You rock warren thanks mate Sincerely James Scanlon http://www.hyperactiveproductions.com.au On 14 Jan 2011, at 22:43, Warren Simondson <caditc@xxxxxxxxxx> wrote: > The following script tells you who has registered for PM in AD. I wrote this > many years ago, but > should still work. Also if you use the ADSI Edit tool you will find other > values related to each user > for PM. > > vb script: > > 'usage: wscript pmfind.vbs c:\userlist.txt > > Dim objConnection, objCommand, OU > > Dim strFilter, strQuery, objRecordSet, objArgs > > strExportFile = wscript.arguments(0) > > set fso = CreateObject("Scripting.FileSystemObject") > > set output = fso.CreateTextFile(strExportFile, True) > > > OU = "DC=YOURSITE,DC=LOCAL" > 'repalce with your LDAP path > > sam = "*" > > Set objConnection = CreateObject("ADODB.Connection") > > Set objCommand = CreateObject("ADODB.Command") > > objConnection.Provider = "ADsDSOOBject" > > objConnection.Open "Active Directory Provider" > > Set objCommand.ActiveConnection = objConnection > > strBase = "<LDAP://" & OU & ">" > > 'Define the filter elements > > strFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & > sam & "))" > > 'List all attributes you will require > > strAttributes = > "distinguishedName,sAMAccountName,givenName,sn,userPrincipalName" > > 'compose query > > strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree" > > objCommand.CommandText = strQuery > > objCommand.Properties("Page Size") = 99999 > > objCommand.Properties("Timeout") = 600 > > objCommand.Properties("Cache Results") = False > > Set objRecordSet = objCommand.Execute > > objRecordSet.MoveFirst > > Do Until objRecordSet.EOF > > strDN = objRecordSet.Fields("distinguishedName") > > 'write user DN to screen for debug purpose > 'Wscript.StdOut.WriteLine strDN > > 'part from original script > set ObjUser = GetObject("LDAP://" & strDN) > Set objsd = objUser.Get("ntSecurityDescriptor") > Set dacl = objsd.DiscretionaryAcl > > Flag = 0 > For Each ace In dacl > > strObjectType = "" > > 'to find out if YOURDOMAIN\passman_proxy has been assigned to the user > if (ace.Trustee = "YOURDOMAIN\passman_proxy") Then > 'output.WriteLine strDN > Flag = 1 > 'Exit For > End if > Next > 'if the QUF\passman_proxy was never found in the security of the user, > write the user to the file > if (flag=0) then > output.WriteLine strDN > End if > > objRecordSet.MoveNext > > Loop > ' Clean up. > > objConnection.Close > > Set objConnection = Nothing > > Set objCommand = Nothing > > Set objRecordSet = Nothing > > > > -- > Warren Simondson > > Ctrl-Alt-Del IT Consultancy Pty Ltd > > Website: http://www.ctrl-alt-del.com.au > > > > > > > > > On Fri, Jan 14th, 2011 at 10:11 PM, James Scanlon > <James.Scanlon@xxxxxxxxxxxxxxxx> wrote: > >> Anyone got a quick way to see who has signed up / registered for the >> password manager self service? >> Im assuming its some kind of script to see if the data exists in the AD >> Account or something? >> >> Any assistance always very much appreciated :) >> >> James >> >> ______________________________________ >> >> C. Hoare & Co. is authorised and regulated by the Financial Services >> Authority with registration no. 122093. The FSA’s address is 25, The >> North Colonnade, Canary Wharf, London E14 5HS. >> Registered in England no. 240822. Registered office 37 Fleet St, London, >> EC4P 4DQ >> >> Confidentiality Disclaimer: >> This message and attachments are confidential and may be privileged, and >> are sent for the personal attention of the addressee(s). If you are not >> the intended addressee, any use, disclosure or copying of this document is >> unauthorised. Information transmitted by email may be intercepted, lost, >> destroyed, corrupted or delayed and as a result, C. Hoare & Co. do not >> accept responsibility for any errors or omissions in the contents of this >> message. If you would like to confirm the contents of this email, please >> request a hard copy version. >> >> If the contents of this message are of a personal nature, the email will >> have been sent in a personal capacity and not on behalf of C. Hoare & Co. >> >> Monitoring/Viruses: >> C. Hoare & Co. may monitor all incoming and outgoing emails in line with >> current legislation. Although emails are screened for viruses, C. Hoare & >> Co. cannot guarantee that any transmissions will be virus free. >> ________________________________________ >> >> > > ************************************************ > For Archives, RSS, to Unsubscribe, Subscribe or > set Digest or Vacation mode use the below link: > //www.freelists.org/list/thin > Follow ThinList on Twitter > http://twitter.com/thinlist > ************************************************ > ************************************************ For Archives, RSS, to Unsubscribe, Subscribe or set Digest or Vacation mode use the below link: //www.freelists.org/list/thin Follow ThinList on Twitter http://twitter.com/thinlist ************************************************