Windows Server Hacks: Search for Domain Users
Written expressly for system administrators, this
book offers tips and techniques that go beyond the
basic management tasks. The hack shown here will
show you how to programmatically search for a user
in a mixed Windows NT/2000 environment.
Author: Mitch Tulloch
ISBN: 0-596-00647-0
Posted with permission of O'Reilly. Click here
for a detailed description and to learn how
to purchase this title.
Hack #25: Search for Domain Users
Programmatically search for a user in a mixed Windows NT/2000 environment.
If you are in the process of migrating from Windows NT to Windows 2000, you can certainly appreciate the search capabilities provided in Active Directory administrative tools. At the same time, more than ever, you suffer from its absence in the User Manager. This issue becomes especially acute in environments where there is no consistent naming convention or when the naming convention happened to change several times over years. The sorting feature might help, but only provided that a person responsible for creating accounts entered the full name correctly and in the same format. Misspellings or using diminutives and nicknames are other frequent causes of confusion. Your search becomes considerably more time consuming if you manage multiple domains with different naming conventions.
To resolve a problem, you can employ a couple of approaches. The first one involves exporting a user list, along with each user's properties, into a comma-delimited file or a database (e.g., Access or SQL). The main drawback of this solution is the need for regular updates of the exported list. The second drawback, which eliminates the need for maintenance, is using an ADSI-based script.
This approach is shown in the script that follows.
The Code
The script allows searches against multiple domains. In order to accomplish this, you need to provide as the second input argument the list of domains (individual names need to be separated by semicolons). The first argument of the script is the part of the username (of any length) that you want to match against account names. Type the script into Notepad (with Word Wrap disabled) and save it with a .vbs extension as FindUser.vbs:
'***************************************************************'*** The script searches for a username in one on more domains by'*** looking for a match on the string of characters you specify.'***'*** The syntax:'*** cscript //nologo FindUser.vbs string dom1[;dom2]'*** where string is used to match against the username'*** dom1;dom2 is the semicolon separated list of one or'*** more domains to search (no limit on number of entries)'***************************************************************'*** variable declarationDim sName 'string to match againstDim sDom 'string storing list of domainsDim aDom 'array storing list of domainsDim iCount 'counter variableDim oDomain 'object representing domainDim oUser 'object representing user accountDim sLine 'string containing results of the search'***************************************************************'*** variable initializationsName = Wscript.Arguments(0)sDom = Wscript.Arguments(1)aDom = Split(sDom, ";")'***************************************************************'*** search for matches in the loopFor iCount=0 To UBound(aDom)Set oDomain = GetObject("WinNT://" & aDom(iCount))oDomain.Filter = Array("user")For Each oUser in oDomainIf InStr(1, oUser.name, sName, 1) > 0 ThensLine = oDomain.Name & "\" & oUser.Name & ";"SLine = sLine & oUser.Description & ";"SLine = sLine & OUser.FullName & ";"WScript.Echo sLineEnd IfNextNext
Running the Hack
When you run FindUser.vbs using Cscript.exe in a command-prompt window, you can easily find the full name and domain for a user, given his username. For example, when I search to see if the username bsmith is present in the MTIT domain, I find that user BobSmith is assigned that username (Figure 3-1).
Figure 3-1. Using FindUser.vbs to check whether username bsmith is already used.
—Marcin Policht
More Windows Server Hacks
• Hack #49: Determine Who Has a Particular File Open on the Network
• Hack #76: Find Computers with Automatic Logon Enabled
O'Reilly
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
