory group or OU [Re: Robdutoit]

Mart

KiX Supporter

Registered: 2002-03-27
Posts: 4672
Loc: The Netherlands

Did some Googling and found the script below. It is VBS and I tried to translate it to kix but failed. As a VBS script it works just fine. I have to admit that I tried to translate it just once and that I'm not so familiar with VBS but I guess it can be translated to kix by someone who is more familiar with VBS.

You could use the good old ComNetView() udf to get all computers, get their OU and filter on the OU you need.

Source: http://www.wisesoft.co.uk/scripts/vbscript_find_computer's_organizational_unit.aspx

Code:

Option Explicit
Dim objNetwork
Dim computerName
Dim ou

' Get the computerName of PC
Set objNetwork = CreateObject("Wscript.Network")
computerName = objNetwork.ComputerName

' Call function to find OU from computer name
ou = getOUByComputerName(computerName)

WScript.echo ou


Function getOUByComputerName(byval computerName)
	' *** Function to find ou/container of computer object from computer name ***
		
	Dim namingContext, ldapFilter, ou
	Dim cn, cmd, rs
	Dim objRootDSE
		
	' Bind to the RootDSE to get the default naming context for
	' the domain.  e.g. dc=wisesoft,dc=co,dc=uk
	Set objRootDSE = GetObject("LDAP://RootDSE")
	namingContext = objRootDSE.Get("defaultNamingContext")
	Set objRootDSE = Nothing
	
	' Construct an ldap filter to search for a computer object
	' anywhere in the domain with a name of the value specified.
	ldapFilter = "<LDAP://" & namingContext & _
	">;(&(objectCategory=Computer)(name=" & computerName & "))" & _
	";distinguishedName;subtree"
	
	' Standard ADO code to query database
	Set cn = CreateObject("ADODB.Connection")
	Set cmd = CreateObject("ADODB.Command")
	
	cn.open "Provider=ADsDSOObject;"
	cmd.activeconnection = cn
	cmd.commandtext = ldapFilter
		
	Set rs = cmd.execute
	
	If rs.eof <> True And rs.bof <> True Then
		ou = rs(0)
		' Convert distinguished name into OU.
		' e.g. cn=CLIENT01,OU=WiseSoft_Computers,dc=wisesoft,dc=co,dc=uk
		' to: OU=WiseSoft_Computers,dc=wisesoft,dc=co,dc=uk
		ou = Mid(ou, InStr(ou, ",") + 1, Len(ou) - InStr(ou, ","))
		getOUByComputerName = ou
		
	End If
	
	rs.close
	cn.close
	
End Function

_________________________
Mart

- Chuck Norris once sold ebay to ebay on ebay.

Top

#205613 - 2012-08-30 10:14 AM

Re: how to list computers that are a member of an active directory group or OU [Re: Mart]

Arend_ Offline

MM club member

Registered: 2005-01-17
Posts: 1892
Loc: Hilversum, The Netherlands

I've translated it:

Code:

$=SetOption('Explicit','On')
Dim $strComputerName, $strOU

; Get the computerName of PC
$strComputerName = @WKSTA

; Call function to find OU from computer name
$strOU = GetOUByComputerName($strComputerName)

? $strOU

Function GetOUByComputerName($strComputerName)
  ; *** Function to find ou/container of computer object from computer name ***

  Dim $strNamingContext, $strFilter
  Dim $objConnection, $objCommand, $objRecordSet, $objRootDSE
  Dim $aR, $R, $C, $x

  ; Bind to the RootDSE to get the default naming context for
  ; the domain.  e.g. dc=wisesoft,dc=co,dc=uk
  $objRootDSE = GetObject("LDAP://RootDSE")
  $strNamingContext = $objRootDSE.Get("defaultNamingContext")
  $objRootDSE = ""

  ; Construct an ldap filter to search for a computer object
  ; anywhere in the domain with a name of the value specified.
  $strFilter = "<LDAP://"+$strNamingContext+">;(&(objectClass=Computer)(name="+$strComputerName+"));distinguishedName;subtree"

  ; Standard ADO code to query database
  $objConnection = CreateObject("ADODB.Connection")
  $objCommand = CreateObject("ADODB.Command")

  $objConnection.Provider = "ADsDSOObject"
  $objConnection.Open("Active Directory Provider")
  $objCommand.activeconnection = $objConnection
  $objCommand.commandtext = $strFilter

  $objRecordSet = $objCommand.Execute
  
  $aR = $objRecordSet.GetRows()
  Dim $aFR[Ubound($aR,2),Ubound($aR,1)]
  For $R=0 to Ubound($aR,2)
    $x=0
    For $C=0 to Ubound($aR,1)
      $aFR[$R,$C]=$aR[$C,$R]
      If $x=0
        $getOUByComputerName = $aFR[$R,$C]
        $x=1
      EndIf
    Next
  Next

  $objRecordSet.Close
  $objConnection.Close
EndFunction

Edited by Arend_ (2012-08-31 06:13 PM)
Edit Reason: Translated, Cleaned up, and made it work.

Top

#205620 - 2012-08-31 06:13 PM Re: how to list computers that are a member of an active directory group or OU [Re: Arend_]
Arend_ Arend_ MM club member Registered: 2005-01-17 Posts: 1892 Loc: Hilversum, The Netherlands	The VBS code does not work when translated to Kix, so I've made it work, cleaned it up and made it Option Explicit compliant. Enjoy!
Top

#205621 - 2012-08-31 06:29 PM Re: how to list computers that are a member of an active directory group or OU [Re: Arend_]
Allen Allen KiX Supporter Registered: 2003-04-19 Posts: 4541 Loc: USA	I always hate it when people do this to me... but that code can be summed up in one line: Code: ? CreateObject("ADSystemInfo").computername The problem is, the starter of the thread is not looking for the OU of the current computer, but all the computers in a specific OU or Group. The code is out there, but it is work to get it all nice and tidy.
Top

#205622 - 2012-08-31 07:07 PM Re: how to list computers that are a member of an active directory group or OU [Re: Allen]
Arend_ Arend_ MM club member Registered: 2005-01-17 Posts: 1892 Loc: Hilversum, The Netherlands	Haha Allen, off course I thought of that! But it is to list the OU of ANOTHER computer $;\)$
Top

#205623 - 2012-08-31 07:12 PM Re: how to list computers that are a member of an active directory group or OU [Re: Arend_]
Arend_ Arend_ MM club member Registered: 2005-01-17 Posts: 1892 Loc: Hilversum, The Netherlands	Listing all computers is dead easy Btw: Code: Dim $objAdsPath, $obj, $filter[0] $filter[0] = "Computer" $objADsPath = GetObject("LDAP://OU=Servers,OU=Computers,OU=Company,DC=domain,DC=local") $objAdsPath.filter = $filter For Each $obj In $objAdsPath ? $obj.Name Next Enjoy!
Top

#205624 - 2012-08-31 07:40 PM Re: how to list computers that are a member of an active directory group or OU [Re: Arend_]
Allen Allen KiX Supporter Registered: 2003-04-19 Posts: 4541 Loc: USA	Hmmm.. that does look nice and easy. I'll have to give that a try for my own needs. Thanks.
Top

#205625 - 2012-08-31 07:58 PM Re: how to list computers that are a member of an active directory group or OU [Re: Arend_]
Robdutoit Robdutoit Hey THIS is FUN Registered: 2012-03-27 Posts: 363 Loc: London, England	I am ready for the weekend to start this troubleshooting into getting the list of computers. I see that I have more replies to my question, so I thought that I would start with the shortest script. Arend, I am looking into the error as we speak, but your script Quote: Dim $objAdsPath, $obj, $filter[0] $filter[0] = "Computer" $objADsPath = GetObject("LDAP://OU=Servers,OU=Computers,OU=Company,DC=domain,DC=local") $objAdsPath.filter = $filter For Each $obj In $objAdsPath ? $obj.Name Next comes up with this error for me ERROR : Error in expression: this type of array not supported in expressions.! I am running windows 2008 server here if that helps explain why I am seeing the error. I am going to be researching the cause of this error and also looking at the other scripts to see what will accomplish the task at hand. Thanks Rob
Top

#205626 - 2012-08-31 08:38 PM Re: how to list computers that are a member of an active directory group or OU [Re: Robdutoit]
ShaneEP ShaneEP MM club member Registered: 2002-11-29 Posts: 2125 Loc: Tulsa, OK	That script works fine for me Rob. Make sure your LDAP path is correct. It will give that error if it's not able to connect.
Top

#205627 - 2012-08-31 08:39 PM

Re: how to list computers that are a member of an active directory group or OU [Re: ShaneEP]

ShaneEP Offline

MM club member

Registered: 2002-11-29
Posts: 2125
Loc: Tulsa, OK

Try this...

Code:

Dim $objAdsPath, $obj, $filter[0]
$filter[0] = "Computer"
$objADsPath = GetObject("LDAP://OU=Servers,OU=Computers,OU=Company,DC=domain,DC=local")
If @Error = 0
   $objAdsPath.filter = $filter
   For Each $obj In $objAdsPath
      ? $obj.Name
   Next
Else
   ? "Not able to connect to LDAP path."
Endif

get $

Edited by ShaneEP (2012-08-31 09:17 PM)

Top

#205628 - 2012-08-31 08:52 PM Re: how to list computers that are a member of an active directory group or OU [Re: ShaneEP]
Robdutoit Robdutoit Hey THIS is FUN Registered: 2012-03-27 Posts: 363 Loc: London, England	Hi Shane, I followed your suggestion and just used a top level OU and the error message changed to ERRORL IDispatch pointers not allowed in expressions! the same line is causing the problem- that being $objAdsPath.filter = $filter If it works for you, I must be doing something wrong in the LDAP path, so I will try variations of ldap and also try using winnt. I don't know if its anything to do with my server, or me being stupid, but I will get there. Thanks
Top

Page 1 of 3

Previous Topic View All Topics

Index Next Topic

Moderator: Jochen, Allen, Radimus, Glenn Barnas, ShaneEP, Ruud van Velsen, Arend_, Mart

Hop to:

Shout Box

Search the board with:
superb Board Search
or try with google:

	Web kixtart.org