You want to view one or more attributes of an object.
Open LDP.
From the menu, select Connection Connect.
For Server, enter the name of a domain controller or domain that contains the object.
For Port, enter 389.
Click OK.
From the menu, select Connection Bind.
Enter credentials of a user that can view the object (if necessary).
Click OK.
From the menu, select View Tree.
For BaseDN, type the DN of the object you want to view.
For Scope, select Base.
Click OK.
> dsquery * "<ObjectDN>" -scope base -attr *
For Windows 2000, use this command:
> enumprop "LDAP://<ObjectDN>"
' This code prints all attributes for the specified object. ' ------ SCRIPT CONFIGURATION ------ strObjectDN = "<ObjectDN>" ' e.g. cn=jsmith,cn=users,dc=rallencorp,dc=com ' ------ END CONFIGURATION --------- DisplayAttributes("LDAP://" & strObjectDN) Function DisplayAttributes( strObjectADsPath ) set objObject = GetObject(strObjectADsPath) objObject.GetInfo 'Declare the hash (dictionary), constants and variables 'Values taken from ADSTYPEENUM set dicADsType = CreateObject("Scripting.Dictionary") dicADsType.Add 0, "INVALID" dicADsType.Add 1, "DN_STRING" dicADsType.Add 2, "CASE_EXACT_STRING" dicADsType.Add 3, "CASE_IGNORE_STRING" dicADsType.Add 4, "PRINTABLE_STRING" dicADsType.Add 5, "NUMERIC_STRING" dicADsType.Add 6, "BOOLEAN" dicADsType.Add 7, "INTEGER" dicADsType.Add 8, "OCTET_STRING" dicADsType.Add 9, "UTC_TIME" dicADsType.Add 10, "LARGE_INTEGER" dicADsType.Add 11, "PROV_SPECIFIC" dicADsType.Add 12, "OBJECT_CLASS" dicADsType.Add 13, "CASEIGNORE_LIST" dicADsType.Add 14, "OCTET_LIST" dicADsType.Add 15, "PATH" dicADsType.Add 16, "POSTALADDRESS" dicADsType.Add 17, "TIMESTAMP" dicADsType.Add 18, "BACKLINK" dicADsType.Add 19, "TYPEDNAME" dicADsType.Add 20, "HOLD" dicADsType.Add 21, "NETADDRESS" dicADsType.Add 22, "REPLICAPOINTER" dicADsType.Add 23, "FAXNUMBER" dicADsType.Add 24, "EMAIL" dicADsType.Add 25, "NT_SECURITY_DESCRIPTOR" dicADsType.Add 26, "UNKNOWN" dicADsType.Add 27, "DN_WITH_BINARY" dicADsType.Add 28, "DN_WITH_STRING" for intIndex = 0 To (objObject.PropertyCount - 1) set objPropEntry = objObject.Item(intIndex) for Each objPropValue In objPropEntry.Values value = "" if (dicADsType(objPropValue.ADsType) = "DN_STRING") then value = objPropValue.DNString elseIf (dicADsType(objPropValue.ADsType) = "CASE_EXACT_STRING") then value = objPropValue.CaseExactString elseIf (dicADsType(objPropValue.ADsType) = "CASE_IGNORE_STRING") then value = objPropValue.CaseIgnoreString elseIf (dicADsType(objPropValue.ADsType) = "PRINTABLE_STRING") then value = objPropValue.PrintableString elseIf (dicADsType(objPropValue.ADsType) = "NUMERIC_STRING") then value = objPropValue.NumericString elseIf (dicADsType(objPropValue.ADsType) = "BOOLEAN") then value = CStr(objPropValue.Boolean) elseIf (dicADsType(objPropValue.ADsType) = "INTEGER") then value = objPropValue.Integer elseIf (dicADsType(objPropValue.ADsType) = "LARGE_INTEGER") then set objLargeInt = objPropValue.LargeInteger value = objLargeInt.HighPart * 2^32 + objLargeInt.LowPart elseIf (dicADsType(objPropValue.ADsType) = "UTC_TIME") then value = objPropValue.UTCTime else value = "<" & dicADsType.Item(objPropEntry.ADsType) & ">" end if WScript.Echo objPropEntry.Name & " : " & value next next End Function
Objects in Active Directory are made up of a collection of attributes. Attributes can be single- or multivalued. Each attribute also has an associated syntax that is defined in the schema. See Recipe 10.7 for a complete list of syntaxes.
You can customize the list of attributes returned from a search with LDP by modifying the Attributes: field under Options Search. To include all attributes enter *. For a subset enter a semicolon-separated list of attributes.
The -attr option for the dsquery command accepts a whitespace-separated list of attributes to display. Using a * will return all attributes.
For the enumprop command, you can use the /ATTR option and a comma-separated list of attributes to return. In the following example, only the name and whenCreated attributes would be returned:
> enumprop /ATTR:name,whenCreated "LDAP://<ObjectDN>"
The DisplayAttributes function prints the attributes that contain values for the object passed in. After using GetObject to bind to the object, I used the IADs::GetInfo method to populate the local property cache with all of the object's attributes from AD. In order to print each value of a property, I have to know its type or syntax. The ADsType method returns an integer from the ADSTYPEENUM enumeration that corresponds with a particular syntax (e.g., boolean). Based on the syntax, I call a specific method (e.g., Boolean) that can properly print the value. If I didn't incorporate this logic and tried to print all values using the CaseIgnoreString method for example, an error would get generated when the script encountered an octet string because octet strings (i.e., binary data) do not have a CaseIgnoreString representation.
I stored the values from the ADSTYPEENUM enumeration in key/value pairs in a dictionary object (i.e., Scripting.Dictionary). In the dictionary object, the key for the dictionary is the ADSTYPEENUM integer, and the value is a textual version of the syntax. I used the dictionary object so I could print the textual syntax of each attribute. I iterated over all the properties in the property cache using IADsPropertyList and IADsPropertyEntry objects, which are instantiated with the IADsPropertyList::Item method.
|
Chapter 19, IADs and the Property Cache, from Active Directory, Second Edition, MSDN: IADsPropertyEntry, MSDN: IADsPropertyList, MSDN: ADSTYPEENUM, and MSDN: IADs::GetInfo