Previous Page
Next Page

Connecting to Active Directory to Perform a Search

In this section, you are going to use a special query technique to search Active Directory. You'll be able to use the results returned by that custom query to perform additional tasks. For example, you could search Active Directory for all users who don't have telephone numbers assigned to them. You could then send that list to the person in charge of maintaining the telephone numbers. Even better, you could modify the search so that it returns the users' names and their managers' names. You could then take the list of users with no phone numbers that is returned and send e-mail to the managers to get the phone list in Active Directory updated. The functionality incorporated in your scripts is primarily limited by your imagination. The following summarizes uses for search technology:

  • Query Active Directory for a list of computers that meet a given search criterion

  • Query Active Directory for a list of users who meet a given search criterion

  • Query Active Directory for a list of printers that meet a given search criterion

  • Use the data returned from the preceding three queries to perform additional operations

Just the Steps

To search Active Directory

1.
Create a connection to Active Directory by using Microsoft ActiveX Data Objects (ADO).

2.
Use the Open method of the object to access Active Directory.

3.
Create an ADO command object and assign the ActiveConnection property to the connection object.

4.
Assign the query string to the CommandText property of the command object.

5.
Use the Execute method to run the query and store the results in a RecordSet object.

6.
Read information in the result set using properties of the RecordSet object.

7.
Close the connection by using the Close method of the connection object.


The following script, BasicQuery.vbs, illustrates how to search using Active Directory. This script follows the steps detailed in the "Just the Steps: To search Active Directory" section.

BasicQuery.vbs

Option Explicit
On Error Resume Next
Dim strQuery
Dim objConnection
Dim objCommand
Dim objRecordSet

strQuery = "<LDAP://dc=Nwtraders,dc=msft;;name;subtree"

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Open "Provider=ADsDSOObject;"
objCommand.ActiveConnection = objConnection
objCommand.CommandText = strQuery
Set objRecordSet = objCommand.Execute

While Not objRecordSet.EOF
  WScript.Echo objRecordSet.Fields("name")
  objRecordSet.MoveNext
Wend

objConnection.Close

In the BasicQuery.vbs script, you define your query after using the normal Option Explicit and On Error Resume Next commands. You then assign the query string to the variable called strQuery. The syntax of the query looks similar to the syntax you used to query Windows Management Instrumentation (WMI) in Chapter 9, "WMI Continued," and it follows a formula similar to that used with structured query language (SQL). The aspect of this syntax that is somewhat unusual is assigning a search string to a CommandText property If you envision the statement as stating that the command you want to execute is in the form of the query, perhaps the syntax will make a little more sense.

The query actually consists of two parts. The first part of the query is contained in angle brackets (< >) and specifies both the provider to use and the Lightweight Directory Access Protocol (LDAP) name of the container to which you want to connect. The second part of the query lists the fields you want to return in the result set.

Note

The BasicQuery.vbs script query we're examining follows the same syntax you would use for an (ADO) search. ADO is a standard for connecting and querying different types of data sources. The basic syntax of an ADO connection is discussed in the "Creating More Effective Queries" section of this chapter, and it is highlighted in Table 13-1.


Table 13-1. Objects used to search Active Directory

Object

Description

Connection

An open connection to an OLE DB data source such as ADSI

Command

Defines a specific command to execute against the data source

Parameter

An optional collection used to supply parameters to the command object

RecordSet

A set of records from a table, a command object, or SQL syntax; can be created without any underlying Connection object

Field

A single column of data in a record set

Property

A collection of values supplied by the provider for ADO

Error

Contains details about data access errors; refreshed when an error occurs in a single operation


Header Information

The Header information section of the BasicQuery.vbs script contains the Option Explicit command as the first line and On Error Resume Next on the next line, which causes the script to continue executing lines after an error occurs. The following lines of the script detail all the variables that have been declared in the script:

Dim strQuery
Dim objConnection
Dim objCommand
Dim objRecordSet

Reference Information

The Reference information section of the script is used to define the LDAP query, as shown in the following code:

strQuery = "<LDAP://dc=Nwtraders,dc=msft>;;name;subtree"

The strQuery variable is used to define the query you will submit to Active Directory. In this instance, you're interested in the Name attribute, which is specified following two semicolons. The subtree part of the query tells Microsoft Visual Basic, Scripting Edition (VBScript) the scope of your query. The subtree modifier means that you want to search the subtree found under the target that you specified in the LDAP portion of the query. You define the starting point of your search by using angle brackets and the LDAP syntax. In this case, you start your search at the root of nwtraders.msft, and you're interested in returning the Name attribute from every object in the subtreewhich means searching the entire hierarchy.

Worker and Output Information

Set objConnection creates a connection object that will be used to connect to Active Directory. Specifying ADODB means you will use the ActiveX Data Objects (ADO) technology to talk to Active Directory. The CreateObject method creates an instance of the ADO connection object in memory.

Now that you have a connection object resident in memory (named ObjConnection), you can create a command object that will be used to shuttle a query into Active Directory. You name this command object objCommand and set it equal to the object you get when you call ADODB.Command.

Having created the command object, you're now ready to open the connection to Active Directory. In this case, you use the ADsDSOObject provider. Because you can use ADO to talk to different data sources, you must specify which data provider to use when opening the connection. Here's an analogy to help you understand why you must specify a particular data provider when opening a connection. Think of opening a connection as being like opening a can of food in your kitchen. In most cases, the standard wheel type of can opener provides the needed leverage, such as removing the entire top of a can for a can of catfood. At times, however, you might need a different type of can opener, such as the kind that pokes holes in the top of the can to enable you to pour out liquid such as a can of orange juice. In the same way, depending on your data source, you might need to use a different provider. When talking to Active Directory, you will always use the ADsDSOObject provider.

Next, you need to define which connection to use for the command object. In this instance, you tell VBScript to use objConnection as the active connection. After telling VBScript to use objConnection as the active connection, specify the query to use by assigning the value of the strQuery variable to commandText.

Now you have a query, a connection, a command, a provider, an active connection, and command text. All that is left is to execute the command, which you do by using the following code:

Set objRecordSet = objCommand.Execute

You use the Execute method of the command object and set the data that comes back equal to the variable called objRecordSet.

The Worker information section of the BasicQuery.vbs script is used to iterate through the recordset that was returned when you used the Execute method of objCommand. In this instance, you use the While Not Wend construction to echo out the name field. The While Not Wend control structure enables you to know whether you've reached the end of the Recordset The recoredset has a property called EOF, that indicates the current record position is after the last record in the record set object.) If you haven't reached the EOF property you echo out the name retrieved by the initial query. After you echo out the name, you move to the next record in the record set. Here's the code that illustrates this process:

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Open "Provider=ADsDSOObject;"
objCommand.ActiveConnection = objConnection
objCommand.CommandText = strQuery
Set objRecordSet = objCommand.Execute

While Not objRecordSet.EOF
  WScript.Echo objRecordSet.Fields("name")
  objRecordSet.MoveNext
Wend
objConnection.Close

The Output information section of BasicQuery.vbs does a very simple WScript.Echo output that indicates the result of the search. In more advanced scripts, you might want to write to a text file, a database, or even a Web page. After you produce output for all your information, you close the active connection by using objConnection.Close.

Quick Check

Q.

What technology is used to search Active Directory?

A.

ADO is used to search Active Directory.

Q.

Which part of the script is used to perform the query?

A.

The command portion of the script is used to perform the query.

Q.

How are results returned from an ADO search of Active Directory?

A.

The results are returned in a record set.



Previous Page
Next Page