Open LDP.
For Server, enter the name of a domain controller or domain that contains the object.
For Port, enter 389.
Click OK.
From the menu, select Connection → Bind.
Enter credentials of a user that can view the object (if necessary).
Click OK.
From the menu, select View → Tree.
For BaseDN, type the DN of the object you want to view.
For Scope, select Base.
Click OK.
> dsquery * "<ObjectDN>" -scope base -attr *For Windows 2000, use this command:
> enumprop "LDAP://<ObjectDN>"' This code prints all attributes for the specified object.
' ------ SCRIPT CONFIGURATION ------
strObjectDN = "<ObjectDN>" ' e.g. cn=jsmith,cn=users,dc=rallencorp,dc=com
' ------ END CONFIGURATION ---------
DisplayAttributes("LDAP://" & strObjectDN)
Function DisplayAttributes( strObjectADsPath )
set objObject = GetObject(strObjectADsPath)
objObject.GetInfo
'Declare the hash (dictionary), constants and variables
'Values taken from ADSTYPEENUM
set dicADsType = CreateObject("Scripting.Dictionary")
dicADsType.Add 0, "INVALID"
dicADsType.Add 1, "DN_STRING"
dicADsType.Add 2, "CASE_EXACT_STRING"
dicADsType.Add 3, "CASE_IGNORE_STRING"
dicADsType.Add 4, "PRINTABLE_STRING"
dicADsType.Add 5, "NUMERIC_STRING"
dicADsType.Add 6, "BOOLEAN"
dicADsType.Add 7, "INTEGER"
dicADsType.Add 8, "OCTET_STRING"
dicADsType.Add 9, "UTC_TIME"
dicADsType.Add 10, "LARGE_INTEGER"
dicADsType.Add 11, "PROV_SPECIFIC"
dicADsType.Add 12, "OBJECT_CLASS"
dicADsType.Add 13, "CASEIGNORE_LIST"
dicADsType.Add 14, "OCTET_LIST"
dicADsType.Add 15, "PATH"
dicADsType.Add 16, "POSTALADDRESS"
dicADsType.Add 17, "TIMESTAMP"
dicADsType.Add 18, "BACKLINK"
dicADsType.Add 19, "TYPEDNAME"
dicADsType.Add 20, "HOLD"
dicADsType.Add 21, "NETADDRESS"
dicADsType.Add 22, "REPLICAPOINTER"
dicADsType.Add 23, "FAXNUMBER"
dicADsType.Add 24, "EMAIL"
dicADsType.Add 25, "NT_SECURITY_DESCRIPTOR"
dicADsType.Add 26, "UNKNOWN"
dicADsType.Add 27, "DN_WITH_BINARY"
dicADsType.Add 28, "DN_WITH_STRING"
for intIndex = 0 To (objObject.PropertyCount - 1)
set objPropEntry = objObject.Item(intIndex)
for Each objPropValue In objPropEntry.Values
value = ""
if (dicADsType(objPropValue.ADsType) = "DN_STRING") then
value = objPropValue.DNString
elseIf (dicADsType(objPropValue.ADsType) = "CASE_EXACT_STRING") then
value = objPropValue.CaseExactString
elseIf (dicADsType(objPropValue.ADsType) = "CASE_IGNORE_STRING") then
value = objPropValue.CaseIgnoreString
elseIf (dicADsType(objPropValue.ADsType) = "PRINTABLE_STRING") then
value = objPropValue.PrintableString
elseIf (dicADsType(objPropValue.ADsType) = "NUMERIC_STRING") then
value = objPropValue.NumericString
elseIf (dicADsType(objPropValue.ADsType) = "BOOLEAN") then
value = CStr(objPropValue.Boolean)
elseIf (dicADsType(objPropValue.ADsType) = "INTEGER") then
value = objPropValue.Integer
elseIf (dicADsType(objPropValue.ADsType) = "LARGE_INTEGER") then
set objLargeInt = objPropValue.LargeInteger
value = objLargeInt.HighPart * 2^32 + objLargeInt.LowPart
elseIf (dicADsType(objPropValue.ADsType) = "UTC_TIME") then
value = objPropValue.UTCTime
else
value = "<" & dicADsType.Item(objPropEntry.ADsType) & ">"
end if
WScript.Echo objPropEntry.Name & " : " & value
next
next
End FunctionObjects in Active Directory are made up of a collection of attributes. Attributes can be single- or multivalued. Each attribute also has an associated syntax that is defined in the schema. See Recipe 10.7 for a complete list of syntaxes.
You can customize the list of attributes
returned from a search with LDP by modifying the Attributes: field
under Options → Search. To include all attributes enter
*. For a subset enter a semicolon-separated list
of attributes.
The -attr option for the
dsquery command accepts a whitespace-separated
list of attributes to display. Using a * will
return all attributes.
For the enumprop command, you can use the
/ATTR option and a comma-separated list of
attributes to return. In the following example, only the
name and whenCreated attributes
would be returned:
> enumprop /ATTR:name,whenCreated "LDAP://<ObjectDN>"The DisplayAttributes function prints the
attributes that contain values for the object passed in. After using
GetObject to bind to the object, I used the
IADs::GetInfo method to populate the local
property cache with all of the object’s attributes
from AD. In order to print each value of a property, I have to know
its type or syntax. The ADsType method returns an
integer from the ADSTYPEENUM enumeration that
corresponds with a particular syntax (e.g., boolean). Based on the
syntax, I call a specific method (e.g., Boolean)
that can properly print the value. If I didn’t
incorporate this logic and tried to print all values using the
CaseIgnoreString method for example, an error
would get generated when the script encountered an octet string
because octet strings (i.e., binary data) do not have a
CaseIgnoreString representation.
I stored the values from the ADSTYPEENUM
enumeration in key/value pairs in a dictionary object (i.e.,
Scripting.Dictionary). In the dictionary object,
the key for the dictionary is the ADSTYPEENUM
integer, and the value is a textual version of the syntax. I used the
dictionary object so I could print the textual syntax of each
attribute. I iterated over all the properties in the property cache
using IADsPropertyList and
IADsPropertyEntry objects, which are instantiated
with the
IADsPropertyList::Item
method.
Get Active Directory Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
