Jak zawsze zapomnialem ze pole memberOf nie uwzględnia primary group. Ponizej znajduję się poprawiony skrypt:
ON ERROR RESUME NEXT
Const ADS_PROPERTY_APPEND = 3
Const ADS_PROPERTY_CLEAR = 1
i=0
Set adoConnection = CreateObject("ADODB.Connection")
adoConnection.Provider = "ADsDSOObject"
adoConnection.Open ""
If adoConnection.State <> 1 Then
Wscript.echo "Creating ADO connection: Authentication Failed."
else
Wscript.echo "connection opened: "&adoConnection.state&vbCrLf
End If
'prepare command to execute
Set adoCmd = CreateObject("ADODB.Command")
Set adoCmd.ActiveConnection = adoConnection
adoCmd.Properties("Page Size") = 4000
adoCmd.CommandText = "<LDAP://DC=pjwstk,DC=edu,DC=pl>;(ObjectCategory=Group);ADsPath,msSFU30Name;SubTree"
'execute query
Set adoRecordset = adoCmd.Execute
Wscript.echo adoRecordset.RecordCount & " records found."
Wscript.echo "debug err status: "&err.number
'clear all groups from users
While Not adoRecordset.EOF
If not isNull(adoRecordset.Fields("msSFU30Name").Value) then
Wscript.echo adoRecordset.Fields("ADsPath").Value
Set objGroupPosix = GetObject (adoRecordset.Fields("ADsPath").Value)
objGroupPosix.GetInfo
objGroupPosix.PutEx ADS_PROPERTY_CLEAR, "msSFU30PosixMember", 0
objGroupPosix.SetInfo
end if
adoRecordset.MoveNext
Wend
adoCmd.CommandText = "<LDAP://DC=pjwstk,DC=edu,DC=pl>;(ObjectCategory=User);distinguishedName,msSFU30NISDomain,Name;SubTree"
'execute query
Set adoRecordset = adoCmd.Execute
Wscript.echo adoRecordset.RecordCount & " records found."
Wscript.echo "debug err status: "&err.number
i=0
While Not adoRecordset.EOF
if not isNull( adoRecordset.Fields("msSFU30NISDomain").Value ) then
strUserNTName=adoRecordset.Fields("Name").Value
strUserNTDN=adoRecordset.Fields("distinguishedName").Value
valid=1
wscript.echo strUserNTName&" "&i
'loop throught user by strUserNTName
Dim objUserWinNT, intGroupID, strFilter, strAttributes, objRootDSE
Dim strDNSDomain, objConnection, objCommand, strQuery, objRecordSet
Dim intGroupToken, strGroupName, strUserNTName, objGroup
' Bind to the user object with the WinNT provider.
Set objUserWinNT = GetObject("WinNT://PJWSTK/" & strUserNTName & ",user")
If Err.Number <> 0 Then
valid=0
Err.Number=0
End If
if (valid=1) then
' Search for groups the user is a member of.
strFilter = "(|"
For Each objGroup in objUserWinNT.Groups
strFilter = strFilter & "(sAMAccountName=" & objGroup.name & ")"
Next
strFilter = strFilter & ")"
strAttributes = "sAMAccountName,distinguishedName,msSFU30PosixMember"
' Determine DNS domain name from the RootDSE object.
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("defaultNamingContext")
' Use ADO to search Active Directory for the groups.
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
strQuery = "<LDAP://" & strDNSDomain & ">;" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 100
objCommand.Properties("Timeout") = 30
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
If objRecordSet.EOF Then
Wscript.Echo "No Primary Group found"
objConnection.Close
Set objUserWinNT = Nothing
Set objRootDSE = Nothing
Set objConnection = Nothing
Set objCommand = Nothing
Set objRecordSet = Nothing
End If
' Enumerate the groups the user is a member of
Do Until objRecordSet.EOF
Set objGroupPosix = GetObject("LDAP://"&objRecordSet.Fields("distinguishedName"))
objGroupPosix.GetInfo
if (objGroupPosix.msSFU30Name<>"") then
objGroupPosix.PutEx ADS_PROPERTY_APPEND, "msSFU30PosixMember",Array(strUserNTDN)
objGroupPosix.SetInfo
end if
objRecordSet.MoveNext
Loop
' Clean up.
objConnection.Close
Set objUserWinNT = Nothing
Set objRootDSE = Nothing
Set objConnection = Nothing
Set objCommand = Nothing
Set objRecordSet = Nothing
i = i+1
end if
end if
adoRecordset.MoveNext
Wend
Wscript.echo i