Contents for Ezine 70 - GetEx and Split

Guy recommends:
VBScript Training Video on CD

Is your server running slowly? Check with SolarWinds ipMonitor

Get a free evaluation copy of ipMonitor

Contents for Ezine 70 - GetEx

This week's secret
This Weeks Two Missions
To Enumerate Group Membership with GetEx
To Split an LDAP String
Summary

This week’s secret

As far as scripting is concerned I am on the horns of a dilemma, do I give you the best script straight away, or do I build up in stages? In the end I decided to concentrate on one method in the first example, then tidy up with the second method in example two.

Recently, three readers reported that their VBscript failed mysteriously with a 'Join' Error error 800A00D. The common factors were:

a) Binding to Active Directory

b) Attempting to manipulate an attribute with multiple values.

c) Dealing with groups. The classic object properties that produces 'Join' errors is member or memberOf.

This week's scripts not only show you how to overcome the 'Join' error, but also introduce a useful scripting method - split. As the name suggests, split is handy for breaking a long string into sections. When you output LDAP queries, you often get a long string of cn=, when all you want is one element. In this case, the comma would be the most suitable delimiter or splitter.

While mid, left and right are handy for truncating text strings, split allows you to chop up a string based on a delimiter such as a comma or space rather than on a fixed number of characters.

^ˆ

This Week's Two Missions

1) To Enumerate Group Membership and 2) To Split LDAP Strings

Our first mission is to overcome a VBScript Join error 800A00D by employing the GetEx method. For example objUser.GetEx("memberOf"). As a by-product, the script also reviews how to display the groups a user is a member of.

Our second mission is fun but cosmetic, namely to improve the presentation of the script with split. For example, arrUser = Split(strUser, "," ). I am sure that you will find other opportunities to apply Split to LDAP Strings.

Example 1 to Enumerate Group Membership with GetEx

Instructions

Prerequisite you need active directory.
Edit circa Line 11 = strUser to reflect the name of your user.
I assume that the account you test is in the Users container. If your account is actually in an OU, then remember to use OU=myOrgUnit (not cn=myOrgUnit)
Copy and paste the script below into notepad.
Save the file with .vbs extension e.g. GetExGp.vbs
Double click and then check the message box to see your group membership.

' GetExGp.vbs
' VBscript to enumerate Group members of a user
' Author Guy Thomas http://computerperformance.co.uk/
' Version 2.5 - April 17th 2005
' ----------------------------------------------------------'
Option Explicit
Dim strUser, strMember, strDNSDomain, strTotal
Dim objUser, objRootDSE
Dim arrMemberOf, intGroup

' N.B. Get cn of user, not sAMAccountName
' If you user account is an OU then OU= not cn=
strUser = "cn=Guy Thomas,cn=users, "

' Bind to Active Directory'
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
Set objUser = GetObject ("LDAP://"& strUser & strDNSDomain)
objUser.getInfo

' Here is the heart of the mission, GetEx
' Note MemberOf not Member
arrMemberOf = objUser.GetEx("memberOf")

' Loop = For Each .... Next
' WScript.Echo "Groups " & strUser & " belongs to"
For Each strMember in arrMemberOf
intGroup = intGroup +1
Wscript.Echo strUser & " belongs to " & strMember
Next
Wscript.Echo strUser & " belongs to " & intGroup & " groups :" _
& vbCr & strTotal
Set strMember = Nothing

Wscript.Quit
' End of Script

Learning Points

Note 1: The key feature of this script is the .GetEx method. See how it employs memberOf rather than member,

Note 2: Observe the relative positions of the For Each loop and the WScript.echo.

Note 3: I particularly enjoyed adding the vbCr to display the groups in tabulated format.

If you are looking for handy network utilities, try some of the free downloads at Tools4Ever

Example 2 to Split an LDAP String

Without the Split function, the script will echo the full dn of the user. With the Split command the out put is reduced to the plain cn or common name. For example split reduces cn=Guy Thomas, cn=users, dc=cp, dc= com, to plain: cn=Guy Thomas. To improve the script I use the mid function to eliminate cn= and so leave just Guy Thomas.

Short syntax, Split(Expression, delimiter) in this case the splitter is a comma.

Full syntax Split(Expression, delimiter, count, compare)

Count means how many substrings do you want -1 means all substrings.

Compare has two values 0 (zero) means binary, where as 1 means text.

Instructions

Prerequisite you need active directory.
Edit circa Line 11 = strUser to reflect the name of your user.
I assume that the account you test is in the Users container. If your account is actually in an OU, then remember to use OU=myOrgUnit (not cn=myOrgUnit)
Copy and paste the script below into notepad.
Save the file with .vbs extension e.g. SplitGetEx.vbs
Double click and then check the message box to see your group membership.

' SplitGetEx.vbs
' VBscript to Demonstrate Split (and GetEx)
' Author Guy Thomas http://computerperformance.co.uk/
' Version 3.2 - April 17th 2005
' ----------------------------------------------------------'
Option Explicit
Dim strUser, strMember, strDNSDomain, strTotal
Dim objUser, objRootDSE
Dim arrMemberOf, arrUser, intGroup

' N.B. Get cn of user, not sAMAccountName
' If you user account is an OU then OU= not cn=
strUser = "cn=Guy Thomas,cn=users, "

On Error Resume next
' Bind to Active Directory'
Set objRootDSE = GetObject("LDAP://RootDSE")
strDNSDomain = objRootDSE.Get("DefaultNamingContext")
Set objUser = GetObject ("LDAP://"& strUser & strDNSDomain)
objUser.getInfo

' MemberOf not Member
arrMemberOf = objUser.GetEx("memberOf")

' Loop through each group with, For Each .... Next
     For Each strMember in arrMemberOf
     strTotal = strTotal & strMember & vbCr
     intGroup = intGroup +1
     Next

' Here is the point of this script: Split(strUser
strUser = Mid(strUser, 4, 330)
arrUser = Split(strUser, "," )

Wscript.Echo arrUser(0) & " belongs to " & intGroup & " groups :" _
& vbCr & strTotal

Set strMember = Nothing
Wscript.Quit

' End of example VBScript

Learning Points

Note 1: I designed this script to illustrate the Split method. In this instance the delimiter is a comma.

Note 2: The fuller syntax would be arrUser = Split(strUser, "," -1, 1) Where the extra -1 and 1 mean, display all substrings and compare as text not binary.

Note 3: See how objUser.getInfo extracts the attributes.

Note 4: As we want the first section in the string, it is arrUser(0).

_ˇ

Challenges

Add a message box function to ask the user for a cn= names. See Msgbox() in Ezine 46

Include extra error correcting code. For example, If (Err.Number <> 0) Then

Summary - GetEx and Split

This week we have two separate VBScript commands; GetEx to enumerate group membership, and Split to separate LDAP fields into single elements.

Guy Thomas recommends Computer Training Software.

Their topics and material are ideal for getting you started with VBScript. The videos are easy to follow and you can control the pace. Try their free demo material and then see if you want to buy the full package. See more about VB Script Training CD.

Guy Recommends: GFi EventsManager

Here is a solution to monitor, manage and archive thousands of events that are generated by devices across your entire network. Get your free evaluation copy of GFI EventsManager.

Please report a broken link, or an error.