May 192011

Hi All,

Another quick one while I’m working on these.

The following will give you the names of all your Domain Controllers in the Domain Controllers OU or at least the computers in the Domain Controllers OU.

function GetDC() {

var arrDCs = [];

objRootDSE = GetObject("LDAP://RootDSE");
strDomain = objRootDSE.Get("DefaultNamingContext");
objConnection = new ActiveXObject("ADODB.Connection");
objConnection.Open("ADs Provider");
objCommand = new ActiveXObject("ADODB.Command");
objCommand.ActiveConnection = objConnection;
var Dom = "LDAP://OU=Domain Controllers,"+strDomain;
objCommand.CommandText = "select name from '"+Dom+"' WHERE objectCategory = 'computer' ORDER BY name ASC";

objRecordSet = objCommand.Execute();


while(!(objRecordSet.EoF)) {
return arrDCs;

This function will return an array containing a list of the members names in the Domain Controllers OU.
The list that is returned can be modified by changing the search query.

May 192011

Hi all,

I covered this in another post, but thought I would make it separate to make it easier to find.

The following code block lets you get the distinguished name of the username that is passed into this function.

function GetDN(strUsername) {

var objUserDN = new ActiveXObject("NameTranslate");
objUserDN.Init(1,"< DOMAIN NAME HERE >");
objUserDN.Set(3,"< DOMAIN NAME HERE >\\"+strUsername);
strUserDN = objUserDN.get(1)
return strUserDN;

This codeblock does the following :

  1. Creates a new NameTranslate Object and binds objUserDN to it
  2. Initialises NameTranslate with the Init method with the ‘1’ setting the type of bind used, which is Domain in this case.
  3. Sets the type of translation used and the username to be translated by using the set method, the 3 specifies that the username that is input is in the NT format of “domain\User”
  4. Gets the Distinguished Name by using the Get method with a parameter of 1 which specifies that it should get the RFC 1779 formatted name.
  5. Returns the distinguished name

References :

May 182011

Hi all,

Thought I’d do a post on some JS as I haven’t done much in a while.
Today, I will go over some windows script host objects that may come in useful.
First up –

Firstly we need to create the ActiveX Object in Javascript like so :

var wsh = new ActiveXObject(

Once this ActiveX Object is created, we can now use it to grab data from the computer using the properties of wsh.

var strCompName = wsh.computername;

That code snippet will store the NetBios computer name into strCompName, easy as pie.

If you have any questions or comments, please feel free to leave a comment below.

MSDN WSH.Neworking

May 162011

Just realised that I haven’t had any posts about ADSi errors that you may encounter.
Here is a link to the common errors : Link

Most of the time, you will run up against these errors when you are querying users or groups and they don’t exist or an attribute / property does not exist.
The script will tell you which line you’ve went wrong on, but rarely ever gives you an idea on how to solve the issue. That page will give you a quick idea on how to resolve it.

May 152011

I have recently come across a situation where I need to determine whether an account is locked or not.
Conveniently, the IADsUser interface provides a property that is exactly what I need !.
This little code block will return a true or false depending on whether the account is locked or not, with true representing a locked account.

var objUser = GetObject("LDAP://cn=user,ou=users,dc=example,dc=com");
var boolUsrLocked = objUser.isAccountLocked;
return boolUsrLocked;