Apr 112011

Hey Everyone, not dead yet.
Been busy with work and life πŸ™‚
I’ve been able to build up a semi-semi decent library of javascript functions to query AD so I’ll post that up later on. πŸ™‚

Jan 042011

Quick snippet on how to query an AD user with Javascript.

Firstly, get the user object with:

var objUser = GetObject("LDAP://cn=username,ou=users,dc=example,dc=com");

With this object, you can query any attributes of the user.

var disabled = objUser.AccountDisabled; // True when the account is disabled
var firstname = objUser.givenname; // Returns the users first name.

A List of attributes can be found here.

Some of the more difficult attributes to query are “memberof” which displays the group memberships, and “lockouttime” which is how long they have been locked out for.

When querying memberof, it will return a VB Array, which Javascript won’t recognise unless you retrieve it with:

var memberof = VBArray(objUser.GetEx("memberof")).toArray();

With lockouttime the number is a 64-bit number, which requires a Highpart and Lowpart to access the whole number.
This code will get the lock out time:

var lockouttime = objUser.lockouttime;
var locktimems = Math.abs(lockouttime.HighPart) * Math.pow(2,32) + Math.abs(lockouttime.LowPart); //locktimems now has the time that the account is locked out until in milliseconds.

More garbage from me later !

Dec 282010

First post to start off with in regards to Active Directory –

I have used a couple of methods, both with varying degrees of success.

  1. Using ActiveX and command line commands
  2. Using ActiveX and IADs/ADSI

Using the first has the advantage of being able to pass different credentials onto the command, which enables me to run the script as a different user to the one I’m logged in under.
The second method is a bit cleaner to write, but it needs me logged in under a user that has read/write privileges to AD if I want to change anything, but just viewing AD objects is fine however.
Depending on your environment, I have found that either method works. With the first method, you will get command line windows opening up and closing by themselves when executing queries which may or may not annoy you a bit or a lot.

Either way will work though.

Dec 262010

I have been making some scripts for work recently and have found that no one seems to use Active Directory and Javascript together.
Some of you, or probably all of you will say “That’s because VBScript is better”, which I don’t particularly agree with.
While VBScript is good in it’s own way, I’m not too familiar with it, and while trying to start scripting I found out that I can’t easily resize, add, or remove elements from arrays, which was something I was doing quite regularly.

So I have decided to create this blog, which I will post up snippets and code that may be a help to anyone trying to manipulate AD with Javascript.