Audit users in AD through VBS, listed in SharePoint using PowerShell

Good afternoon ufo watchers

I wanted to describe how I collected information about users from AD and then placed information on SharePoint for readability and at any time to look at that, or another user, the necessary information for us.
I will describe simply because it was all ...

The task is to collect from AD information about users that you can pull out and certain of their goals.
From what was available: VBS was chosen to collect information about users via LDAP, we collect everything into a simple text file (since the collection takes place in several segments separated among themselves), the files are collected in one place and then using PowerShell we place on a prepared SharePoint site .

On Error Resume Next Dim oQuery Dim objConnection Dim objCommand Dim objRecordSet Dim strMember Dim strAC Dim arrMember '       logfile = "users-lvs.txt" Set objFSO = CreateObject("Scripting.FileSystemObject") oQuery = "<LDAP://dc=my,dc=site>;" & _ "(objectCategory=user)" & _ ";distinguishedName,name,sAMAccountname,mail,memberOf,userAccountControl,description;subtree" '            Set objConnection = CreateObject("ADODB.Connection") Set objCommand = CreateObject("ADODB.Command") objConnection.Open "Provider=ADsDSOObject;" objCommand.ActiveConnection = objConnection objCommand.CommandText = oQuery Set objRecordSet = objCommand.Execute '    - ,   -  if objFSO.FileExists(logfile) then Set objFile = objFSO.OpenTextFile(logfile, 2) objFile.Write "" else Set objFile = objFSO.CreateTextFile(logfile) objFile.Close Set objFile = objFSO.OpenTextFile(logfile, 2) objFile.Write "" end if objFile.Close '  ,     While Not objRecordSet.EOF strMember = objRecordSet.Fields("memberOf") strStr = "" For i = 0 To UBound(strMember) '        liluka = InStr(2, strMember(i), ",", vbTextCompare) '       strStr = strStr & Right(Left(strMember(i), liluka - 1), liluka - 4) & ", " Next arrOpis = objRecordSet.Fields("description") strOpis = "" For i = 0 To UBound(arrOpis) strOpis = strOpis & arrOpis(i) & ", " Next '      Select Case objRecordSet.Fields("userAccountControl") Case 512 strAC = "" Case 514 strAC = "" Case 66048 strAC = "" Case 66050 strAC = "" End Select '      Set objFile = objFSO.OpenTextFile(logfile, 8) objFile.WriteLine objRecordSet.Fields("sAMAccountname") & ";1" & _ objRecordSet.Fields("name") & ";2" & _ objRecordSet.Fields("mail") & ";3" & _ strStr & ";4" & strAC & ";5" & strOpis & ";6" objFile.Close objRecordSet.MoveNext Wend objConnection.Close 

From the code it is clear that at the end of the line it is added "; 6LWs", as we already said above, we have several segments and this is the first LAN. With the sign that the user is turned off, he didn’t think long and took the 4 values ​​we have, if you make life difficult and dig, you can read the variable bits by bit ...
What would the PowerShell script understand where what information is located, did not come up with anything better than how to put a number indicating the index of certain information through a semicolon.
Not a professional, but just a lover of code I, both programming and analysis / parsing.
Actually the PowerShell code itself:

 #          ,  write-host open Sharepoint from USERS # sharepoint $env:SPpath = "${env:CommonProgramFiles}\Microsoft Shared\web server extensions\12\" [System.Reflection.Assembly]::LoadFrom("$env:SPPath\ISAPI\Microsoft.SharePoint.dll") write-host open web #  web $nsite="http://my_site/sites/MonitorUser" $SpSite = New-Object -TypeName "Microsoft.SharePoint.SPSite" -ArgumentList $nsite; $spweb=$spsite.OpenWeb(); write-host open Sharepoint list #   $nlist="http://my_site/sites/MonitorUser/Lists/List5/AllItems.aspx" $splist=$spweb.getlist($nlist); #   write-host clearing list... $iCnt = $splist.Items.Count; #$icnt; for ($jj=1; $jj -le $iCnt; $jj++){ $splist.Items.Delete(0); } write-host clearing list Done #      ,     write-host Processing log files... foreach ($file in $(get-childitem 'D:\scripts\work\' -include users*.txt -recurse)) { $hostout = $file.FullName + "..." Write-Host $hostout $fl = get-content $file.FullName; # $fl; for ($i=1; $i -lt $fl.Count; $i++) { $st1 =$fl[$i]; #       $ind1 = $st1.IndexOf(";1") $ind2 = $st1.IndexOf(";2") $ind3 = $st1.IndexOf(";3") $ind4 = $st1.IndexOf(";4") $ind5 = $st1.IndexOf(";5") $ind6 = $st1.IndexOf(";6") $stLogin = $st1.substring(0,$ind1) $stUserName = $st1.substring($ind1+2,$ind2-$ind1-2) $stMail = $st1.substring($ind2+2,$ind3-$ind2-2) $ind7 = $ind4-$ind3 if ($ind7 -eq 2) { $stGroup = " " } else { $stGroup = $st1.substring($ind3+2,$ind4-$ind3-4) } $ind7 = $ind6-$ind5 if ($ind7 -eq 2) { $stOpis = "" } else { $stOpis = $st1.substring($ind5+2,$ind6-$ind5-4) } $stBlock = $st1.substring($ind4+2,$ind5-$ind4-2) $stSeg = $st1.substring($ind6+2,3) #         $NewItem = $SpList.Items.Add(); $NewItem[""] = $stLogin; $NewItem[" "] = $stUserName; $NewItem["e-mail"] = $stMail; $NewItem[""] = $stGroup; $NewItem[""] = $stBlock; $NewItem[""] = $stSeg; $NewItem[""] = $stOpis; $NewItem.Update(); } } write-host Processing log files DONE $spweb.Dispose(); $spsite.Dispose(); write-host Program END 

')
Now after we have assembled tht in one place, run the batch file

 cscript users-lvs.vbs %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe "& 'D:\scripts\work\users.ps1'" %SystemRoot%\system32\WindowsPowerShell\v1.0\powershell.exe "& 'D:\scripts \work\pk.ps1'" 

Since our site is running in the LAN segment, the information on these users is updated as well. And as you can see, the working script collects information on computers (OS, version, pack, description, when turned on), but there everything is similar to how users are.
The longest that it takes in everything is the cleansing of the information page (approximately 2-3 minutes). If the pages are clean, then the collection and processing of several files in total takes no more than 30 seconds, 700-800 records.
In fact, there is a lot of information in LDAP and added its own working script with the fact that it looks when the user came in last, as well as when he changed the password last time. In WMI there is a “directory \ LDAP” and in principle you can find a lot of interesting information.

PS I quickly sketched my hand, I will be glad to any criticism, but better advice on how to improve, where some moments do not like and why, arguing this ...