Ask:
Hello, Scripting Guy! How do I determine the user logon name of a user named John Smith?
--FR
For:
Hello, FR. You know, we'd love to tell you how to determine the user login name for a user named John Smith, but we can't do this: because we have a specific list of names in one of our sample scripts that indicates the username we can only reference. Unfortunately, John Smith is not in the list, so we can't use his name.
Yes, we don't feel comfortable about it, but there's nothing we can do about it. But tell you this: How about a script that identifies the user login name of a user named Ken Myer? Yes, we know: it's really different, isn't it? But that's the best we can do:
On Error Resume Next
Const Ads_scope_subtree = 2
Set objconnection = CreateObject ("ADODB. Connection ")
Set objcommand = CreateObject ("Adodb.command")
Objconnection.provider = "Adsdsoobject"
Objconnection.open "Active Directory Provider"
Set objcommand.activeconnection = objconnection
Objcommand.commandtext = _
"Select sAMAccountName from ' ldap://dc=fabrikam,dc=com ' WHERE objectcategory= ' user '" & _
"and Givenname= ' Ken ' and sn= ' Myer '"
Set objRecordSet = Objcommand.execute
Objrecordset.movefirst
Do Until objrecordset.eof
WScript.Echo Objrecordset.fields ("sAMAccountName"). Value
Objrecordset.movenext
Loop
As you may have discovered, this is a script for searching Active Directory. We are not going to explain each line of code used in this script one by one, which can take too much time. If you are unfamiliar with Active Directory search scripts, we recommend that you take a look at our two "Scripting Stories" series Dude:where's My Printer? All the strange things you see in this script-Adsdsoobject, Ds_scope_subtree, Adodb.command-are explained in detail in both columns.
However, we will point out several things about the query that is used to search. When writing a script to search Active Directory, perhaps the hardest part is knowing the name of the property to search for. For example, the user login name you mentioned. We know what the user login means, and you know what the user login means, but Active Directory doesn't know what the user's login name is. Active Directory will instead call sAMAccountName. (Note: Although the case of letters does not matter, we will write this property name sAMAccountName simply because it is the official name of the attribute.) Thus, the SQL query retrieves the sAMAccountName of the specified user.
So how do you specify the user? Well, we're looking for Active Directory objects that meet the following three criteria:
• is a user account. In order to limit the data returned to a user account, we search for an item that objectcategory equals user.
• The name is Ken. Of course, Active Directory doesn't know what a "name" is. Therefore, we need to search givenname for Ken's users.
• Last Name is Myer. As you might expect, Active Directory has never heard of the word "last name." Therefore, we need to search for Sn (surname) Myer instead.
Add all the above conditions and the query will end up as follows:
Objcommand.commandtext = _
"Select sAMAccountName from ' ldap://dc=fabrikam,dc=com ' WHERE objectcategory= ' user '" & _
"and Givenname= ' Ken ' and sn= ' Myer '"
The rest is easy. To execute this query, Active Directory will return a recordset consisting of all users givename and SN Myer. Then, set a Do Until loop to traverse the recordset and echo each user's sAMAccountName. (Ideally, there is only one Ken Myer in Active Directory, but there may actually be more than one user with the same name.) In this case, sAMAccountName will be a different factor, because samAccountNames must be unique. )
Do you understand something? Well, look (don't tell anyone we did), take the script you just introduced, replace Ken with John, replace Myer with Smith, and you'll get a script to search for a user named John Smith. But it's just between you and us, okay? Good
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.