Inside Active Directory
A book by Sakari Kouti and Mika Seitsonen

Smart Index



Scripts and Files (1st Edition, AD2000)

Inside Active Directory contains over 60 sample scripts written in VBScript, as well as some LDIF, batch, and Excel files. You can download all the sample files in a ZIP file or browse individual files on this page.

Both the ZIP file and this page also contain some additional files that are not included in the book (in the section Bonus Material).

horizontal rule


Chapter 1: Active Directory: The Big Picture

CH01 Classes.vbsPDF Plain text

Chapter 7: Group Policy

CH07 TestSettings.adm PDF Plain text

Chapter 9: Extending the Schema

AddMyProduct.ldfPDF Plain text
CH09 TestItem.BatPDF Plain text
CH09 TestItem.vbsPDF Plain text
ExtendUser.ldfPDF Plain text
CH09 SanaoHR.vbsPDF Plain text

Chapter 10: Administration Scripts: Concepts

CH10-01 WSH Basic Example.vbsPDF Plain text
CH10-02 Hello.vbsPDF Plain text
CH10-03 VBSBasicExample.vbsPDF Plain text
CH10-04 VBSBasicExample2.vbsPDF Plain text
CH10-05 VBSBasicExample3.vbsPDF Plain text
CH10-06 ADSI Basic Example.vbsPDF Plain text
CH10-07 ADSI IADs Properties.vbsPDF Plain text
CH10-08 RunDLL LockWorkstation.vbsPDF Plain text
CH10-10 IncludeExample.wsf
Note 1: Because this wsf file contains <> tags, your browser possibly cannot display it, when you click Plain text. However, if you have Acrobat (Reader) installed, you can click PDF. Another choice is to download the file to your computer and open it with Notepad.
Note 2: The file has wrong formula. The correct one is: (6 * INCHES_PER_FOOT + 2) * MILLIMETERS_PER_INCH
PDF Plain text
MyConstants.vbsPDF Plain text

Chapter 11: Administration Scripts: Examples

User Management
CH11-01 ADSI List the Users of One Container.vbs PDF Plain text
CH11-02 ADSI List the Users of One Container to Excel.vbs PDF Plain text
CH11-03 ADSI List the Property Cache Contents.vbs PDF Plain text
CH11-04 ADSI List User Properties with Get.vbs PDF Plain text
CH11-05 ADSI List User Properties with Methods.vbs PDF Plain text
CH11-06 ADSI List the Account Options of a User.vbs PDF Plain text
CH11-07 ADSI Create a User with Minimum Attributes.vbs PDF Plain text
CH11-08 ADSI Create a User with More Attributes.vbs PDF Plain text
CH11-09 BAT Create a User with a Batch File.bat PDF Plain text
CH11-10 WSH Create a Home Folder for a User - ver 1.vbs PDF Plain text
CH11-11 WSH Create a Home Folder for a User - ver 2.vbs PDF Plain text
CH11-12 Read User Information from Excel.xls - Macro PDF Plain text
CH11-12 Read User Information from Excel.xls - Sheet PDF Plain text
CH11-13 Read User Information from Standard Input.vbs PDF Plain text
Schema Access
CH11-14 ADSI List All Abstract Schema Objects.vbs PDF Plain text
CH11-15 ADSI List the Member Attributes of a Given Class.vbs PDF Plain text
CH11-16 ADSI List the Member Attributes of a Given Class to Excel.vbs PDF Plain text
CH11-17 ADSI Show Property Properties.vbs PDF Plain text
CH11-18 ADSI Container or Leaf.vbsPDF Plain text
CH11-19 ADSI List All Real Schema Objects.vbs PDF Plain text
CH11-20 ADSI List Indexed Attributes.vbs PDF Plain text
CH11-21 ADSI List Global Catalog Attributes.vbs PDF Plain text
CH11-22 ADSI List All classSchemas to Excel.vbs PDF Plain text
CH11-23 ADSI List All attributeSchemas to Excel.vbs PDF Plain text
CH11-24 ADSI Create an Attribute and a Class.vbs PDF Plain text
Configuration Information
CH11-25 ADSI List the Supported Namespaces.vbs PDF Plain text
CH11-26 ADSI List Attribute Display Names.vbs PDF Plain text
CH11-27 ADSI List the DC GUIDs.vbsPDF Plain text
CH11-28 ADSI List the rootDSE Property Cache.vbs PDF Plain text
CH11-29 ADSI List the GPO GUIDs.vbsPDF Plain text
CH11-30 ADSI List the Operations Masters.vbs PDF Plain text
CH11-31 ADSI List the Operations Masters with ADsFSMO.vbs PDF Plain text
CH11-32 ADSI List ADSystemInfo.vbsPDF Plain text
Access Control Lists
CH11-33 ADSI List ACEs - Short.vbsPDF Plain text
CH11-34 ADSI List ACEs to Excel - Short.vbs PDF Plain text
CH11-35 ADSI List Binary GUIDs.vbsPDF Plain text
CH11-36 ADSI List ACEs - Long.vbsPDF Plain text
CH11-37 ADSI Add ACEs.vbsPDF Plain text
CH11-38 Add ACEs to a Folder.vbsPDF Plain text
OU, Group, and Computer Management
CH11-39 ADSI Create a Group.vbsPDF Plain text
CH11-40 ADSI Add Users of One OU to a Group.vbs PDF Plain text
CH11-41 ADSI Create a Computer Object.vbs PDF Plain text
ADSI without Active Directory
CH11-42 ADSI List Services.vbsPDF Plain text
CH11-43 ADSI List Shares.vbsPDF Plain text
CH11-44 ADSI Create a Share.vbsPDF Plain text
CH11-45 ADSI List WinNT Properties of User Class.vbs PDF Plain text
CH11-46 ADSI Create a User in a Workstation.vbs PDF Plain text
Additional Techniques
CH11-47 ADSI Bind to a WKGUID.vbsPDF Plain text
AddotherWK.ldfPDF Plain text
CH11-48 ADSI List the Users of a Subtree.vbs PDF Plain text
CH11-49 VBS Error Checking.vbsPDF Plain text
CH11-50 CmdTool.vbsPDF Plain text
Using ADO
CH11-51 ADO Basic Example.vbsPDF Plain text
CH11-52 ADO Basic Example with SQL.vbsPDF Plain text
CH11-53 ADO Modifying Objects.vbsPDF Plain text
CH11-54 ADO List Objects That Have Blocked ACL Inheritance.vbs PDF Plain text

Bonus Material

This script includes all the constant definitions that were used in the samples of the book.
PDF Plain text
This script enables you to modify the employeeID attribute of a user.
1. Using ADSI Edit, locate the user-Display object (in CN=409, CN=DisplaySpecifiers, CN=Configuration).
2. Select the adminContextMenu attribute. Add to the attribute the value "2, Employee &ID, c:\test\employeeid.vbs" (without quotes). Do not remove the existing values, and if number 2 is already in use, select a free number.
3. On the computer, where you will test or use ADUC, create the file c:\test\employeeid.vbs and add the lines from employeeID.vbs.
4. Start ADUC and right-click any user object, and you should see "Employee ID" in the context menu.  
ZIP Plain text
This script lists the property sets in the forest and the attributes that each one includes. You need only end-user permissions to run this.
ZIP Plain text
The preceding script is not optimized for speed, so Joe Richards made modifications to make the script faster.
ZIP Plain text
Modified DSSec.Dat
DSSec.dat specifies, which classes and attributes are hidden from the lists of the Delegation of Control wizard or ACL Editor. Already in Windows 2000 this file had some peculiarities, such as (for the user class):
- First name (givenName) was visible but last name (sn) was not.
- E-Mail Address (Others) was visible but the normal E-mail was not.
For WS2003, this file was practically not modified, so the 49 new classes and 50 new attributes for the user class, for example, became visible. They are mostly something that you probably never use in delegation, so you could hide them with this modified file. It has the following modifications:
- Hide all the new classes of WS2003, except inetOrgPerson (48 of them)
- Hide aCSResourceLimits, which was already in Win2000
- For the user class, hide and unhide quite a few attributes so that the list of visible attributes is about the same as in ADUC. The exceptions are that nTSecurityDescriptor is hidden and badPasswordTime, badPwdCount, cn, employeeID, lastLogoff, lastLogon, lastLogonTimestamp, name, and pwdLastSet are visible.
- Added inetOrgPerson and applied the same attribute filtering for it than what is for the user class.
To use this file, download it and save it with the name
%SystemRoot%\System32\dssec.dat on the computer where you would use ACL Editor or the Delegation of Control wizard. Obviously it is a good idea to make a backup copy of the original file, although you would have the original file on all other computers anyway.
Addison-Wesley or Sakari Kouti has no warranty, obligations or liability for this file.
ZIP Plain text
ACLReport.vbs v1.01
This script creates an HTML file named ACLReport.htm, that contains all the ACLs of a given Active Directory tree. By modifying three lines in the beginning of the script, you can choose:
- Only OUs or all objects
- Only normal-view objects or also advanced-view objects
- Whether to display all ACEs or only non-inherited
ZIP Plain text
Last modified 07/22/07