ПРИЛОЖЕНИЕ А

Читайте также:

Листинг программы

ConstADS_SCOPE_SUBTREE = 2

Const ADS_CHASE_REFERRALS_ALWAYS = &H60

Dim TotalAccProcessed

Dim RootDomainLDAP

'check to see if we launched by correct interpreter(if not - relaunch correct)

if Not isCScript() Then

set oShell = CreateObject("WScript.Shell")

set arguments = WScript.Arguments

sCMD = "cscript //nologo domgroupsenum.vbs"

For Each cmdArg in arguments

sCMD = sCMD& " " &cmdArg

oShell.RunsCMD

WScript.Quit()

End If

Set objArgs = WScript.Arguments

if objArgs.Count< 2 Then

WScript.Echo "Enumerate all groups in specified domain"

WScript.Echo "and return all as tab delimited user specified text file"

WScript.Echo "ALL QUERYs are RECURSIVE!"

WScript.Echo "USAGE: domgroupsenum.vbs <LDAP query><outfile.txt" &vbCrLf&vbCrLf

WScript.Echo "Example queryes:"

WScript.Echo "LDAP://dc=mydomain,dc=com- to enum groups in *all* OUs on mydomain.com domain"

WScript.Echo "LDAP://ou=Groups,dc=mydomain,dc=com - to start enum groups at 'Groups' OU on mydomain.com domain"

WScript.Echo "LDAP://domainserv/dc=mydomain,dc=com- to enum *all* groups on mydomain.com domain at specified DC" &vbCrLf&vbCrLf

WScript.Echo "Press ENTER to quit"

WScript.StdIn.ReadLine()

WScript.Quit

Else

LDAPQuery = objArgs(0)

End if

On Error Resume Next

Set objConnection = CreateObject("ADODB.Connection")

Set objCommand = CreateObject("ADODB.Command")

objConnection.Provider = "ADsDSOObject"

objConnection.Open "Active Directory Provider"

Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000

objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

objCommand.Properties("Chase referrals") = ADS_CHASE_REFERRALS_ALWAYS

objCommand.Properties("TimeOut") = 120 'in seconds

objCommand.Properties("Cache Results") = False

Set cf = CreateObject("Scripting.FileSystemObject")

objCommand.CommandText = "SELECT primaryGroupToken, Name, description, member, groupType FROM '" &LDAPQuery& "' WHERE objectCategory='group'"

Set objRecordSet = objCommand.Execute

If objRecordSet.BOF Then

WScript.Echo "ERROR querying: " &LDAPQuery

WScript.Quit

Else

objRecordSet.MoveFirst

End If

RootDomainLDAP=ConstructGlobalDomain(LDAPQuery)

Set cs = cf.OpenTextfile(objArgs(1), 2, True)

If Err.Number<> 0 Then

WScript.Echo "Can't create output file!" &vbCrLf

WScript.Quit

End If

Do Until objRecordSet.EOF

GroupName=objRecordSet.Fields("Name").Value

arrField = objRecordSet.Fields("description")

if IsArray(arrField) Then

For Each strItem In arrField

GroupDescr = strItem

elseif Not IsNull(arrField) Then

GroupDescr = arrField.Value

else

GroupDescr = ""

End if

If Err.Number<> 0 Then

WScript.Echo "ERROR querying GroupName and GroupDescr: " &Err.Description&vbCrLf

End If

Select Case objRecordSet.Fields("groupType")

Case 2

GroupType="Global" '"This is a global distribution group."

Case 4

GroupType="Local" '"This is a domain local distribution group."

Case 8

GroupType="Universal" '"This is a universal distribution group."

Case -2147483646

GroupType="Global" '"This is a global security group."

Case -2147483644

GroupType="Local" '"This is a domain local security group."

Case -2147483643

GroupType="Local" '"This is a domain local security group created by system."

Case -2147483640

GroupType="Universal" '"This is a universal security group."

Case else

GroupType=""

End Select

If Err.Number<> 0 Then

WScript.Echo "ERROR querying GroupType: " &Err.Description&vbCrLf

End If

arrField = objRecordSet.Fields("member")

if IsArray(arrField) Then

For Each strItem In arrField

Set objGroup = GetObject("LDAP://" &strItem)

Select Case objGroup.sAMAccountType

Case 805306368

GroupMemberType="User"

Case 805306369

GroupMemberType="User"

Case 268435456

GroupMemberType="Global"

Case 536870912

GroupMemberType="Local"

Case else

GroupMemberType="Contact"

End Select

If InStr(1, objGroup.sAMAccountName, "$", 1) < 1 Then

'if GroupMemberType<> "Contact" Then

cs.writeMaskValueIfEmpty(GroupName, "") &vbTab 'GROUPNAME

cs.writeMaskValueIfEmpty(GroupDescr, "") &vbTab 'GROUPDESCRIPTION

cs.writeMaskValueIfEmpty(GroupType, "") &vbTab 'GROUP TYPE

cs.writeobjGroup.samAccountName&vbTab 'GROUP:MEMBER NAME

cs.writeGroupMemberType&vbCrLf 'GROUP:MEMBER TYPE

'End If

End If

Set objGroup = Nothing

elseif Not IsNull(arrField) Then

cs.writeMaskValueIfEmpty(GroupName, "") &vbTab 'GROUPNAME

cs.writeMaskValueIfEmpty(GroupDescr, "") &vbTab 'GROUPDESCRIPTION

cs.writeMaskValueIfEmpty(GroupType, "") &vbTab 'GROUP TYPE

cs.writeMaskValueIfEmpty(arrField.Value, "") &vbTab 'GROUP:MEMBER NAME

cs.write "" &vbCrLf

else

cs.writeMaskValueIfEmpty(GroupName, "") &vbTab 'GROUPNAME

cs.writeMaskValueIfEmpty(GroupDescr, "") &vbTab 'GROUPDESCRIPTION

cs.writeMaskValueIfEmpty(GroupType, "") &vbTab 'GROUP TYPE

cs.write "" &vbTab 'GROUP:MEMBER NAME

cs.write "" &vbCrLf 'GROUP:MEMBER TYPE

End if

If Err.Number<> 0 Then

WScript.Echo "ERROR working with GroupMember: " &Err.Description&vbCrLf

End If

EnumPrimaryMembers(objRecordSet.Fields("primaryGroupToken"))

TotalAccProcessed = TotalAccProcessed + 1

objRecordSet.MoveNext

Loop

WScript.Echo "Total groups Listed: " &TotalAccProcessed

Set objConnection = Nothing

Set objCommand = Nothing

cs.Close

WScript.Quit

Дата добавления: 2015-10-16; просмотров: 68 | Нарушение авторских прав

Читайте в этой же книге: ВВЕДЕНИЕ | АНАЛИТИЧЕСКАЯ ЧАСТЬ | АНАЛИЗ СИСТЕМЫ ОБЕСПЕЧЕНИЯ ИНФОРМАЦИОННОЙ БЕЗОПАСНОСТИ И ВЫБОР МЕТОДА ЕЕ МОДЕРНИЗАЦИИ | Окончание таблицы 2.5 | ОАО «АЛЬФАПРОЕКТ» ДЛЯ РАЗГРАНИЧЕНИЯ ДОСТУПА | ОБОСНОВАНИЕ ЭКОНОМИЧЕСКОЙ ЭФФЕКТИВНОСТИ ПРОЕКТА |

<== предыдущая страница	\|	следующая страница ==>
МЕРОПРИЯТИЯ ПО ТЕХНИКЕ БЕЗОПАСНОСТИ И ОХРАНЕ ТРУДА	\|	ПРИЛОЖЕНИЕ Б

mybiblioteka.su - 2015-2024 год. (0.009 сек.)