Connecting to Active Directory to Perform a SearchIn this section, you are going to use a special query technique to search Active Directory. You'll be able to use the results returned by that custom query to perform additional tasks. For example, you could search Active Directory for all users who don't have telephone numbers assigned to them. You could then send that list to the person in charge of maintaining the telephone numbers. Even better, you could modify the search so that it returns the users' names and their managers' names. You could then take the list of users with no phone numbers that is returned and send e-mail to the managers to get the phone list in Active Directory updated. The functionality incorporated in your scripts is primarily limited by your imagination. The following summarizes uses for search technology:
Just the Steps The following script, BasicQuery.vbs, illustrates how to search using Active Directory. This script follows the steps detailed in the "Just the Steps: To search Active Directory" section. BasicQuery.vbs Option Explicit On Error Resume Next Dim strQuery Dim objConnection Dim objCommand Dim objRecordSet strQuery = "<LDAP://dc=Nwtraders,dc=msft;;name;subtree" Set objConnection = CreateObject("ADODB.Connection") Set objCommand = CreateObject("ADODB.Command") objConnection.Open "Provider=ADsDSOObject;" objCommand.ActiveConnection = objConnection objCommand.CommandText = strQuery Set objRecordSet = objCommand.Execute While Not objRecordSet.EOF WScript.Echo objRecordSet.Fields("name") objRecordSet.MoveNext Wend objConnection.Close In the BasicQuery.vbs script, you define your query after using the normal Option Explicit and On Error Resume Next commands. You then assign the query string to the variable called strQuery. The syntax of the query looks similar to the syntax you used to query Windows Management Instrumentation (WMI) in Chapter 9, "WMI Continued," and it follows a formula similar to that used with structured query language (SQL). The aspect of this syntax that is somewhat unusual is assigning a search string to a CommandText property If you envision the statement as stating that the command you want to execute is in the form of the query, perhaps the syntax will make a little more sense. The query actually consists of two parts. The first part of the query is contained in angle brackets (< >) and specifies both the provider to use and the Lightweight Directory Access Protocol (LDAP) name of the container to which you want to connect. The second part of the query lists the fields you want to return in the result set. Note
Header InformationThe Header information section of the BasicQuery.vbs script contains the Option Explicit command as the first line and On Error Resume Next on the next line, which causes the script to continue executing lines after an error occurs. The following lines of the script detail all the variables that have been declared in the script: Dim strQuery Dim objConnection Dim objCommand Dim objRecordSet Reference InformationThe Reference information section of the script is used to define the LDAP query, as shown in the following code: strQuery = "<LDAP://dc=Nwtraders,dc=msft>;;name;subtree" The strQuery variable is used to define the query you will submit to Active Directory. In this instance, you're interested in the Name attribute, which is specified following two semicolons. The subtree part of the query tells Microsoft Visual Basic, Scripting Edition (VBScript) the scope of your query. The subtree modifier means that you want to search the subtree found under the target that you specified in the LDAP portion of the query. You define the starting point of your search by using angle brackets and the LDAP syntax. In this case, you start your search at the root of nwtraders.msft, and you're interested in returning the Name attribute from every object in the subtreewhich means searching the entire hierarchy. Worker and Output InformationSet objConnection creates a connection object that will be used to connect to Active Directory. Specifying ADODB means you will use the ActiveX Data Objects (ADO) technology to talk to Active Directory. The CreateObject method creates an instance of the ADO connection object in memory. Now that you have a connection object resident in memory (named ObjConnection), you can create a command object that will be used to shuttle a query into Active Directory. You name this command object objCommand and set it equal to the object you get when you call ADODB.Command. Having created the command object, you're now ready to open the connection to Active Directory. In this case, you use the ADsDSOObject provider. Because you can use ADO to talk to different data sources, you must specify which data provider to use when opening the connection. Here's an analogy to help you understand why you must specify a particular data provider when opening a connection. Think of opening a connection as being like opening a can of food in your kitchen. In most cases, the standard wheel type of can opener provides the needed leverage, such as removing the entire top of a can for a can of catfood. At times, however, you might need a different type of can opener, such as the kind that pokes holes in the top of the can to enable you to pour out liquid such as a can of orange juice. In the same way, depending on your data source, you might need to use a different provider. When talking to Active Directory, you will always use the ADsDSOObject provider. Next, you need to define which connection to use for the command object. In this instance, you tell VBScript to use objConnection as the active connection. After telling VBScript to use objConnection as the active connection, specify the query to use by assigning the value of the strQuery variable to commandText. Now you have a query, a connection, a command, a provider, an active connection, and command text. All that is left is to execute the command, which you do by using the following code: Set objRecordSet = objCommand.Execute You use the Execute method of the command object and set the data that comes back equal to the variable called objRecordSet. The Worker information section of the BasicQuery.vbs script is used to iterate through the recordset that was returned when you used the Execute method of objCommand. In this instance, you use the While Not Wend construction to echo out the name field. The While Not Wend control structure enables you to know whether you've reached the end of the Recordset The recoredset has a property called EOF, that indicates the current record position is after the last record in the record set object.) If you haven't reached the EOF property you echo out the name retrieved by the initial query. After you echo out the name, you move to the next record in the record set. Here's the code that illustrates this process: Set objConnection = CreateObject("ADODB.Connection") Set objCommand = CreateObject("ADODB.Command") objConnection.Open "Provider=ADsDSOObject;" objCommand.ActiveConnection = objConnection objCommand.CommandText = strQuery Set objRecordSet = objCommand.Execute While Not objRecordSet.EOF WScript.Echo objRecordSet.Fields("name") objRecordSet.MoveNext Wend objConnection.Close The Output information section of BasicQuery.vbs does a very simple WScript.Echo output that indicates the result of the search. In more advanced scripts, you might want to write to a text file, a database, or even a Web page. After you produce output for all your information, you close the active connection by using objConnection.Close.
|