GFI
English Deutsch Français Italiano Nederlands Español
Products > GFI Network Server Monitor > Scripting > Active Directory Services Interface > Samples

> ADSI Introduction

Active Directory Service Interfaces (ADSI) enable system administrators and developers of scripts or applications to easily query for and manipulate directory service objects.
ADSI present a single set of directory service interfaces for managing network resources from different directory services. Administrators and developers can use ADSI to manage the resources in a directory service, regardless of which network environment contains the resource.

Scripts written to ADSI will work with any directory service that offers an ADSI provider. For example, with ADSI, applications can access LDAP, NDS, the Active Directory service, and other directories with ADSI interfaces as long as the appropriate service providers are available.

The standard ADSI providers are found within multiple namespaces - typically directory services for various network operating systems. Providers enable communication between the server or client. ADSI includes providers for:
  - Windows NT.
  - Lightweight Directory Access Protocol (LDAP).
  - Windows 2000 Active Directory (AD).
  - Novell NetWare Directory Services (NDS) and NetWare 3 bindery (NWCOMPAT).

GFI Network Server Monitor provides the ability to build monitor check routines based on ADSI. GFI provides some useful ADSI scripts.
You can use these samples as a base for new check routines you can write yourself.

> ADSI Samples

Check if account is disabled
Check Domain Admin- or Enterprise Admin membership
List computers that are connected to a specific domain controller
Lists all domains in the namespace
List all groups in a Windows 2000 AD domain or Windows NT4 domain
List all users and some of their properties in a Windows 2000 AD domain or Windows NT4 domain
Display password policy information of a domain
Remove a computer from a domain


Check if account is disabled
Function IsAccountDisabled( strDomain, strAccount )
    Dim objUser
    Set objUser = GetObject("WinNT://" & strDomain & "/" & strAccount & ",user")
    IsAccountDisabled = objUser.AccountDisabled
End Function

Dim strUser, strDomain
Do
    strUsr = inputbox("Please enter the user account name", "Input")
loop until strUsr <> ""

' Request the domain name for this user
do
    strDom = inputbox("Please enter the domain for this account.", "Input")
loop until strDom <> ""


If( IsAccountDisabled( strDom, strUsr ) = True ) Then
    WScript.Echo "Account disabled"
Else
    WScript.Echo "Account enabled"
End If

Check Domain Admin- or Enterprise Admin membership
Function VerifyGroupMembers( strDomain, strGroup, strMemberList )

    VerifyGroupMembers = False
    Set objGroup = GetObject("WinNT://" & strDomain & "/" & strGroup & ",group")

    arrUsers = Split( strMemberList, "," )

    For Each objUser In objGroup.Members

        WScript.Echo "Checkiing group member " & objUser.Name

        bMemberFound = False

        For i = 0 To UBound( arrUsers )
            If( UCase( Trim( arrUsers(i) ) ) = UCase( Trim( objUser.Name ) ) ) Then
                WScript.Echo "Member found: " & objUser.Name
                bMemberFound = True
                Exit For
            End If
        Next

        If( Not bMemberFound ) Then
            WScript.Echo "Member NOT found: " & objUser.Name
            VerifyGroupMembers = False
            Exit Function
        End If
    Next

    VerifyGroupMembers = True
End Function



' ****************************************************************************
' Main
' ****************************************************************************
Do
    strDomain = inputbox( "Please enter the domain name.", "Input" )
Loop until strDomain <> ""

Do
    strGroup = inputbox( "Please enter the name of the group you want to check (for instance: Domain Admins).", "Input" )
Loop until strGroup <> ""

Do
    strMembers = inputbox( "Please enter all domain admin members, separated by ','", "Input" )
Loop until strMembers <> ""

If( VerifyGroupMembers( strDomain, strGroup, strMembers ) = True ) Then
    WScript.Echo "Check successfull"
Else
    WScript.Echo "Check failed"
End If

List computers that are connected to a specific domain controller
Sub ListConnectedComputers( strDomain )
    Dim objPDC
    Set objPDC = getobject("WinNT://" & strDomain )
    objPDC.filter = Array("Computer")
    For Each objComputer In objPDC
    
    WScript.Echo "Name: " & objComputer.Name
    Next
End Sub

Dim strDomain
Do
    strDomain = inputbox( "Please enter a domainname", "Input" )
Loop until strDomain <> ""
ListConnectedComputers( strDomain )

Lists all domains in the namespace
Sub ListDomains()
    Dim objNameSpace
    Dim Domain

    Set objNameSpace = GetObject("WinNT:")
    For Each objDomain In objNameSpace
        WScript.Echo "Name: " & objDomain.Name
    Next
End Sub

ListDomains()

List all groups in a Windows 2000 AD domain or Windows NT4 domain
Sub ListGroups( strDomain )
    Set objComputer = GetObject("WinNT://" & strDomain )
    objComputer.Filter = Array( "Group" )
    For Each objGroup In objComputer
        WScript.Echo "Name: " & objGroup.Name
    Next
End Sub

Dim strDomain
Do
    strDomain = inputbox( "Please enter a domainname", "Input" )
Loop until strDomain <> ""

ListGroups( strDomain )

List all users and some of their properties in a Windows 2000 AD domain or Windows NT4 domain
Sub ListUsers( strDomain )
    Set objComputer = GetObject("WinNT://" & strDomain )
    objComputer.Filter = Array( "User" )
    For Each objUser In objComputer
        WScript.Echo "Name: " & objUser.Name
        WScript.Echo "Fullname: " & objUser.Fullname
        WScript.Echo "Description: " & objUser.Description
        WScript.Echo "AccountDisabled: " & objUser.AccountDisabled
        WScript.Echo "IsAccountLocked: " & objUser.IsAccountLocked
        WScript.Echo "Profile: " & objUser.Profile
        WScript.Echo "LoginScript: " & objUser.LoginScript
        WScript.Echo "HomeDirectory: " & objUser.HomeDirectory
        WScript.Echo ""
    Next
End Sub

Dim strDomain
Do
    strDomain = inputbox( "Please enter a domainname", "Input" )
Loop until strDomain <> ""

ListUsers( strDomain )

Display password policy information of a domain
Sub ListPasswordPolicyInfo( strDomain )
    Dim objComputer
    Set objComputer = GetObject("WinNT://" & strDomain )
    WScript.Echo "MinPasswordAge: " & ((objComputer.MinPasswordAge) / 86400)
    WScript.Echo "MinPasswordLength: " & objComputer.MinPasswordLength
    WScript.Echo "PasswordHistoryLength: " & objComputer.PasswordHistoryLength
    WScript.Echo "AutoUnlockInterval: " & objComputer.AutoUnlockInterval
    WScript.Echo "LockOutObservationInterval: " & objComputer.LockOutObservationInterval
End Sub

Dim strDomain
Do
    strDomain = inputbox( "Please enter a domainname", "Input" )
Loop until strDomain <> ""

ListPasswordPolicyInfo( strDomain )

Remove a computer from a domain
Sub RemoveComputer( strDomain, strComputer )
    Dim objDC
    Set objDC = getobject("WinNT://" & strDomain )
    objDC.Delete( "Computer", strComputer )
End Sub

Dim strDomain, strComputer
Do
    strDomain = inputbox( "Please enter a domainname", "Input" )
Loop until strDomain <> ""
Do
    strComputer = inputbox( "Please the name of the computer to be removed from the domain", "Input" )
Loop until strComputer <> ""
RemoveComputer strDomain, strComputer
WScript.Echo "Done."


   © 2008. All rights reserved. GFI Software Home Products Download trials Support Ordering Site map About us Contact us
GFI solutions: Exchange anti spam filter - exchange anti virus - isa server - network vulnerability scanner - event log management - USB security software - exchange archiving - fax server software