Need Help Refining Script

I'm very new to VBScript. I have a need to list out the employee name and
account name for each user within a specific AD container. The following
link is to an article about a script that I used to get me started.

http://www.microsoft.com/technet/scriptcenter/resources/qanda/aug07/hey0802.mspx

I modified the script only slightly. Specifically, I removed the date
variables, modified the SELECT statement to return the sAMAccountName and
displayName, and to refer to my AD container and tree, and finally I
modified the output in from the Do Until loop. Here is my existing script
(with generic domain info):

***** Start *****
On Error Resume Next

Const ADS_SCOPE_SUBTREE = 2

Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection

objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE

objCommand.CommandText = _
"SELECT sAMAccountName, displayName FROM
'LDAP://ou=sales,dc=mycompany,dc=com' WHERE objectClass='user' "
Set objRecordSet = objCommand.Execute

objRecordSet.MoveFirst

Do Until objRecordSet.EOF
Wscript.Echo objRecordSet.Fields("sAMAccountName").Value,
objRecordSet.Fields("displayName").Value
objRecordSet.MoveNext
Loop
***** End *****

The only problem is that the script seems to be returning machine accounts
in the results. I though that the objectClass='user' portion of the SELECT
statement would filter out all the noise and leave only the user accounts in
the results set.

Below is an example of the results. The first 3 lines are user accounts and
the last 3 are machine names.

az1853 Bopp, Betty
az2755 Baggins, Bilbo
az8541 Vader, Darth
SALES20$ null
SALES57$ null
SALES58$ null

Can someone tell me why the script is picking up more than just user
accounts?

--Tom

Richard
Fri Sep 07 13:27:19 PDT 2007

Computer objects also have objectClass "user". The objectClass attribute is
multivalued so for computers objectClass =
"user,computer,top,organizationPerson,person". Computers authenticate the
same as users, so they need similar attributes. The proper filter for user
objects would be:

WHERE objectCategory = 'person' AND objectClass = 'user'

This also avoids contact objects. Try:

objCommand.CommandText = "SELECT sAMAccountName, displayName " _
& "FROM 'LDAP://ou=sales,dc=mycompany,dc=com' " _
& "WHERE objectCategory = 'person' AND objectClass = 'user'"

For more on using ADO to retrieve information from AD see this link:

http://www.rlmueller.net/ADOSearchTips.htm

--
Richard Mueller
Microsoft MVP Scripting and ADSI
Hilltop Lab - http://www.rlmueller.net
--

"Thomas M." <NoEmailReplies@Please.com> wrote in message
news:eCjFIZX8HHA.600@TK2MSFTNGP05.phx.gbl...
> I'm very new to VBScript. I have a need to list out the employee name and
> account name for each user within a specific AD container. The following
> link is to an article about a script that I used to get me started.
>
> http://www.microsoft.com/technet/scriptcenter/resources/qanda/aug07/hey0802.mspx
>
> I modified the script only slightly. Specifically, I removed the date
> variables, modified the SELECT statement to return the sAMAccountName and
> displayName, and to refer to my AD container and tree, and finally I
> modified the output in from the Do Until loop. Here is my existing script
> (with generic domain info):
>
> ***** Start *****
> On Error Resume Next
>
> Const ADS_SCOPE_SUBTREE = 2
>
> Set objConnection = CreateObject("ADODB.Connection")
> Set objCommand = CreateObject("ADODB.Command")
> objConnection.Provider = "ADsDSOObject"
> objConnection.Open "Active Directory Provider"
> Set objCommand.ActiveConnection = objConnection
>
> objCommand.Properties("Page Size") = 1000
> objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
>
> objCommand.CommandText = _
> "SELECT sAMAccountName, displayName FROM
> 'LDAP://ou=sales,dc=mycompany,dc=com' WHERE objectClass='user' "
> Set objRecordSet = objCommand.Execute
>
> objRecordSet.MoveFirst
>
> Do Until objRecordSet.EOF
> Wscript.Echo objRecordSet.Fields("sAMAccountName").Value,
> objRecordSet.Fields("displayName").Value
> objRecordSet.MoveNext
> Loop
> ***** End *****
>
> The only problem is that the script seems to be returning machine accounts
> in the results. I though that the objectClass='user' portion of the
> SELECT statement would filter out all the noise and leave only the user
> accounts in the results set.
>
> Below is an example of the results. The first 3 lines are user accounts
> and the last 3 are machine names.
>
> az1853 Bopp, Betty
> az2755 Baggins, Bilbo
> az8541 Vader, Darth
> SALES20$ null
> SALES57$ null
> SALES58$ null
>
> Can someone tell me why the script is picking up more than just user
> accounts?
>
> --Tom
>

Thomas
Fri Sep 07 16:34:44 PDT 2007

Thanks for the information! You're solution worked.

--Tom

"Richard Mueller [MVP]" <rlmueller-nospam@ameritech.nospam.net> wrote in
message news:OnKAE2Y8HHA.3940@TK2MSFTNGP05.phx.gbl...
> Computer objects also have objectClass "user". The objectClass attribute
> is multivalued so for computers objectClass =
> "user,computer,top,organizationPerson,person". Computers authenticate the
> same as users, so they need similar attributes. The proper filter for user
> objects would be:
>
> WHERE objectCategory = 'person' AND objectClass = 'user'
>
> This also avoids contact objects. Try:
>
> objCommand.CommandText = "SELECT sAMAccountName, displayName " _
> & "FROM 'LDAP://ou=sales,dc=mycompany,dc=com' " _
> & "WHERE objectCategory = 'person' AND objectClass = 'user'"
>
> For more on using ADO to retrieve information from AD see this link:
>
> http://www.rlmueller.net/ADOSearchTips.htm
>
> --
> Richard Mueller
> Microsoft MVP Scripting and ADSI
> Hilltop Lab - http://www.rlmueller.net
> --
>
> "Thomas M." <NoEmailReplies@Please.com> wrote in message
> news:eCjFIZX8HHA.600@TK2MSFTNGP05.phx.gbl...
>> I'm very new to VBScript. I have a need to list out the employee name
>> and account name for each user within a specific AD container. The
>> following link is to an article about a script that I used to get me
>> started.
>>
>> http://www.microsoft.com/technet/scriptcenter/resources/qanda/aug07/hey0802.mspx
>>
>> I modified the script only slightly. Specifically, I removed the date
>> variables, modified the SELECT statement to return the sAMAccountName and
>> displayName, and to refer to my AD container and tree, and finally I
>> modified the output in from the Do Until loop. Here is my existing
>> script (with generic domain info):
>>
>> ***** Start *****
>> On Error Resume Next
>>
>> Const ADS_SCOPE_SUBTREE = 2
>>
>> Set objConnection = CreateObject("ADODB.Connection")
>> Set objCommand = CreateObject("ADODB.Command")
>> objConnection.Provider = "ADsDSOObject"
>> objConnection.Open "Active Directory Provider"
>> Set objCommand.ActiveConnection = objConnection
>>
>> objCommand.Properties("Page Size") = 1000
>> objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
>>
>> objCommand.CommandText = _
>> "SELECT sAMAccountName, displayName FROM
>> 'LDAP://ou=sales,dc=mycompany,dc=com' WHERE objectClass='user' "
>> Set objRecordSet = objCommand.Execute
>>
>> objRecordSet.MoveFirst
>>
>> Do Until objRecordSet.EOF
>> Wscript.Echo objRecordSet.Fields("sAMAccountName").Value,
>> objRecordSet.Fields("displayName").Value
>> objRecordSet.MoveNext
>> Loop
>> ***** End *****
>>
>> The only problem is that the script seems to be returning machine
>> accounts in the results. I though that the objectClass='user' portion of
>> the SELECT statement would filter out all the noise and leave only the
>> user accounts in the results set.
>>
>> Below is an example of the results. The first 3 lines are user accounts
>> and the last 3 are machine names.
>>
>> az1853 Bopp, Betty
>> az2755 Baggins, Bilbo
>> az8541 Vader, Darth
>> SALES20$ null
>> SALES57$ null
>> SALES58$ null
>>
>> Can someone tell me why the script is picking up more than just user
>> accounts?
>>
>> --Tom
>>
>
>