Читайте также:
|
|
Листинг программы
ConstADS_SCOPE_SUBTREE = 2
Const ADS_CHASE_REFERRALS_ALWAYS = &H60
Dim TotalAccProcessed
Dim RootDomainLDAP
'check to see if we launched by correct interpreter(if not - relaunch correct)
if Not isCScript() Then
set oShell = CreateObject("WScript.Shell")
set arguments = WScript.Arguments
sCMD = "cscript //nologo domgroupsenum.vbs"
For Each cmdArg in arguments
sCMD = sCMD& " " &cmdArg
Next
oShell.RunsCMD
WScript.Quit()
End If
Set objArgs = WScript.Arguments
if objArgs.Count< 2 Then
WScript.Echo "Enumerate all groups in specified domain"
WScript.Echo "and return all as tab delimited user specified text file"
WScript.Echo "ALL QUERYs are RECURSIVE!"
WScript.Echo "USAGE: domgroupsenum.vbs <LDAP query><outfile.txt" &vbCrLf&vbCrLf
WScript.Echo "Example queryes:"
WScript.Echo "LDAP://dc=mydomain,dc=com- to enum groups in *all* OUs on mydomain.com domain"
WScript.Echo "LDAP://ou=Groups,dc=mydomain,dc=com - to start enum groups at 'Groups' OU on mydomain.com domain"
WScript.Echo "LDAP://domainserv/dc=mydomain,dc=com- to enum *all* groups on mydomain.com domain at specified DC" &vbCrLf&vbCrLf
WScript.Echo "Press ENTER to quit"
WScript.StdIn.ReadLine()
WScript.Quit
Else
LDAPQuery = objArgs(0)
End if
On Error Resume Next
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.Properties("Chase referrals") = ADS_CHASE_REFERRALS_ALWAYS
objCommand.Properties("TimeOut") = 120 'in seconds
objCommand.Properties("Cache Results") = False
Set cf = CreateObject("Scripting.FileSystemObject")
objCommand.CommandText = "SELECT primaryGroupToken, Name, description, member, groupType FROM '" &LDAPQuery& "' WHERE objectCategory='group'"
Set objRecordSet = objCommand.Execute
If objRecordSet.BOF Then
WScript.Echo "ERROR querying: " &LDAPQuery
WScript.Quit
Else
objRecordSet.MoveFirst
End If
RootDomainLDAP=ConstructGlobalDomain(LDAPQuery)
Set cs = cf.OpenTextfile(objArgs(1), 2, True)
If Err.Number<> 0 Then
WScript.Echo "Can't create output file!" &vbCrLf
WScript.Quit
End If
Do Until objRecordSet.EOF
GroupName=objRecordSet.Fields("Name").Value
arrField = objRecordSet.Fields("description")
if IsArray(arrField) Then
For Each strItem In arrField
GroupDescr = strItem
Next
elseif Not IsNull(arrField) Then
GroupDescr = arrField.Value
else
GroupDescr = ""
End if
If Err.Number<> 0 Then
WScript.Echo "ERROR querying GroupName and GroupDescr: " &Err.Description&vbCrLf
End If
Select Case objRecordSet.Fields("groupType")
Case 2
GroupType="Global" '"This is a global distribution group."
Case 4
GroupType="Local" '"This is a domain local distribution group."
Case 8
GroupType="Universal" '"This is a universal distribution group."
Case -2147483646
GroupType="Global" '"This is a global security group."
Case -2147483644
GroupType="Local" '"This is a domain local security group."
Case -2147483643
GroupType="Local" '"This is a domain local security group created by system."
Case -2147483640
GroupType="Universal" '"This is a universal security group."
Case else
GroupType=""
End Select
If Err.Number<> 0 Then
WScript.Echo "ERROR querying GroupType: " &Err.Description&vbCrLf
End If
arrField = objRecordSet.Fields("member")
if IsArray(arrField) Then
For Each strItem In arrField
Set objGroup = GetObject("LDAP://" &strItem)
Select Case objGroup.sAMAccountType
Case 805306368
GroupMemberType="User"
Case 805306369
GroupMemberType="User"
Case 268435456
GroupMemberType="Global"
Case 536870912
GroupMemberType="Local"
Case else
GroupMemberType="Contact"
End Select
If InStr(1, objGroup.sAMAccountName, "$", 1) < 1 Then
'if GroupMemberType<> "Contact" Then
cs.writeMaskValueIfEmpty(GroupName, "") &vbTab 'GROUPNAME
cs.writeMaskValueIfEmpty(GroupDescr, "") &vbTab 'GROUPDESCRIPTION
cs.writeMaskValueIfEmpty(GroupType, "") &vbTab 'GROUP TYPE
cs.writeobjGroup.samAccountName&vbTab 'GROUP:MEMBER NAME
cs.writeGroupMemberType&vbCrLf 'GROUP:MEMBER TYPE
'End If
End If
Set objGroup = Nothing
Next
elseif Not IsNull(arrField) Then
cs.writeMaskValueIfEmpty(GroupName, "") &vbTab 'GROUPNAME
cs.writeMaskValueIfEmpty(GroupDescr, "") &vbTab 'GROUPDESCRIPTION
cs.writeMaskValueIfEmpty(GroupType, "") &vbTab 'GROUP TYPE
cs.writeMaskValueIfEmpty(arrField.Value, "") &vbTab 'GROUP:MEMBER NAME
cs.write "" &vbCrLf
else
cs.writeMaskValueIfEmpty(GroupName, "") &vbTab 'GROUPNAME
cs.writeMaskValueIfEmpty(GroupDescr, "") &vbTab 'GROUPDESCRIPTION
cs.writeMaskValueIfEmpty(GroupType, "") &vbTab 'GROUP TYPE
cs.write "" &vbTab 'GROUP:MEMBER NAME
cs.write "" &vbCrLf 'GROUP:MEMBER TYPE
End if
If Err.Number<> 0 Then
WScript.Echo "ERROR working with GroupMember: " &Err.Description&vbCrLf
End If
EnumPrimaryMembers(objRecordSet.Fields("primaryGroupToken"))
TotalAccProcessed = TotalAccProcessed + 1
objRecordSet.MoveNext
Loop
WScript.Echo "Total groups Listed: " &TotalAccProcessed
Set objConnection = Nothing
Set objCommand = Nothing
cs.Close
WScript.Quit
Дата добавления: 2015-10-16; просмотров: 68 | Нарушение авторских прав
<== предыдущая страница | | | следующая страница ==> |
МЕРОПРИЯТИЯ ПО ТЕХНИКЕ БЕЗОПАСНОСТИ И ОХРАНЕ ТРУДА | | | ПРИЛОЖЕНИЕ Б |