Low blood count
Once it was necessary to conduct an “inventory”, that is, to find out at which computer, which user is sitting.
The option to go through workplaces to see, ask around, was discarded as heretical.
Since all users are set up in Active Directory, just like workstations, the idea was born of tearing out all the necessary information from AD. Of course, it was possible to contact the domain administrator and ask all the data from him, but we are not looking for easy ways.
So, for the inventory You need:
And the most important condition is the extreme unwillingness to install any third-party applications on the computer, to write an application in the "correct" languages, it was also lazy. Therefore, VBS was chosen for implementation, since it has everything that is needed and nothing needs to be put in addition and the most lightweight environment for it is notepad.exe.
With network names, everything is simple, they are in the directory service. An example of working with AD from VBS is quite fast. To get a list of object attributes, a script was written.
comrade Andrew J. Healey listAllProperties
So get the names of computers turned out such a simple script.
')
Next, you need to get the MAC address of these computers. Everything is simple, using the standard “nbtstat” utility with the “-a” parameter you can get what you are looking for (there is of course another option with arp -a, but it does not always work).
Now the question arises: "Where sobsno get a list of users registered on this computer?". By a short googling, many methods were found that boiled down to remote execution of the wmi script. This path did not suit me, since remote execution of scripts is prohibited in the domain. And then I remembered that in Windows, by default, 2 registry keys are available for reading on the network, namely “HKEY_USERS” and “HKEY_LOCAL_MACHINE”.
This means that you can get the SID for registered users using the “reg” utility and the code that we used to get the MAC address will help us in this, all that needs to be changed in it is the regular template and the command text.
Well, we have good sids, but they do not look like full names, at all. To get a full name again have to contact AD.
Each object in AD has a “objectSID” field, which means that you can select information about the user, therefore, you can sit by yourself. To do this, take the code that we used to get the list of computers, and change the query in the “cmd.commandtext” field in it:
Well, that's all the necessary data obtained, and even if they change in the future to get them, it will not be a problem (unless of course the directory service is reorganized). And most importantly, I did not have to run, the whole enterprise was looking for computers and users.
The option to go through workplaces to see, ask around, was discarded as heretical.
Since all users are set up in Active Directory, just like workstations, the idea was born of tearing out all the necessary information from AD. Of course, it was possible to contact the domain administrator and ask all the data from him, but we are not looking for easy ways.
So, for the inventory You need:
- Network computer name. (All computers under Win different versions)
- Mac address of this computer. (All computers are on the same subnet 255.255.0.0)
- The name of the user who is assigned to this computer.
And the most important condition is the extreme unwillingness to install any third-party applications on the computer, to write an application in the "correct" languages, it was also lazy. Therefore, VBS was chosen for implementation, since it has everything that is needed and nothing needs to be put in addition and the most lightweight environment for it is notepad.exe.
With network names, everything is simple, they are in the directory service. An example of working with AD from VBS is quite fast. To get a list of object attributes, a script was written.
comrade Andrew J. Healey listAllProperties
So get the names of computers turned out such a simple script.
set cn=CreateObject("ADODB.Connection") set cmd=CreateObject("ADODB.Command") cn.Provider="ADsDSOObject" cn.Open "Active Directory Provider" set cmd.ActiveConnection=cn SQL Active directory "Computer" cmd.CommandText="SELECT * FROM 'LDAP://DC=***,DC=ru' WHERE objectClass='Computer'" set objRecordSet=cmd.Execute on error resume next do while Not objRecordSet.Eof set objComputer=GetObject(objRecordSet("adspath")) ' , ' , if(inSTR(1,objComputer.distinguishedName,"OU=Garbage",vbTextCompare) = 0)then wscript.echo objComputer.CN ' end if objRecordSet.MoveNext Loop ')
Next, you need to get the MAC address of these computers. Everything is simple, using the standard “nbtstat” utility with the “-a” parameter you can get what you are looking for (there is of course another option with arp -a, but it does not always work).
set oShell=Wscript.CreateObject("wscript.shell") set re=new regexp ' MAC re.Pattern = "[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}-[0-9A-F]{2}" ' ComputerNetworkName AD set oExec=oShell.Exec("nbtstat -a" & ComputerNetworkName) for each obj in re.execute(oExec.StdOut.ReadAll) GetData=obj.value next Now the question arises: "Where sobsno get a list of users registered on this computer?". By a short googling, many methods were found that boiled down to remote execution of the wmi script. This path did not suit me, since remote execution of scripts is prohibited in the domain. And then I remembered that in Windows, by default, 2 registry keys are available for reading on the network, namely “HKEY_USERS” and “HKEY_LOCAL_MACHINE”.
This means that you can get the SID for registered users using the “reg” utility and the code that we used to get the MAC address will help us in this, all that needs to be changed in it is the regular template and the command text.
set oShell=Wscript.CreateObject("wscript.shell") set re=new regexp ' SID reg query re.Pattern = "S-\d+-\d+-\d+-\d+-\d+-\d+-\d+" ' ComputerNetworkName AD set oExec=oShell.Exec("reg query \\" & iComputerNetworkName&"\HKEY_USERS") for each obj in re.execute(oExec.StdOut.ReadAll) GetData=obj.value next Well, we have good sids, but they do not look like full names, at all. To get a full name again have to contact AD.
Each object in AD has a “objectSID” field, which means that you can select information about the user, therefore, you can sit by yourself. To do this, take the code that we used to get the list of computers, and change the query in the “cmd.commandtext” field in it:
dim cn,cmd,objRecordSet set cn=CreateOBject("ADODB.Connection") set cmd=CreateObject("ADODB.Command") cn.Provider="ADsDSOObject" cn.Open "Active Directory Provider" set cmd.ActiveConnection=cn ' objSid . cmd.CommandText="SELECT * FROM 'LDAP://DC=***,DC=ru' where objectClass='User' and objectSid='"& objSid &"' " set objRecordSet=cmd.Execute ' if( not objRecordSet.Eof) then set objUser=GetObject(objRecordSet("adspath")) if(inSTR(1,objUser.distinguishedName,"OU=Garbage",vbTextCompare) = 0)then ' , , . Wscript.Echo objUser.FirstName &" "& objUser.LastName &" "& objUser.Patronim end if end if Well, that's all the necessary data obtained, and even if they change in the future to get them, it will not be a problem (unless of course the directory service is reorganized). And most importantly, I did not have to run, the whole enterprise was looking for computers and users.
Source: https://habr.com/ru/post/147555/
All Articles