Below is a VBScript I wrote that lists all users by the distinguishedname attribute across a forest trust.
If you search through all users using a while statement as per:
http://clintboessen.blogspot.com/2010/10/how-to-find-locked-out-user-accounts.html
It does not work cross forest!  The below script does:
' Active Directory Const's
Const ADS_SCOPE_SUBTREE = 2
Set rootDSE = GetObject("LDAP://rootDSE")
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADSDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
objCommand.CommandText = "SELECT * FROM 'LDAP://stirling/dc=stirling' WHERE objectCategory='user'"
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
Set objType = GetObject(objRecordSet.Fields("ADsPath").Value)
strDistinguishedName = objType.distinguishedName
wscript.echo strDistinguishedName
objRecordSet.MoveNext
Loop
No comments:
Post a Comment