用下面的语句可以查询AD中的任何信息,而且你可以选择你需要查询的列,可以加入选择条件,可以查询固定OU等等,可扩展性是非常好的。
脚本运行以当前用户权限查询AD信息,所以确保当前用户为域用户。 因为只涉及到查询,所以不需要特殊权限。
On Error Resume NextConst ADS_SCOPE_SUBTREE = 2Set objConnection = CreateObject("ADODB.Connection")Set objCommand = CreateObject("ADODB.Command")objConnection.Provider = "ADsDSOObject"objConnection.Open "Active Directory Provider"Set objCommand.ActiveConnection = objConnectionobjCommand.Properties("Page Size") = 1000objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE objCommandProperties("Sort On") = "Name"objCommand.CommandText = _ "SELECT Name FROM 'LDAP://dc=fabrikam,dc=com' WHERE objectCategory='user'" Set objRecordSet = objCommand.ExecuteobjRecordSet.MoveFirstDo Until objRecordSet.EOF Wscript.Echo objRecordSet.Fields("Name").Value objRecordSet.MoveNextLoop
你也可以选择用其他账户实现:
objConnection.Properties("User ID") = "Administrator"objConnection.Properties("Password") = "irte56$#sW"objConnection.Properties("Encrypt Password") = TRUEobjConnection.Properties("ADSI Flag") = 1
如果你只需要抓取当前用户的信息就非常简单了,可以用下面的脚本:
On Error Resume NextSet objSysInfo = CreateObject("ADSystemInfo")strUser = objSysInfo.UserNamestrComputer = objSysInfo.ComputerNameSet objUser = GetObject("LDAP://" & _ strUser)strUserName = objUser.displayNameSet objComputer = GetObject("LDAP://" & _ strComputer)objComputer.Description = strUserNameobjComputer.SetInfo
在微软的网站上对上述脚本有非常详细的介绍:
http://technet.microsoft.com/en-us/magazine/2007.08.heyscriptingguy.aspx