Active Directory With JScript : How to Search for Users

 Active Directory, Javascript  15 Responses »
May 202011
 

Hi All,

I’ve created a function to search for users in Active Directory.
It’s fairly similar to the previous query to get the Domain Controllers.
The function accepts 2 parameters, the first being the username that’s being searched for, and the second is the type of search, e.g. begins with, or contains.

This code can also easily be modified to show all users in Active Directory by removing the samaccountname section in the query.


function Search(search,SearchType) {
var arrSearchResult = [];
var strSearch = '';
switch(SearchType) {
case "contains":
strSearch = "*"+search+"*";
break;
case "begins":
strSearch = search+"*";
break;
case "ends":
strSearch = "*"+search;
break;
case "exact":
strSearch = search;
break;
default:
strSearch = "*"+search+"*";
break;
}
objRootDSE = GetObject("LDAP://RootDSE");
strDomain = objRootDSE.Get("DefaultNamingContext");

strOU = "OU=Users"; // Set the OU to search here.
strAttrib = "name,samaccountname"; // Set the attributes to retrieve here.

objConnection = new ActiveXObject("ADODB.Connection");
objConnection.Provider="ADsDSOObject";
objConnection.Open("ADs Provider");
objCommand = new ActiveXObject("ADODB.Command");
objCommand.ActiveConnection = objConnection;
var Dom = "LDAP://"+strOU+","+strDomain;
var arrAttrib = strAttrib.split(",");
objCommand.CommandText = "select '"+strAttrib+"' from '"+Dom+"' WHERE objectCategory = 'user' AND objectClass='user' AND samaccountname='"+search+"' ORDER BY samaccountname ASC";

try {

objRecordSet = objCommand.Execute();

objRecordSet.Movefirst;
while(!(objRecordSet.EoF)) {
var locarray = new Array();
for(var y = 0; y < arrAttrib.length; y++) { locarray.push(objRecordSet.Fields(y).value); } arrSearchResult.push(locarray); objRecordSet.MoveNext; } return arrSearchResult; } catch(e) { alert(e.message); } }

This function will return an array within an array with the strAttrib defining which fields are retrieved.
The output can be parsed with 2 for loops like so :


var arrResults = Search('user');
for(a in arrResults) {
for(b in arrResults[a]) {
alert(arrResults[a][b]);
}
}

That code snippet will alert all the attributes of the user queried.

Related Posts
Share

Active Directory With JScript : How to Determine if an Account is Locked.

 Active Directory, Javascript  2 Responses »
May 152011
 

I have recently come across a situation where I need to determine whether an account is locked or not.
Conveniently, the IADsUser interface provides a property that is exactly what I need !.
This little code block will return a true or false depending on whether the account is locked or not, with true representing a locked account.


var objUser = GetObject("LDAP://cn=user,ou=users,dc=example,dc=com");
var boolUsrLocked = objUser.isAccountLocked;
return boolUsrLocked;

Related Posts
Share

Query a User in Active Directory

 Active Directory, Javascript  2 Responses »
Jan 042011
 

Quick snippet on how to query an AD user with Javascript.

Firstly, get the user object with:

var objUser = GetObject("LDAP://cn=username,ou=users,dc=example,dc=com");

With this object, you can query any attributes of the user.


var disabled = objUser.AccountDisabled; // True when the account is disabled
var firstname = objUser.givenname; // Returns the users first name.

A List of attributes can be found here.

Some of the more difficult attributes to query are “memberof” which displays the group memberships, and “lockouttime” which is how long they have been locked out for.

When querying memberof, it will return a VB Array, which Javascript won’t recognise unless you retrieve it with:

var memberof = VBArray(objUser.GetEx("memberof")).toArray();

With lockouttime the number is a 64-bit number, which requires a Highpart and Lowpart to access the whole number.
This code will get the lock out time:

var lockouttime = objUser.lockouttime;
var locktimems = Math.abs(lockouttime.HighPart) * Math.pow(2,32) + Math.abs(lockouttime.LowPart); //locktimems now has the time that the account is locked out until in milliseconds.

More garbage from me later !

Related Posts
Share