Searching for Users in Active Directory Using VBScript
This article outlines two methods for retrieving a list of users from Active Directory with VBScript. The examples leverage ADO (ActiveX Data Objects) connection objects and record sets.
The only difference between the two methods is the syntax of the search query. The first script uses SQL syntax. The second uses LDAP search filter syntax, which although somewhat more confusing, supports more complex search queries.
The sample scripts perform a subtree search against an Active Directory domain, displaying the userid (sAMAccountName) of all users that have either a first name (givenName) or last name (sn) matching the text provided as a command line argument. For example, assuming the code is saved in a file named search.vbs, the following command would search for all users with a first or last name of Miles:
cscript.exe search.vbs miles
Wilcards can also be used in the search queries. For example:
cscript.exe search.vbs mil*
It is assumed that the scripts will execute from a computer that is a member of the Active Directory domain to be searched. However, as the user running the code may not have permission to query the directory, a provision has been made to include the credentials of a privileged user. You will therefore need to modify the value of the USERNAME and
Additional information and examples an be found at MSDN.
An example script using SQL syntax. The highlighted lines can be removed if the script will run under an account with permission to query Active Directory.
Const ADS_SCOPE_SUBTREE = 2
' Remove next 2 lines if not required
Const USERNAME = "domain\administrator"
Const PASSWORD = "password"
Set oArgs = WScript.Arguments
If oArgs.Count = 0 Then
WScript.Echo "Must provide a search string."
WScript.Quit
Else
sTerm = oArgs.Item(0)
End If
Set oConnection = CreateObject("ADODB.Connection")
oConnection.Provider = "ADsDSOObject"
' Remove next 3 lines if not required
oConnection.Properties("User ID") = USERNAME
oConnection.Properties("Password") = PASSWORD
oConnection.Properties("Encrypt Password") = False
oConnection.Open "Active Directory Provider"
Set oCommand = CreateObject("ADODB.Command")
oCommand.ActiveConnection = oConnection
Set oRootDSE = GetObject("LDAP://RootDSE")
sDomain = oRootDSE.Get("defaultNamingContext")
sSearchSubQuery = "givenName='" & sTerm & "' OR sn='" & sTerm & "'"
oCommand.CommandText = "SELECT sAMAccountName FROM 'LDAP://" & sDomain & "' WHERE objectClass='user' AND " & sSearchSubQuery
oCommand.Properties("Page Size") = 1000
oCommand.Properties("Timeout") = 600
oCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set oRecordSet = oCommand.Execute
WScript.Echo "Total users found: " & oRecordSet.RecordCount
While Not (oRecordSet.BOF Or oRecordSet.EOF)
WScript.Echo oRecordSet.Fields("sAMAccountName").Value
oRecordSet.MoveNext
Wend
An example script using LDAP syntax. Lines 31 and 32 have been highlighted to clearly show the difference in search filter syntax from the previous script.
Const ADS_SCOPE_SUBTREE = 2
' Remove next 2 lines if not required
Const USERNAME = "domain\administrator"
Const PASSWORD = "password"
Set oArgs = WScript.Arguments
If oArgs.Count = 0 Then
WScript.Echo "Must provide a search string."
WScript.Quit
Else
sTerm = oArgs.Item(0)
End If
Set oConnection = CreateObject("ADODB.Connection")
oConnection.Provider = "ADsDSOObject"
' Remove next 3 lines if not required
oConnection.Properties("User ID") = USERNAME
oConnection.Properties("Password") = PASSWORD
oConnection.Properties("Encrypt Password") = False
oConnection.Open "Active Directory Provider"
Set oCommand = CreateObject("ADODB.Command")
oCommand.ActiveConnection = oConnection
Set oRootDSE = GetObject("LDAP://RootDSE")
sDomain = oRootDSE.Get("defaultNamingContext")
sSearchSubQuery = "(|(givenName=" & sTerm & ")(sn=" & sTerm & "))"
oCommand.CommandText = "<LDAP://" & sDomain & ">;(&(objectclass=user)" & sSearchSubQuery & ");sAMAccountName;subTree"
oCommand.Properties("Page Size") = 1000
oCommand.Properties("Timeout") = 600
Set oRecordSet = oCommand.Execute
WScript.Echo "Total users found: " & oRecordSet.RecordCount
While Not (oRecordSet.BOF Or oRecordSet.EOF)
WScript.Echo oRecordSet.Fields("sAMAccountName").Value
oRecordSet.MoveNext
Wend