Discussion:
Searching SamAccountName in all trusted Domains
(too old to reply)
Shayne D. Swann
2008-12-08 13:16:36 UTC
Permalink
Im looking for a way to search a sam account name attribute in all of my
domains trusted domains. I.E. when I search a name I want to search to be
performed on all of my trusted domains (even outside of my forest). I have
had some luck with the following script however you still have to specify the
netbios domain name:

Dim varArgument, arrParameters, adoCon, strConnection, adoRS
varArgument = WScript.Arguments(0)
If varArgument <> "" Then
arrParameters = Split(varArgument, "\")
Set adoCon = CreateObject("ADODB.Connection")
With adoCon
.Provider = "ADsDSOObject"
.Open "Active Directory Provider"
End With
strConnection = "SELECT mail, displayName FROM 'LDAP://" &
arrParameters(0) & "' WHERE objectClass='user' AND objectCategory='Person'
AND samAccountName ='" & arrParameters(1) & "'"
Set adoRS = adoCon.Execute(strConnection)
If Not adoRS.EOF Then
Wscript.Echo varArgument & " is " & adoRS.Fields("displayName")
& vbCrLf & "Email address is " & adoRS.Fields("mail")
Else
Wscript.Echo varArgument & " was not found in AD."
End If
End If
Set adoRS = Nothing
Set adoCon = Nothing
Richard Mueller [MVP]
2008-12-08 17:07:09 UTC
Permalink
Post by Shayne D. Swann
Im looking for a way to search a sam account name attribute in all of my
domains trusted domains. I.E. when I search a name I want to search to be
performed on all of my trusted domains (even outside of my forest). I have
had some luck with the following script however you still have to specify the
Dim varArgument, arrParameters, adoCon, strConnection, adoRS
varArgument = WScript.Arguments(0)
If varArgument <> "" Then
arrParameters = Split(varArgument, "\")
Set adoCon = CreateObject("ADODB.Connection")
With adoCon
.Provider = "ADsDSOObject"
.Open "Active Directory Provider"
End With
strConnection = "SELECT mail, displayName FROM 'LDAP://" &
arrParameters(0) & "' WHERE objectClass='user' AND objectCategory='Person'
AND samAccountName ='" & arrParameters(1) & "'"
Set adoRS = adoCon.Execute(strConnection)
If Not adoRS.EOF Then
Wscript.Echo varArgument & " is " & adoRS.Fields("displayName")
& vbCrLf & "Email address is " & adoRS.Fields("mail")
Else
Wscript.Echo varArgument & " was not found in AD."
End If
End If
Set adoRS = Nothing
Set adoCon = Nothing
Both the mail and displayName attributes are replicated to the Global
Catalog. It will help to use the GC: provider instead of LDAP:. This will
search all namespaces in AD, if arrParameters(0) is the DN of the root (top
level) domain in the forest. For domains outside the forest, I think you
must hard code the domain names. You also may need to provide credentials.

Does the rootDSE object reveal all of the domains you want? For example:
========
Set objRootDSE = GetObject("LDAP://RootDSE")
For Each strNS In objRootDSE.Get("NamingContexts")
Wscript.Echo "Naming context: "& strNS
Next
========
Finally, does it matter if other classes of objects have the specified value
for sAMAccountName, such as groups or contacts? If the purpose is to check
for uniqueness (to create a new user), then omit the clauses for objectClass
and objectCategory. The WHERE clause can be:

WHERE sAMAccountName = '" & arrParameters(1) & "'"

You can retrieve the value of objectCategory to indicate the class of object
(or objectClass, except the later is multi-valued).
--
Richard Mueller
MVP Directory Services
Hilltop Lab - http://www.rlmueller.net
--
aftermidnight
2010-06-17 07:17:32 UTC
Permalink
Shayne D. Swann wrote on 12/08/2008 08:16 ET
Post by Shayne D. Swann
Im looking for a way to search a sam account name attribute in all of m
domains trusted domains. I.E. when I search a name I want to search to b
performed on all of my trusted domains (even outside of my forest). I hav
had some luck with the following script however you still have to specify th
netbios domain name
Dim varArgument, arrParameters, adoCon, strConnection, adoR
varArgument = WScript.Arguments(0
arrParameters = Split(varArgument, &quot;&quot;
Set adoCon = CreateObject(&quot;ADODB.Connection&quot;
With adoCo
.Provider = &quot;ADsDSOObject&quot
.Open &quot;Active Directory Provider&quot
End Wit
strConnection = &quot;SELECT mail, displayName FROM 'LDAP://&quot; &amp
arrParameters(0) &amp; &quot;' WHERE objectClass='user' AN
objectCategory='Person
AND samAccountName ='&quot; &amp; arrParameters(1) &amp; &quot;'&quot
Set adoRS = adoCon.Execute(strConnection
If Not adoRS.EOF The
Wscript.Echo varArgument &amp; &quot; is &quot; &amp
adoRS.Fields(&quot;displayName&quot;
&amp; vbCrLf &amp; &quot;Email address is &quot; &amp
adoRS.Fields(&quot;mail&quot;
Els
Wscript.Echo varArgument &amp; &quot; was not found in AD.&quot
End I
End I
Set adoRS = Nothin
Set adoCon = Nothin
For common attributes it is much easier to just use the Global Catalog. To us
the global catalog simply replace the LDAP:// with GC:// and it will searc
across all trusted domains in the forrest.

Loading...