Hack 22 Display Active Directory Information

figs/moderate.gif figs/hack22.gif

Here are five sample scripts that can be used to display information about computers, domains, sites, and trusts in Active Directory.

Scripts are a quick way to drill down into Active Directory to display information you'd otherwise have to hunt for using the GUI. These five sample scripts can be used by themselves or as starting points for developing more sophisticated scripts. Just type them into Notepad (with Word Wrap turned off) and save them with a .vbs extension. Then, type cscript.exe scriptname.vbs to run them from a command prompt. Enjoy!

List All Computers in the Domain

The following VBScript retrieves a list of all computers in a given domain (or Active Directory container). Modify the Domain to your company's NT/2000 domain name or Active Directory container, and the list of registered computers will display:

Dim Container

Dim ContainerName

Dim Computer

ContainerName = "Domain"

Set Container = GetObject("WinNT://" & ContainerName)

Container.Filter = Array("Computer")

For Each Computer in Container

Response.Write Computer.Name & "<BR>"


Get a List of All Domains

This VBScript enumerates and lists all domains:

Dim NameSpace

Dim Domain

Set NameSpace = GetObject("WinNT:")

For Each Domain in NameSpace

Response.Write Domain.Name & "<BR>"


Get AD Site

This VBScript retrieves the name of the site to which the computer is assigned:

Set WshShell = Wscript.CreateObject("Wscript.Shell")

On Error Resume Next

Site = "Not Assigned"

Site = WshShell.RegRead( "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\" & _ 

"Services\Netlogon\Parameters\SiteName" )

If Err.Number=-2147024894 Then

Site = WshShell.RegRead( "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\" & _

"Services\Netlogon\Parameters\DynamicSiteName" )

End If

If Site = "Not Assigned" Then

WScript.Echo "This computer is not assigned to an Active Directory site."


WScript.Echo "This computer is assigned to Active Directory site: " & site

End If

Find a DC in a Site

Use this VBScript to verify that a specific domain controller (DC) exists in a site. Just replace the items in double quotes in the first two lines with your values:

strDcName = "DCName"

strSiteName = "SiteName"

Set objADSysInfo = CreateObject("ADSystemInfo")

strDcSiteName = objADSysInfo.GetDCSiteName(strDcName)

If UCase(strSiteName) = UCase(strDcSiteName) Then

WScript.Echo "TRUE: " & strDcName & " is in site " & strSiteName


WScript.Echo "FALSE: " & strDcName & " is NOT in site " & strSiteName

End If

List Trust Relationships

Use this script to enumerate the trust relationships for your domain and display the results:

strComputer = "."

Set objWMIService = GetObject("winmgmts:" _

& "{impersonationLevel=impersonate}!\\" & _

strComputer & "\root\MicrosoftActiveDirectory")

Set colTrustList = objWMIService.ExecQuery _

("Select * from Microsoft_DomainTrustStatus")

For each objTrust in colTrustList

Wscript.Echo objTrust.TrustedDomain

Wscript.Echo objTrust.TrustDirection

Wscript.Echo objTrust.TrustType

Wscript.Echo objTrust.TrustAttributes

Wscript.Echo objTrust.TrustedDCName

Wscript.Echo objTrust.TrustStatus

Wscript.Echo objTrust.TrustIsOK


?Rod Trent