Through ldap unable to read members of the domain admin group from windows server 2012 vbscript

Question

0.00/5 (No votes)

See more:

, +

trying to read domain admin group members through vbscript but unable to read.
throwing error on user server.
object not a collection

but working in my local test windows server 2012:

please any suggestion please:

using below script

What I have tried:

Option Explicit 
 
 
 
'Get all member of a group INCLUDING members from ALL NESTED groups. 
'Simply call the script with the samAccountName of the group. 
'If the group name contains spaces it should be ENCLOSED IN QUOTES,  
'IE scriptName.vbs "DOMAIN ADMINS" 
 
Dim objGroup 
 
 
'VERIFY A GROUP NAME WAS PASSED 
If wscript.arguments.count <> 1 Then 
  wscript.echo "NO GROUP PASSED" 
  wscript.echo "Usage:  scriptName <groupSamAccountName>" 
  wscript.quit 
End If 
 
 
'BIND TO THE GORUP   
Set objGroup = getGroup(wscript.Arguments(0)) 
 
 
'ENUMERATE THE GROUPS MEMBERS 
enumMembers objGroup, "" 
 
     
 
Function getGroup(strGroupName) 
  Dim objConn, objRecSet, strQueryString, objRootDSE, strQueryFrom 
  Const adsOpenStatic = 3 
 
 
   Set objRootDSE = GetObject("LDAP://RootDSE") 
   strQueryFrom = "LDAP://" & objRootDSE.get("defaultNamingContext") 
 
   Set objConn = wscript.CreateObject("ADODB.Connection") 
   objConn.Provider = "ADsDSOObject" 
   objConn.Open 
 
   strQueryString = "SELECT AdsPath FROM '" & strQueryFrom & "' " & _  
            "WHERE samAccountName = '" & strGroupName & "'" 
 
   Set objRecSet = wscript.CreateObject("ADODB.Recordset") 
 
   objRecSet.Open strQueryString, objConn, adsOpenStatic 
 
    If objRecSet.recordCount = 1 Then 
      Set getGroup = GetObject(objRecSet("AdsPath")) 
    Else 
      wscript.echo ucase(strGroupName) & " was not found in the domain. _ 
          (" & objRootDSE.get("defaultNamingContext") & ")" 
      wscript.quit 
    End If 
End Function 
 
 
Sub enumMembers(byRef objGroup, strInheritedFrom) 
 Dim objMember 
 
   For Each objMember In objGroup.Members 
     If lcase(objMember.class) = "group" Then 
     enumMembers objMember, objMember.samAccountName 
   Else 
     If objMember.displayname <> "" Then 
       If strInheritedFrom = "" Then 
         wscript.echo objMember.displayname 
       Else 
         wscript.echo objMember.displayname & " (From NESTED GROUP:  " & _ 
             strInheritedFrom & ")" 
      End If 
    Else 
       If strInheritedFrom = "" Then  
        wscript.echo objMember.samAccountName 
     Else 
       wscript.echo objMember.samAccountName & " (From NESTED GROUP:  " & _ 
           strInheritedFrom & ")" 
     End If 
   End If 
 End If 
 
 Next 
End Sub

Posted 13-Jul-18 1:36am

lakshjoshi

Updated 15-Jul-18 21:35pm

v3

Add a Solution

Comments

CHill60 13-Jul-18 9:04am

You probably don't have permissions to access that group information

lakshjoshi 13-Jul-18 9:40am

user is having domain admin rights.
[DEBUG]{3} Current user pn-es491 has correct rights DA or EA.
[DEBUG]{3} ISCorrectRights True

and user is part of domain admin group

i checked that one

CHill60 13-Jul-18 10:03am

When things work on one server but not on another it does usually boil down to permissions - are they running your script "As Administrator" as well?

lakshjoshi 13-Jul-18 10:16am

yes:)
he opened command prompt as administrator
and ran the script.
and he is running it from member server.
and he is able to reach to domain.
and another thing is same issue with all member servers.

lakshjoshi 16-Jul-18 6:14am

Option Explicit

'Get all member of a group INCLUDING members from ALL NESTED groups.
'Simply call the script with the samAccountName of the group.
'If the group name contains spaces it should be ENCLOSED IN QUOTES,
'IE scriptName.vbs "DOMAIN ADMINS"

Dim objGroup

'VERIFY A GROUP NAME WAS PASSED
If wscript.arguments.count <> 1 Then
wscript.echo "NO GROUP PASSED"
wscript.echo "Usage: scriptName <groupsamaccountname>"
wscript.quit
End If

'BIND TO THE GORUP
Set objGroup = getGroup(wscript.Arguments(0))

'ENUMERATE THE GROUPS MEMBERS
enumMembers objGroup, ""

Function getGroup(strGroupName)
Dim objConn, objRecSet, strQueryString, objRootDSE, strQueryFrom
Const adsOpenStatic = 3

Set objRootDSE = GetObject("LDAP://RootDSE")
strQueryFrom = "LDAP://" & objRootDSE.get("defaultNamingContext")

Set objConn = wscript.CreateObject("ADODB.Connection")
objConn.Provider = "ADsDSOObject"
objConn.Open

strQueryString = "SELECT AdsPath FROM '" & strQueryFrom & "' " & _
"WHERE samAccountName = '" & strGroupName & "'"

Set objRecSet = wscript.CreateObject("ADODB.Recordset")

objRecSet.Open strQueryString, objConn, adsOpenStatic

If objRecSet.recordCount = 1 Then
Set getGroup = GetObject(objRecSet("AdsPath"))
Else
wscript.echo ucase(strGroupName) & " was not found in the domain. _
(" & objRootDSE.get("defaultNamingContext") & ")"
wscript.quit
End If
End Function

Sub enumMembers(byRef objGroup, strInheritedFrom)
Dim objMember

For Each objMember In objGroup.Members
If lcase(objMember.class) = "group" Then
enumMembers objMember, objMember.samAccountName
Else
If objMember.displayname <> "" Then
If strInheritedFrom = "" Then
wscript.echo objMember.displayname
Else
wscript.echo objMember.displayname & " (From NESTED GROUP: " & _
strInheritedFrom & ")"
End If
Else
If strInheritedFrom = "" Then
wscript.echo objMember.samAccountName
Else
wscript.echo objMember.samAccountName & " (From NESTED GROUP: " & _
strInheritedFrom & ")"
End If
End If
End If

Next
End Sub

i used this simple script this one also failing.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Through ldap unable to read members of the domain admin group from windows server 2012 vbscript

Add your solution here

Preview 0

Through ldap unable to read members of the domain admin group from windows server 2012 vbscript

Add your solution here

Preview 0

Existing Members

...or Join us