[THIN] Re: Citrix Password Manager

  • From: Warren Simondson <caditc@xxxxxxxxxx>
  • To: thin@xxxxxxxxxxxxx
  • Date: Sat, 15 Jan 2011 09:43:51 +1100

The following script tells you who has registered for PM in AD. I wrote this 
many years ago, but 
should still work. Also if you use the ADSI Edit tool you will find other 
values related to each user 
for PM.

vb script:

'usage: wscript pmfind.vbs c:\userlist.txt

Dim objConnection, objCommand, OU

Dim strFilter, strQuery, objRecordSet, objArgs

strExportFile = wscript.arguments(0)

set fso = CreateObject("Scripting.FileSystemObject")

set output = fso.CreateTextFile(strExportFile, True)

'repalce with your LDAP path

sam = "*"

Set objConnection = CreateObject("ADODB.Connection")

Set objCommand = CreateObject("ADODB.Command")

objConnection.Provider = "ADsDSOOBject"

objConnection.Open "Active Directory Provider"

Set objCommand.ActiveConnection = objConnection

strBase = "<LDAP://" & OU & ">"

'Define the filter elements

strFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & sam 
& "))"

'List all attributes you will require

strAttributes = 

'compose query

strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"

objCommand.CommandText = strQuery

objCommand.Properties("Page Size") = 99999

objCommand.Properties("Timeout") = 600

objCommand.Properties("Cache Results") = False

Set objRecordSet = objCommand.Execute


Do Until objRecordSet.EOF

    strDN = objRecordSet.Fields("distinguishedName")

    'write user DN to screen for debug purpose
    'Wscript.StdOut.WriteLine strDN

    'part from original script
    set ObjUser = GetObject("LDAP://" & strDN)
    Set objsd = objUser.Get("ntSecurityDescriptor")
    Set dacl = objsd.DiscretionaryAcl

    Flag = 0
    For Each ace In dacl

        strObjectType = ""

        'to find out if YOURDOMAIN\passman_proxy has been assigned to the user
        if (ace.Trustee = "YOURDOMAIN\passman_proxy") Then
             'output.WriteLine strDN
            Flag = 1
            'Exit For
        End if
    'if the QUF\passman_proxy was never found in the security of the user, 
write the user to the file
    if (flag=0) then
       output.WriteLine strDN
    End if


' Clean up.


Set objConnection = Nothing

Set objCommand = Nothing

Set objRecordSet = Nothing

Warren Simondson

Ctrl-Alt-Del IT Consultancy Pty Ltd

Website: http://www.ctrl-alt-del.com.au

On Fri, Jan 14th, 2011 at 10:11 PM, James Scanlon 
<James.Scanlon@xxxxxxxxxxxxxxxx> wrote:

> Anyone got a quick way to see who has signed up / registered for the
> password manager self service?
> Im assuming its some kind of script to see if the data exists in the AD
> Account or something?
> Any assistance always very much appreciated :)        
> James
> ______________________________________
> C. Hoare & Co. is authorised and regulated by the Financial Services
> Authority with registration no. 122093.  The FSAâ??s address is 25, The
> North Colonnade, Canary Wharf, London E14 5HS.
> Registered in England no. 240822.  Registered office 37 Fleet St, London,
> EC4P 4DQ
> Confidentiality Disclaimer:
> This message and attachments are confidential and may be privileged, and
> are sent for the personal attention of the addressee(s).  If you are not
> the intended addressee, any use, disclosure or copying of this document is
> unauthorised. Information transmitted by email may be intercepted, lost,
> destroyed, corrupted or delayed and as a result, C. Hoare & Co. do not
> accept responsibility for any errors or omissions in the contents of this
> message. If you would like to confirm the contents of this email, please
> request a hard copy version.
> If the contents of this message are of a personal nature, the email will
> have been sent in a personal capacity and not on behalf of C. Hoare & Co.
> Monitoring/Viruses:
> C. Hoare & Co. may monitor all incoming and outgoing emails in line with
> current legislation. Although emails are screened for viruses, C. Hoare &
> Co. cannot guarantee that any transmissions will be virus free.
> ________________________________________

For Archives, RSS, to Unsubscribe, Subscribe or 
set Digest or Vacation mode use the below link:
Follow ThinList on Twitter

Other related posts: