How to find active directory object location 1

[jstevens]

In active directory users and computers, running a find for user jsmith, it returns the user/users but it does not report the location of the object. Aka domain.com/new york/site 1/users/accounting

I am assisting in a large domain migration and have duplicate users and have hundreds of containers that I am not about to start walking the directory manually.

Is there a utility, either ldap or what not, that will allow me to run searchs for objects, and report the location of the object?

Thankyou
Jason Stevens

 

[markdmac]

You can use ADSIEdit to view the LDAP path.

You can also do it via a script so long as you can plug in some basic info. Edit the two CONST lines in the script to match your environment.

'==========================================================================
'
' NAME: EnumUserLDAPPaths.vbs
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL: [URL unfurl="true"]http://www.thespidersparlor.com[/URL]
' DATE  : 7/27/2004
'
' COMMENT: <comment>
'
'==========================================================================

On Error Resume Next

Const LDOMAIN = "LDAP://server.thespidersparlor.com/"
Const ENT_OU = "CN=Users,DC=thespidersparlor,DC=com"



strComputer = "."
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set colItems = objWMIService.ExecQuery("Select * from Win32_UserAccount",,48)
For Each objItem in colItems
    report = report & vbCrLf &  "Caption: " & objItem.Caption
    report = report & vbCrLf &  "Description: " & objItem.Description
    report = report & vbCrLf &  "FullName: " & objItem.FullName
    report = report & vbCrLf &  "Name: " & objItem.Name
    report = report & vbCrLf &  "SID: " & objItem.SID
    Set ldappath = Getuser2(objItem.Name)
    report = report & vbCrLf & ldappath.ADSPath
    report = report & vbCrLf & "*****************************************************"
Next

Set fso = CreateObject("Scripting.FileSystemObject")
Set ts = fso.CreateTextFile ("enumusers.txt", ForWriting)
ts.write report
set ts = nothing
set fso = nothing


Public Function GetUser2(ByVal sAMAccountName)

    Dim ADCon,ADCmd,ADRec,str 

    Set ADCon = CreateObject("ADODB.Connection")
    Set ADCmd = CreateObject("ADODB.Command")

    ADCon.Provider = "ADsDSOObject"
    ADCon.Open "Active Directory Provider", UID, PWD

    Set ADCmd.ActiveConnection = ADCon
    ADCmd.Properties("Cache results") = False
    ADCmd.Properties("TimeOut") = 120

    str = "select sAMAccountName, ADsPath " & _
          "from '" & LDOMAIN & ENT_OU & "' " & _
          "where objectCategory='person' and sAMAccountName='" & sAMAccountName & "'"

    ADCmd.CommandText = str

    Set ADRec = ADCmd.Execute()

    If ADRec.EOF Then
        Set objUser = Nothing
		Exit Function
    End If

    ' Then bind to the IADs object.

    Set GetUser2 = getObject(ADRec.Fields("adspath"))

End Function

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[markdmac]

This was really interesting so I kept working to improve it. I should have gone to bed about 4 hours ago but here you go!

'==========================================================================
'
' NAME: EnumLDAPUsersContainers.vbs
'
' AUTHOR: Mark D. MacLachlan , The Spider's Parlor
' URL: [URL unfurl="true"]http://www.thespidersparlor.com[/URL]
' DATE  : 7/27/2004
'
' COMMENT: <comment>
'
'==========================================================================

Dim objRootDSE, strForest, objForest, strDom
Dim objCommand, objConnection


Set objRootDSE = GetObject("LDAP://RootDSE")
strForest = objRootDSE.Get("rootDomainNamingContext")
Set objForest = GetObject("LDAP://" & strForest)
strDom = objRootDSE.Get("defaultNamingContext")



' Use ADO to search Active Directory.
Set objCommand = CreateObject("ADODB.Command")
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False

GetDoms = EnumDomains(objForest)

' Clean up.
objConnection.Close
Set objRootDSE = Nothing
Set objForest = Nothing
Set objCommand = Nothing
Set objConnection = Nothing

Function EnumDomains(objParent)
' Recursive subroutine to enumerate domains.
  Dim objGroup, objContainer, objChild

' Output domain name.
  report = report & vbCrLf & "Domain: " & strDom & vbCrLf

' Enumerate containers in domain.
  objParent.Filter = Array("container","organizationalUnit","builtinDomain")
  For Each objContainer In objParent
   If left(objContainer.distinguishedName,8) = "CN=Users" Or left(objContainer.distinguishedName,2) = "OU" Then
      report = report & vbCrLf & EnumContainers(objContainer, objParent.distinguishedName)
      report = report & vbCrlf
   End If
  Next



  Set objGroup = Nothing
  Set objContainer = Nothing
  Set objChild = Nothing

Set fso = CreateObject("Scripting.FileSystemObject")
Set ts = fso.CreateTextFile ("enumOU.txt", ForWriting)
ts.write report
set ts = nothing
set fso = nothing

End Function

Function EnumContainers(objParent, strDNSDomain)
On Error Resume Next
'MsgBox objParent.name & vbcrlf & strDNSDomain
' Recursive subroutine to enumerate containers.
  Dim objGroup, objChild

' Output container name
  'If Left(objParent.distinguishedname, 2) <> "CN" Then
     report = report & objParent.distinguishedname
  'End If


  ' Enumerate users in container.
  objParent.Filter = Array("person")
  For Each objPerson In objParent
	  ldappath = GetUser2(objPerson.name, objParent.Name, strDom)
	  If Left(objPerson.objectCategory, 9) = "CN=Person" Then
	     report = report & vbCrLf & vbTab & vbTab & objPerson.name & "," & objParent.distinguishedName
	  End If
  Next


' Enumerate child containers.
  objParent.Filter = Array("container","organizationalUnit","builtinDomain")
  For Each objContainer In objParent
     	  If Left(objContainer.DistinguishedName, 2) = "OU" Then
		  report = report & vbCrLf & vbTab & EnumContainers(objContainer, objParent.distinguishedName)
		  report = report & vbCrlf
	  End If
  Next

  EnumContainers = report
  Set objGroup = Nothing
  Set objChild = Nothing
End Function

Public Function GetUser2(ByVal sAMAccountName, LDOMAIN, StrDom)
On Error Resume Next

    Dim ADCon,ADCmd,ADRec,str 

    Set ADCon = CreateObject("ADODB.Connection")
    Set ADCmd = CreateObject("ADODB.Command")

    ADCon.Provider = "ADsDSOObject"
    ADCon.Open "Active Directory Provider", UID, PWD

    Set ADCmd.ActiveConnection = ADCon
    ADCmd.Properties("Cache results") = False
    ADCmd.Properties("TimeOut") = 120

    str = "select sAMAccountName, ADsPath " & _
          "from '" & LDOMAIN & "," & StrDom & "' " & _
          "where objectCategory='person' and sAMAccountName='" & sAMAccountName & "'"

    ADCmd.CommandText = str

    Set ADRec = ADCmd.Execute()

    If ADRec.EOF Then
        Set objUser = Nothing
		Exit Function
    End If

    ' Then bind to the IADs object.

    Set GetUser2 = getObject(ADRec.Fields("adspath"))

End Function

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[jstevens]

Thankyou Mark,

It does appear you have to much time on your hands...

I have found a lazier / easier way.

Pull up an existing group, goto members, add, advanced, find now, it will display the column "in folder".

Microsoft needs to add this column to the basic Find users, contacts, groups, results dialog box. If there is a way to do that, that would be excellent.

Thankyou
Jason Stevens

 

[mlichstein]

Mark, have a star on me for effort

 

[markdmac]

I thought you were looking for the LDAP path so you could use it in another script.

Oh well, just another script to add to my library of tools.

I hope you find this post helpful. Please let me know if it was.

Regards,

Mark

 

[conan3]

This thread is really old but here goes.

when seaching for a user with find users, contacts and groups to see where the users infomation is located, do this

in AD users and computers do a find

Find Users, Contacts and Groups
->Click View
->Select choose columns
->Add Published AT

Hope this helps

David