Limiting a Search for an Attribute in a Container to User Account Types
Microsoft® Windows® 2000 Scripting Guide
The search in the preceding section is not limited to user account types in the Management OU. The name attributes of other objects, such as computers and OUs, are also found. To specify criteria to limit your search, you add one or more search filters to your query statement.
If you are new to constructing search filters, use the custom search feature of Active Directory Users and Computers to create search filters. See "Filters" earlier in this section for a procedure showing how to accomplish this task.
Listing 7.25 contains a script that uses LDAP search dialect to limit a result set to the value of an attribute assigned to a specific type of user account in an OU. To carry out this task, the script performs the following steps:
Create an ADO Connection object to access the Active Directory database by using the ADSI OLE DB provider.
Create an ADO Command object, and assign the ADO connection to it.
Assign the query string to the CommandText property of the ADO Command object. The string uses LDAP search dialect.
Lines 810 specify the search base, two search filters, the attribute to return, and the search scope.
The first search filter limits the query to all objects that are assigned the defaultObjectCategory of person. The objectCategory property of the LDAP search dialect maps to the defaultObjectCategory of an objects class.
The second search filter limits the query to all user account types whose objectClass attribute is user. Anything returned by the query must satisfy both filter conditions because the search filters are prefaced with the ampersand (&), which is the AND operator.
Run the query by assigning the Execute method to the Command object and storing the return value in the RecordSet object, objRecordSet.
The query string returns records containing a single field, the name field.
Use a While Wend statement to display each record in objRecordSet. Use the MoveNext method of the RecordSet object to move to the next record.
Close the Connection object.
Listing 7.25 Performing a Search to Display the Names of User Account Types That Are Security Principals in an OU
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
Set objConnection = CreateObject("ADODB.Connection") objConnection.Open "Provider=ADsDSOObject;" Set objCommand = CreateObject("ADODB.Command") objCommand.ActiveConnection = objConnection objCommand.CommandText = _ "<LDAP://ou=Management,dc=NA,dc=fabrikam,dc=com>;" & _ "(&(objectCategory=person)(objectClass=user));" & _ "name;onelevel" Set objRecordSet = objCommand.Execute While Not objRecordset.EOF Wscript.Echo objRecordset.Fields("name") objRecordset.MoveNext Wend objConnection.Close