新建文本,把以下代码拷贝进去并修改LDAP来源,保存为.VBS文件。
然后双击运行之后就可以在当前文件夹获得user.CSV的文件。
Const ADS_SCOPE_SUBTREE = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection
'LDAP指定对象的来源
'objectclass/objectCategory指定类型
'SELECT 指定属性名称,用*只会返回adspath
objCommand.CommandText = _
"Select sAMAccountName, displayName, mail, streetAddress, l, st, postalCode, c, telephoneNumber, mobile, facsimileTelephoneNumber, title, department, company, manager from 'LDAP://CNSRVADC01/DC=CORP,DC=Intra' " _
& "Where objectClass='user' and objectCategory='person' " _
& "order by samaccountname "
objCommand.Properties("Page Size") = 2000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
'输出文件
Set objFS = CreateObject("Scripting.FileSystemObject")
Set objNewFile = objFS.CreateTextFile("user.CSV")
objNewFile.WriteLine "sAMAccountName, displayName, mail, streetAddress, city, state, postalCode, country, telephoneNumber, mobile, facsimileTelephoneNumber, title, department, company, manager"
Do Until objRecordSet.EOF
'输出内容
objNewFile.WriteLine """" & _
objRecordSet.Fields("sAMAccountName").Value & """,""" & _
objRecordSet.Fields("displayName").Value & """,""" & _
objRecordSet.Fields("mail").Value & """,""" & _
objRecordSet.Fields("streetAddress").Value & """,""" & _
objRecordSet.Fields("l").Value & """,""" & _
objRecordSet.Fields("st").Value & """,""" & _
objRecordSet.Fields("postalCode").Value & """,""" & _
objRecordSet.Fields("c").Value & """,""" & _
objRecordSet.Fields("telephoneNumber").Value & """,""" & _
objRecordSet.Fields("mobile").Value & """,""" & _
objRecordSet.Fields("facsimileTelephoneNumber").Value & """,""" & _
objRecordSet.Fields("title").Value & """,""" & _
objRecordSet.Fields("department").Value & """,""" & _
objRecordSet.Fields("company").Value & """,""" & _
objRecordSet.Fields("manager").Value & """ "
objRecordSet.MoveNext
Loop
WScript.Echo "Finished "
查询语句跟T-SQL非常类似,但是又有区别。
如果要查找不存在于任何group的person,在where条件后添加AND NOT memberOf='*'
如果要查找未过期的用户,where条件后添加AND (accountExpires=0 OR accountExpires=9223372036854775807)
不能使用SELECT * ,否则只会返回adspath一列,具体有哪些属性见以下链接:
group属性: http://www.selfadsi.org/user-attributes.htm
user属性: http://www.selfadsi.org/group-attributes.htm
不能够使用SELECT * ,否则只会返回adspath一列