DSQuery / Script for Published Certificates

Anything VBScript-related, including Windows Script Host, WMI, ADSI, and more.
Forum rules
Do not post any licensing information in this forum.

Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
This topic is 15 years and 4 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked
User avatar
jarmar
Posts: 19
Last visit: Tue Jun 23, 2009 11:44 am

DSQuery / Script for Published Certificates

Post by jarmar »

Does anyone have a script that will output to a file who has a Published Certificate in Active Directory and who does not? We are trying to find out without going thru 1500 users one by one who does not have a published certificate.

Thank you.
User avatar
jarmar
Posts: 19
Last visit: Tue Jun 23, 2009 11:44 am

DSQuery / Script for Published Certificates

Post by jarmar »

Does anyone have a script that will output to a file who has a Published Certificate in Active Directory and who does not? We are trying to find out without going thru 1500 users one by one who does not have a published certificate.

Thank you.
User avatar
donj
Posts: 416
Last visit: Thu May 29, 2008 5:08 am

DSQuery / Script for Published Certificates

Post by donj »

I'm not even familiar with where that info is *kept* in AD. If you can tell me that I could probably show how to get the info...
User avatar
donj
Posts: 416
Last visit: Thu May 29, 2008 5:08 am

DSQuery / Script for Published Certificates

Post by donj »

So you'd do a GetEx("userCertificate") with the user object.
User avatar
jarmar
Posts: 19
Last visit: Tue Jun 23, 2009 11:44 am

DSQuery / Script for Published Certificates

Post by jarmar »

Thank you for all of the replies. On the last reply where can I tell the script what OU to look under, if I wanted to drill it down to a specific OU? I do not have control over the entire AD structure and don't want to query the whole thing either.

Thank you in advance.
User avatar
jarmar
Posts: 19
Last visit: Tue Jun 23, 2009 11:44 am

DSQuery / Script for Published Certificates

Post by jarmar »

We have users publish there certs with a 3rd party tool. We would want to use a script like this to query our OU and report back on who does or does not have a cert published. I could query and get a list of samAccountName but where would I put that in othman's script so that it would only look for those users?
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

DSQuery / Script for Published Certificates

Post by jvierra »

Post your current script. I don't see what the issue is.

To get users from ou:

Set collectionUsers = GetObject(LDAP://ou=myou,dc=domain,dc=com)

This will get all of the objects in the specified OU. If it is in a hierarchy you would need to specifiy all of the elements of the hierarchy.

Posting your script would make this all a bit easier.

Othmans script look like it retrieves all users and their certs. That is what you asked for originally.

YOu could modify this variabel "varConfigNC " by adding teh OU at teh font like this: varConfigNC = "ou=myou," & varConfigNC

This would force the script to use only the specified OU. Hierarchy rules still apply.

jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

DSQuery / Script for Published Certificates

Post by jvierra »

Here is where:


Set collectionUsers = GetObject(LDAP://ou=myou,dc=domain,dc=com)

Of course this depends on your AD structure.
jvierra
Posts: 15439
Last visit: Tue Nov 21, 2023 6:37 pm
Answers: 30
Has voted: 4 times
Been upvoted: 33 times

DSQuery / Script for Published Certificates

Post by jvierra »

It might be...
cn=john smith,ou=hro,ou=users,ou=all,dc=smith,dc=com

But you need to understand how LDAP works and how AD is structured. I don't hink you have provided the correct information so this might not work.


This topic is 15 years and 4 months old and has exceeded the time allowed for comments. Please begin a new topic or use the search feature to find a similar but newer topic.
Locked