"sk8er_boi" <> wrote in message
news:...
>
> Hi all ... greetings of the day,
>
> I'm working as an system admin a company having abt 50000 users on AD &
> need to provide owner (creator) of almost all accounts on AD. I know i
> can find this info on Security tab > advanced > owner tab on user
> properties but i cannot do this for so many users !!! is there any way
> to find user owner in bulk ?
>
> can i run a conditional search on AD for eg. owner=SysAdmin or any
> script that will simply scan all accounts & list the owner ...pls help
> !
>
> P.s : we use Quest Active Roles Server for AD operations & have limited
> rights on native mode
>
>
> --
> sk8er_boi
> ------------------------------------------------------------------------
> sk8er_boi's Profile: http://forums.techarena.in/members/219435.htm
> View this thread: http://forums.techarena.in/active-directory/1336370.htm
>
> http://forums.techarena.in
>
Unfortunately, you cannot simply query for the owner. As far as I know you
must bind to each object, then bind to the security descriptor object and
retrieve the owner property. A VBScript program can use ADO to retrieve the
DN of all users, bind to the objects, and output DN and owner of each. Run
the below at a command prompt so you can redirect the output to a text file.
I had the script output DN and owner semicolon delimited (DN's have embedded
commas) so the output can be read into a spreadsheet. If desired, you could
replace distinguishedName with sAMAccountName throughout to output
"pre-Windows 2000 logon" name instead.
============
Option Explicit
Dim adoCommand, adoConnection, strBase, strFilter, strAttributes
Dim objRootDSE, strDNSDomain, strQuery, adoRecordset, strDN
Dim objUser, objSecurityDescriptor
' Setup ADO objects.
Set adoCommand = CreateObject("ADODB.Command")
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open "Active Directory Provider"
Set adoCommand.ActiveConnection = adoConnection
' Search entire Active Directory forest.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("rootDomainNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
' Filter on all users.
strFilter = "(&(objectCategory=person)(objectClass=user))"
' Comma delimited list of attribute values to retrieve.
strAttributes = "distinguishedName"
' Construct the LDAP syntax query.
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
adoCommand.CommandText = strQuery
adoCommand.Properties("Page Size") = 100
adoCommand.Properties("Timeout") = 30
adoCommand.Properties("Cache Results") = False
' Run the query.
Set adoRecordset = adoCommand.Execute
' Enumerate the resulting recordset.
Do Until adoRecordset.EOF
' Retrieve values.
strDN = adoRecordset.Fields("distinguishedName").Value
strDN = Replace(strDN, "/", "\/")
' Bind to the object.
Set objUser = GetObject("LDAP://" & strDN)
' Bind to security object.
Set objSecurityDescriptor = objUser.Get("ntSecurityDescriptor")
' Display user and owner.
Wscript.Echo objUser.distinguishedName & ";" &
objSecurityDescriptor.Owner
' Move to the next record in the recordset.
adoRecordset.MoveNext
Loop
' Clean up.
adoRecordset.Close
adoConnection.Close
--
Richard Mueller
MVP Directory Services
Hilltop Lab -
http://www.rlmueller.net
--
Similar Threads
Linear Mode
