May 202011

Hi All,

I’ve created a function to search for users in Active Directory.
It’s fairly similar to the previous query to get the Domain Controllers.
The function accepts 2 parameters, the first being the username that’s being searched for, and the second is the type of search, e.g. begins with, or contains.

This code can also easily be modified to show all users in Active Directory by removing the samaccountname section in the query.

function Search(search,SearchType) {
var arrSearchResult = [];
var strSearch = '';
switch(SearchType) {
case "contains":
strSearch = "*"+search+"*";
case "begins":
strSearch = search+"*";
case "ends":
strSearch = "*"+search;
case "exact":
strSearch = search;
strSearch = "*"+search+"*";
objRootDSE = GetObject("LDAP://RootDSE");
strDomain = objRootDSE.Get("DefaultNamingContext");

strOU = "OU=Users"; // Set the OU to search here.
strAttrib = "name,samaccountname"; // Set the attributes to retrieve here.

objConnection = new ActiveXObject("ADODB.Connection");
objConnection.Open("ADs Provider");
objCommand = new ActiveXObject("ADODB.Command");
objCommand.ActiveConnection = objConnection;
var Dom = "LDAP://"+strOU+","+strDomain;
var arrAttrib = strAttrib.split(",");
objCommand.CommandText = "select '"+strAttrib+"' from '"+Dom+"' WHERE objectCategory = 'user' AND objectClass='user' AND samaccountname='"+search+"' ORDER BY samaccountname ASC";

try {

objRecordSet = objCommand.Execute();

while(!(objRecordSet.EoF)) {
var locarray = new Array();
for(var y = 0; y < arrAttrib.length; y++) { locarray.push(objRecordSet.Fields(y).value); } arrSearchResult.push(locarray); objRecordSet.MoveNext; } return arrSearchResult; } catch(e) { alert(e.message); } }

This function will return an array within an array with the strAttrib defining which fields are retrieved.
The output can be parsed with 2 for loops like so :

var arrResults = Search('user');
for(a in arrResults) {
for(b in arrResults[a]) {

That code snippet will alert all the attributes of the user queried.


  15 Responses to “Active Directory With JScript : How to Search for Users”

  1. where all these following objects were defined??

    i am getting an error.
    i have tried writing ‘var’ before all these variable but it doesn’t works

  2. What attribute can be included in the objCommand.CommandText string to only retrieve Active (non-disabled) users?

    • Good Question…
      “useraccountcontrol” has values depending on the state of the account
      The states should be
      514= Disabled
      66048 = Enabled, password never expires
      66050 = Disabled, password never expires

      Hope that helps

  3. I am getting error at :

    GetObject is undefined.

    • Here is the line which is throwing object undefined error:

      objRootDSE = GetObject(“LDAP://RootDSE”);

      • Are you using the Javascript on a webpage or in a HTA ? I was doing these in a HTA with some ActiveX controls if I remember correctly

  4. I was getting undefined exception on execution of below line:

    objRecordSet = objCommand.Execute();

    Please suggest!!

    • I would suggest that rather than using Javascript, you look at using Powershell to do what you need to do.
      Using Javascript to search AD isn’t very efficient anymore since Powershell has gotten so much better since I wrote this post.

  5. Hi Sir,

    I don’t know javascript, however know a bit about AD and html.
    what i want to do is to create html form and add some samaccountname/login name input on the form.
    however i need to check if the users is exsist on the AD and put underline on the form if the users is exist on AD
    how should i do that?

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>



This site uses Akismet to reduce spam. Learn how your comment data is processed.