[THIN] Re: Citrix Password Manager
- From: Warren Simondson <caditc@xxxxxxxxxx>
- To: thin@xxxxxxxxxxxxx
- Date: Sat, 15 Jan 2011 09:43:51 +1100
The following script tells you who has registered for PM in AD. I wrote this
many years ago, but
should still work. Also if you use the ADSI Edit tool you will find other
values related to each user
for PM.
vb script:
'usage: wscript pmfind.vbs c:\userlist.txt
Dim objConnection, objCommand, OU
Dim strFilter, strQuery, objRecordSet, objArgs
strExportFile = wscript.arguments(0)
set fso = CreateObject("Scripting.FileSystemObject")
set output = fso.CreateTextFile(strExportFile, True)
OU = "DC=YOURSITE,DC=LOCAL"
'repalce with your LDAP path
sam = "*"
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOOBject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
strBase = "<LDAP://" & OU & ">"
'Define the filter elements
strFilter = "(&(objectCategory=person)(objectClass=user)(sAMAccountName=" & sam
& "))"
'List all attributes you will require
strAttributes =
"distinguishedName,sAMAccountName,givenName,sn,userPrincipalName"
'compose query
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 99999
objCommand.Properties("Timeout") = 600
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
strDN = objRecordSet.Fields("distinguishedName")
'write user DN to screen for debug purpose
'Wscript.StdOut.WriteLine strDN
'part from original script
set ObjUser = GetObject("LDAP://" & strDN)
Set objsd = objUser.Get("ntSecurityDescriptor")
Set dacl = objsd.DiscretionaryAcl
Flag = 0
For Each ace In dacl
strObjectType = ""
'to find out if YOURDOMAIN\passman_proxy has been assigned to the user
if (ace.Trustee = "YOURDOMAIN\passman_proxy") Then
'output.WriteLine strDN
Flag = 1
'Exit For
End if
Next
'if the QUF\passman_proxy was never found in the security of the user,
write the user to the file
if (flag=0) then
output.WriteLine strDN
End if
objRecordSet.MoveNext
Loop
' Clean up.
objConnection.Close
Set objConnection = Nothing
Set objCommand = Nothing
Set objRecordSet = Nothing
--
Warren Simondson
Ctrl-Alt-Del IT Consultancy Pty Ltd
Website: http://www.ctrl-alt-del.com.au
On Fri, Jan 14th, 2011 at 10:11 PM, James Scanlon
<James.Scanlon@xxxxxxxxxxxxxxxx> wrote:
> Anyone got a quick way to see who has signed up / registered for the
> password manager self service?
> Im assuming its some kind of script to see if the data exists in the AD
> Account or something?
>
> Any assistance always very much appreciated :)
>
> James
>
> ______________________________________
>
> C. Hoare & Co. is authorised and regulated by the Financial Services
> Authority with registration no. 122093. The FSAâ??s address is 25, The
> North Colonnade, Canary Wharf, London E14 5HS.
> Registered in England no. 240822. Registered office 37 Fleet St, London,
> EC4P 4DQ
>
> Confidentiality Disclaimer:
> This message and attachments are confidential and may be privileged, and
> are sent for the personal attention of the addressee(s). If you are not
> the intended addressee, any use, disclosure or copying of this document is
> unauthorised. Information transmitted by email may be intercepted, lost,
> destroyed, corrupted or delayed and as a result, C. Hoare & Co. do not
> accept responsibility for any errors or omissions in the contents of this
> message. If you would like to confirm the contents of this email, please
> request a hard copy version.
>
> If the contents of this message are of a personal nature, the email will
> have been sent in a personal capacity and not on behalf of C. Hoare & Co.
>
> Monitoring/Viruses:
> C. Hoare & Co. may monitor all incoming and outgoing emails in line with
> current legislation. Although emails are screened for viruses, C. Hoare &
> Co. cannot guarantee that any transmissions will be virus free.
> ________________________________________
>
>
************************************************
For Archives, RSS, to Unsubscribe, Subscribe or
set Digest or Vacation mode use the below link:
//www.freelists.org/list/thin
Follow ThinList on Twitter
http://twitter.com/thinlist
************************************************
Other related posts:
