water Posted December 12, 2012 Author Share Posted December 12, 2012 Can you please post the _AD_Open statement? My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki Link to comment Share on other sites More sharing options...
tarankov Posted December 12, 2012 Share Posted December 12, 2012 Can you please post the _AD_Open statement? ; Open Connection to the Active Directory _AD_Open('admin','admin_password','DC=ad,DC=pu,DC=ru','dc.ad.pu.ru',"CN=Configuration,DC=ad,DC=pu,DC=ru") If @error Then Exit MsgBox(16, "Active Directory Example Skript", "Function _AD_Open encountered a problem. @error = " & @error & ", @extended = " & @extended) Link to comment Share on other sites More sharing options...
tarankov Posted December 12, 2012 Share Posted December 12, 2012 Maybe I can provide additional information for analysis? Link to comment Share on other sites More sharing options...
water Posted December 12, 2012 Author Share Posted December 12, 2012 At the moment I have no idea what could be wrong - hence I don't know what to ask My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki Link to comment Share on other sites More sharing options...
sonicgt Posted December 12, 2012 Share Posted December 12, 2012 I'm attempting to join a computer to a domain. Looking through the scripts in the udf it appears I have to first create the computer object using createcomputer then do the join. I am attempting to create a computer. Before I create my own script I'm just testing the demo script but changing the adopen command to open using specific credentials (domain admin) I am a little confused as to what I need to enter for the example. I am entering the OU as OU=level1,OU=Level2,OU=Level3,DC=my,DC=domain,DC=com then entering just a pc name as testpc1 and for the time being leaving the user/group blank, not sure if this is required. I get an error stating my OU does not exist, when I know 100% it does. I even used the demo script of getallou's to copy the full OU structure from there. I am not an AD guru so forgive me if I'm using the incorrect syntax.im used to thinking of FQDN as mydomain.me.com vs the whole OU= structure. Link to comment Share on other sites More sharing options...
Iceman682 Posted December 12, 2012 Share Posted December 12, 2012 (edited) Hi Water Any ideas why I would get "Unable to Join Computer to ....Domain. ErrorCode:5 Access is Denied" trying to join a machine to the domain? Many thanks Edited December 12, 2012 by Iceman682 Link to comment Share on other sites More sharing options...
water Posted December 12, 2012 Author Share Posted December 12, 2012 sonicgt, can you post your _AD_Open statement or even the whole script? My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki Link to comment Share on other sites More sharing options...
water Posted December 12, 2012 Author Share Posted December 12, 2012 Iceman682, can you post the value of @extended? My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki Link to comment Share on other sites More sharing options...
tarankov Posted December 13, 2012 Share Posted December 13, 2012 Hi Water! Have you any idea how to diagnose running of this function? We could solve the problem together. If you are interested I even consider the feasibility of remote connection to the problem workstation. Link to comment Share on other sites More sharing options...
water Posted December 13, 2012 Author Share Posted December 13, 2012 You could add_AD_ErrorNotify(2)at the top of your script so every error is displayed in a MsgBox. My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki Link to comment Share on other sites More sharing options...
tarankov Posted December 13, 2012 Share Posted December 13, 2012 Messages now appears at msgBox, they was shown at console before. And won't get more detailed. Colleagues from microsoft have an idea that it's nessesary to be authentificated to AD. May be some additional key on domain computer during connecton? Link to comment Share on other sites More sharing options...
water Posted December 13, 2012 Author Share Posted December 13, 2012 By running _AD_Open you connect to AD. Authentification is being done using the passed credentials or the credentials of the logged on Windows user. My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki Link to comment Share on other sites More sharing options...
water Posted December 13, 2012 Author Share Posted December 13, 2012 Another idea: _AD_Open allows to specify the userid in 3 different formats: You now use_AD_Open('admin','admin_password','DC=ad,DC=pu,DC=ru','dc.ad.pu.ru',"CN=Configuration,DC=ad,DC=pu,DC=ru") Coult you please try (I assume the domain name is "PU"): _AD_Open('pu\admin','admin_password','DC=ad,DC=pu,DC=ru','dc.ad.pu.ru',"CN=Configuration,DC=ad,DC=pu,DC=ru")or even _AD_Open('admin@pu.ru','admin_password','DC=ad,DC=pu,DC=ru','dc.ad.pu.ru',"CN=Configuration,DC=ad,DC=pu,DC=ru") My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki Link to comment Share on other sites More sharing options...
nigthlord Posted December 13, 2012 Share Posted December 13, 2012 (edited) Hi! Today I found some time to play with AD UDF again. If I use _AD_Getusergroups instead of _ad_recursivegetmemberof I get back groups from both domains I am member of but of course some groups are missong as it does no recursion. So does somebody has an idea why it wokrs with _AD_Getusergroups but not with _ad_recursivegetmemberof? thanks PS: @water - thanks a lot for your effort Edited December 13, 2012 by nigthlord Link to comment Share on other sites More sharing options...
water Posted December 13, 2012 Author Share Posted December 13, 2012 I assume you connect to the Global Catalog and run both functions, right?_AD_GetUserGroups queries the user and displays the content of the (multivalue) property "memberof".A user is defined in every domain so the user you query can only return the membership of this domain._AD_RecursiveGetMemberOf queries all groups and lists all groups where the property "member" is equal to the given user account. My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki Link to comment Share on other sites More sharing options...
nigthlord Posted December 13, 2012 Share Posted December 13, 2012 yes, I'm connecting to a GC.A user is defined in every domain so the user you query can only return the membership of this domain.not sure if I understood this right but I am not just getting results of the domain I am memberof or connected to but of every domain I am member in groups.But wouldn't it be possible to do it vice versa? So to use _AD_GetUserGroups and to query membership for each received group? so a recursion the other way round? Link to comment Share on other sites More sharing options...
water Posted December 13, 2012 Author Share Posted December 13, 2012 _AD_GetUserGroups tells the GC: Give me user A from domain X (that's the domain information you gave in _AD_Open - explicit or implicit) _AD_RecursiveGetMemberOf tells the GC: Give me a list of all groups As the AD UDF was written to work with one domain at a time it will need some time and effort to make it multi domain aware (at least for the read operations). As I'm quite busy at the moment this will not happen before end of January. My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki Link to comment Share on other sites More sharing options...
tarankov Posted December 14, 2012 Share Posted December 14, 2012 Hi Water!Those steps didn't worked. Please note, I didn't mention it before. Computer account appears in OU so object is created. Pehaps the problem emerges on rights granting phase Link to comment Share on other sites More sharing options...
water Posted December 14, 2012 Author Share Posted December 14, 2012 Hi tarankov,You mentioned before (I think in your first post) that the account was created but then the function crashed.We had a similar problem before and it was a problem of missing permissions.Using ADUC the computer account could be created successfully, when created by _AD_Create Computer it crashed. The difference is that ADUC doesn't set the permissions.What I don't get (at the moment):If you connect to the domain from a computer which is a domain member using the domain admin user - _AD_CreateComputer worksIf you connect to the domain from a computer which is NOT a domain member using the domain admin user - _AD_CreateComputer doesn't work My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki Link to comment Share on other sites More sharing options...
water Posted December 14, 2012 Author Share Posted December 14, 2012 I found this VBS which lets you list the permissions of the trustees for teh computer object. Change linestrDistinguishedName = "CN=Computername,OU=???,DC=???,DC=???"to the distinguishedname of the computer you created. The list of permissions is created in C:\temp\Report.txt expandcollapse popup' DACL.vbs ' VBScript program to document object security. ' ' ---------------------------------------------------------------------- ' Copyright (c) 2002-2010 Richard L. Mueller ' Hilltop Lab web site - http://www.rlmueller.net ' Version 1.0 - November 10, 2002 ' Version 1.1 - February 19, 2003 - Standardize Hungarian notation. ' Version 1.2 - March 30, 2007 - Document owner of Security Descriptor. ' Version 1.3 - November 6, 2010 - No need to set objects to Nothing. ' Program enumerates the ACE's within an Active Directory ACL for a ' specified object. The DistinguishedName of the object is hardcoded in ' the program. The output is written to a text file. ' Based in part on a program (pg. 425-431) in the text "Windows NT/2000 ' ADSI Scripting for System Administration", by Thomas Eck, MacMillan ' Technical Publishing, 2000. ' ' You have a royalty-free right to use, modify, reproduce, and ' distribute this script file in any way you find useful, provided that ' you agree that the copyright owner above has no warranty, obligations, ' or liability for such use. Option Explicit Dim objADObject, objACE, objDiscretionaryACL, objSecurityDescriptor Dim strDistinguishedName, objFSO, objReport ' Define constants. Const ADS_RIGHT_DELETE = &H10000 Const ADS_RIGHT_READ_CONTROL = &H20000 Const ADS_RIGHT_WRITE_DAC = &H40000 Const ADS_RIGHT_OWNER = &H80000 Const ADS_RIGHT_SYNCHRONIZE = &H100000 Const ADS_RIGHT_ACCESS_SYSTEM_SECURITY = &H1000000 Const ADS_RIGHT_GENERIC_READ = &H80000000 Const ADS_RIGHT_GENERIC_WRITE = &H40000000 Const ADS_RIGHT_GENERIC_EXECUTE = &H20000000 Const ADS_RIGHT_GENERIC_ALL = &H10000000 Const ADS_RIGHT_DS_CREATE_CHILD = &H1 Const ADS_RIGHT_DS_DELETE_CHILD = &H2 Const ADS_RIGHT_ACTRL_DS_LIST = &H4 Const ADS_RIGHT_DS_SELF = &H8 Const ADS_RIGHT_DS_READ_PROP = &H10 Const ADS_RIGHT_DS_WRITE_PROP = &H20 Const ADS_RIGHT_DS_DELETE_TREE = &H40 Const ADS_RIGHT_DS_LIST_OBJECT = &H80 Const ADS_RIGHT_DS_CONTROL_ACCESS = &H100 ' Open output text file with append access. Set objFSO = CreateObject("Scripting.FileSystemObject") Set objReport = objFSO.OpenTextFile("c:\temp\Report.txt", _ 8, True, 0) ' Specify Distinguished Name of object to be documented. strDistinguishedName = "CN=Computername,OU=???,DC=???,DC=???" ' Bind to the object in Active Directory with the LDAP provider Set objADObject = GetObject("LDAP://" & strDistinguishedName) ' Bind to the security objects. Set objSecurityDescriptor = objADObject.Get("ntSecurityDescriptor") Set objDiscretionaryACL = objSecurityDescriptor.discretionaryACL ' Write header information to the output file. objReport.WriteLine "Active Directory Object: " & objADObject.Name objReport.WriteLine "Security Descriptor Owner: " _ & objSecurityDescriptor.Owner objReport.WriteLine "---------------------------" ' Enumerate each ACE in the DACL. For Each objACE In objDiscretionaryACL objReport.WriteLine "Trustee: " & objACE.Trustee objReport.WriteLine " AceFlags : " & objACE.AceFlags objReport.WriteLine " AceType : " & objACE.AceType objReport.WriteLine " Flags : " & objACE.Flags objReport.WriteLine " ObjectType: " & objACE.objectType objReport.WriteLine " AccessMask: " & objACE.AccessMask ' Delete right. ' Grants the right to delete the object. If ((objACE.AccessMask And ADS_RIGHT_DELETE) <> 0) Then Call ListRights(objACE, "ADS_RIGHT_DELETE") End If ' Read Control right. ' Grants the right to read the object's security descriptor. If ((objACE.AccessMask And ADS_RIGHT_READ_CONTROL) <> 0) Then Call ListRights(objACE, "ADS_RIGHT_READ_CONTROL") End If ' Write DAC right. ' Grants the right to modify the descretionary access control list. If ((objACE.AccessMask And ADS_RIGHT_WRITE_DAC) <> 0) Then Call ListRights(objACE, "ADS_RIGHT_WRITE_DAC") End If ' Right owner. ' Grants the right to take ownership of the object. If ((objACE.AccessMask And ADS_RIGHT_OWNER) <> 0) Then Call ListRights(objACE, "ADS_RIGHT_OWNER") End If ' Synchronize right. ' Enables the object to be used for synchronization. If ((objACE.AccessMask And ADS_RIGHT_SYNCHRONIZE) <> 0) Then Call ListRights(objACE, "ADS_RIGHT_SYNCHRONIZE") End If ' Access System Security right. ' Grants the right to manipulate the object's SACL. If ((objACE.AccessMask And ADS_RIGHT_ACCESS_SYSTEM_SECURITY) <> 0) Then Call ListRights(objACE, "ADS_RIGHT_ACCESS_SYSTEM_SECURITY") End If ' Generic Read right. ' Grants the right to read the security descriptor, all properties, and ' any children of the object. If ((objACE.AccessMask And ADS_RIGHT_GENERIC_READ) <> 0) Then Call ListRights(objACE, "ADS_RIGHT_GENERIC_READ") End If ' Generic write right. ' Grants the right to write to the DACL and all properties, as well as ' to remove the object from the directory. If ((objACE.AccessMask And ADS_RIGHT_GENERIC_WRITE) <> 0) Then Call ListRights(objACE, "ADS_RIGHT_GENERIC_WRITE") End If ' Generic Execute right. ' Grants the ability to list the object's children. If ((objACE.AccessMask And ADS_RIGHT_GENERIC_EXECUTE) <> 0) Then Call ListRights(objACE, "ADS_RIGHT_GENERIC_EXECUTE") End If ' Generic All right. ' Grants the right to create or delete child objects and subtrees, ' read and write all properties, and add or remove the object. If ((objACE.AccessMask And ADS_RIGHT_GENERIC_ALL) <> 0) Then Call ListRights(objACE, "ADS_RIGHT_GENERIC_ALL") End If ' DS Create Child right. ' Grants the ability to create child objects. ' If ObjectType is set to the schemaIDGuid of an object class, the right ' is restricted to that object class. If ((objACE.AccessMask And ADS_RIGHT_DS_CREATE_CHILD) <> 0) Then Call ListRights(objACE, "ADS_RIGHT_DS_CREATE_CHILD") End If ' DS Delete Child right. ' Grants the ability to delete child objects. ' If ObjectType is set to the schemaIDGuid of an object class, the right ' is restricted to that object class. If ((objACE.AccessMask And ADS_RIGHT_DS_DELETE_CHILD) <> 0) Then Call ListRights(objACE, "ADS_RIGHT_DS_DELETE_CHILD") End If ' Access Control DS List right. ' Grants the ability to list all child objects. If ((objACE.AccessMask And ADS_RIGHT_ACTRL_DS_LIST) <> 0) Then Call ListRights(objACE, "ADS_RIGHT_ACTRL_DS_LIST") End If ' DS Self right. ' Grants the ability to list the object itself. If ((objACE.AccessMask And ADS_RIGHT_DS_SELF) <> 0) Then Call ListRights(objACE, "ADS_RIGHT_DS_SELF") End If ' DS Read Property right. ' Grants the ability to read object properties. ' If ObjectType is set to the GUID of a property or property set, the ' right is restricted to that property or property set. If ((objACE.AccessMask And ADS_RIGHT_DS_READ_PROP) <> 0) Then Call ListRights(objACE, "ADS_RIGHT_DS_READ_PROP") End If ' DS Write Property right. ' Grants the ability to write object properties. ' If ObjectType is set to the GUID of a property or property set, the ' right is restricted to that property or property set. If ((objACE.AccessMask And ADS_RIGHT_DS_WRITE_PROP) <> 0) Then Call ListRights(objACE, "ADS_RIGHT_DS_WRITE_PROP") End If ' DS Delete Tree right. ' Grants the ability to delete the object and all associated child ' objects. If ((objACE.AccessMask And ADS_RIGHT_DS_DELETE_TREE) <> 0) Then Call ListRights(objACE, "ADS_RIGHT_DS_DELETE_TREE") End If ' DS List Object right. ' Used to show or hide an object from user view. If ((objACE.AccessMask And ADS_RIGHT_DS_LIST_OBJECT) <> 0) Then Call ListRights(objACE, "ADS_RIGHT_DS_LIST_OBJECT") End If ' DS Control Access right. ' Grants the ability to to perform an operation restricted by an ' extended access right. Must specify a rights GUID identifying a ' controlAccessRight object in the Extended-Rights container in the ' configuration partition. If ((objACE.AccessMask And ADS_RIGHT_DS_CONTROL_ACCESS) <> 0) Then Call ListRights(objACE, "ADS_RIGHT_DS_CONTROL_ACCESS") End If objReport.WriteLine "" Next ' Clean up. objReport.Close Wscript.Echo "Done" Sub ListRights(objACE_Item, strRight) ' Subroutine to document rights to text file. ' objReport is the output file object, with global scope. If (objACE_Item.objectType = "") _ And (objACE_Item.InheritedObjectType = "") Then objReport.WriteLine " " & strRight Else If (objACE_Item.InheritedObjectType = "") Then objReport.WriteLine " " & strRight & " for SchemaIDGuid: " _ & objACE_Item.objectType Else objReport.WriteLine " Inherited " & strRight _ & " for SchemaIDGuid: " & objACE_Item.InheritedObjectType End If End If End Sub My UDFs and Tutorials: Spoiler UDFs: Active Directory (NEW 2024-07-28 - Version 1.6.3.0) - Download - General Help & Support - Example Scripts - Wiki ExcelChart (2017-07-21 - Version 0.4.0.1) - Download - General Help & Support - Example Scripts OutlookEX (2021-11-16 - Version 1.7.0.0) - Download - General Help & Support - Example Scripts - Wiki OutlookEX_GUI (2021-04-13 - Version 1.4.0.0) - Download Outlook Tools (2019-07-22 - Version 0.6.0.0) - Download - General Help & Support - Wiki PowerPoint (2021-08-31 - Version 1.5.0.0) - Download - General Help & Support - Example Scripts - Wiki Task Scheduler (2022-07-28 - Version 1.6.0.1) - Download - General Help & Support - Wiki Standard UDFs: Excel - Example Scripts - Wiki Word - Wiki Tutorials: ADO - Wiki WebDriver - Wiki Link to comment Share on other sites More sharing options...
Recommended Posts