In tip 8459, we used DSQUERY to determine who has dial-in permission in my domain?

In this tip, we will use DSQUERY, ADFind.exe freeware, and VBScript.


Still using DSQUERY.EXE, you can filter for the msNPAllowDialin attribute being TRUE:
@echo off                              setlocal EnableDelayedExpansion                              set qry=dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(msNPAllowDialin=TRUE))" -attr distinguishedName -limit 0                              for /f "Skip=1 Tokens=*" %%a in ('%qry%') do (                               set dn=%%a#                               set dn=!dn:  =!                               set dn=!dn: #=!                               set dn="!dn:#=!"                               @echo !dn!                              )                              endlocal


Using ADFind.exe freeware, type the following in a batch or at a CMD.EXE window:
adfind -nodn -csv -nocsvheader -default -f "&(objectCategory=person)(objectClass=user)(msNPAllowDialin=TRUE)" distinguishedName


Using a LDAP (Lightweight Directory Access Protocol) query, you can use an approach similar to tip 9843:
On Error Resume Next                              Dim objConnection, objCommand, objRootDSE, strDNSDomain                              Dim strFilter, strQuery, objRecordSet                              Set objConnection = CreateObject("ADODB.Connection")                              Set objCommand = CreateObject("ADODB.Command")                              objConnection.Provider = "ADsDSOOBject"                              objConnection.Open "Active Directory Provider"                              Set objCommand.ActiveConnection = objConnection                              Set objRootDSE = GetObject("LDAP://RootDSE")                              'Get domain                              strDNSDomain = objRootDSE.Get("defaultNamingContext")                              strBase = "<LDAP://" & strDNSDomain & ">"                              'Define the filter elements                              strFilter = "(&(objectCategory=person)(objectClass=user)(msNPAllowDialin=TRUE))"                              'List all attributes you will require                              strAttributes = "distinguishedName"                              'compose query                              strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"                              objCommand.CommandText = strQuery                              objCommand.Properties("Page Size") = 99999                              objCommand.Properties("Timeout") = 300                              objCommand.Properties("Cache Results") = False                              Set objRecordSet = objCommand.Execute                              objRecordSet.MoveFirst                              Do Until objRecordSet.EOF                                  strDN = objRecordSet.Fields("distinguishedName")                                  Wscript.Echo 
" & strDN &
" objRecordSet.MoveNext Loop ' Clean up. objConnection.Close Set objConnection = Nothing Set objCommand = Nothing Set objRootDSE = Nothing Set objRecordSet = Nothing