Program to use ADO to query Active Directory for objects meeting specified filter criteria and display the values of specified attributes of the objects found. The program first prompts for the base of the search, which must be the Distinguished Name of a container, organizational unit, or the domain. If you enter nothing, the program will default to search the entire domain. Next the program prompts for the LDAP syntax filter to be used. For example, to retrieve information on all user objects in Active Directory you would enter:

(&(objectCategory=person)(objectClass=user))

Finally, the program prompts for a comma delimited list of attribute values to retrieve. You must specify the LDAP Display Names of the attributes. Operational attributes cannot be retrieved. The program always retrieves the Distinguished Names of the objects and displays this value first. For each object that meets the filter criteria in the base of the search, the program outputs the values of all of the attributes requested. The scope of the query is always subtree, so that the search includes all child OU's and Containers of the base.

The program is designed to be run at a command prompt with the cscript host. The output can be redirected to a text file. If you want the program to output in a comma delimited format that can be read by a spreadsheet program, specify the optional parameter /csv. If you do not use /csv, the program outputs each attribute value on separate lines. If you use /csv, multi-valued attributes are documented with the values delimited by semicolons.

Just about all attributes, other than operational ones, can be retrieved. All Integer8 attributes (like pwdLastSet, lastLogon, or lockoutTime) are converted into Long integer values. If the value is large enough to correspond to a date (after about April 4, 1981), the equivalent date value in the local time zone is shown in parentheses. All SID and OctetString attributes are converted into hex strings. If any attribute is not assigned a value, this is indicated in the output.

No attempt is made to validate the values supplied the user. An error will be raised if the base of the query is not a valid Distinguished Name of a container, if the filter syntax is incorrect, or if any attribute names are invalid.

GenericADO.txt <<-- Click here to view or download the program