In tip 8459, we used DSQUERY to determine who has dial-in permission in my domain?

In this tip, we will use DSQUERY, ADFind.exe freeware, and VBScript.

DSQUERY

Still using DSQUERY.EXE, you can filter for the msNPAllowDialin attribute being TRUE:
@echo off
setlocal EnableDelayedExpansion
<font size="1">set qry=dsquery * domainroot -filter "(&(objectCategory=Person)(objectClass=User)(msNPAllowDialin=TRUE))" -attr distinguishedName -limit 0</font>
for /f "Skip=1 Tokens=*" %%a in ('%qry%') do (
 set dn=%%a#
 set dn=!dn:  =!
 set dn=!dn: #=!
 set dn="!dn:#=!"
 @echo !dn!
)
endlocal

ADFind.exe

Using ADFind.exe freeware, type the following in a batch or at a CMD.EXE window: <font size="1">adfind -nodn -csv -nocsvheader -default -f "&(objectCategory=person)(objectClass=user)(msNPAllowDialin=TRUE)" distinguishedName</font>

VBScript

Using a LDAP (Lightweight Directory Access Protocol) query, you can use an approach similar to tip 9843:
On Error Resume Next
Dim objConnection, objCommand, objRootDSE, strDNSDomain
Dim strFilter, strQuery, objRecordSet
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOOBject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
Set objRootDSE = GetObject("LDAP://RootDSE")
'Get domain
strDNSDomain = objRootDSE.Get("defaultNamingContext")
strBase = "<LDAP://" & strDNSDomain & ">"
'Define the filter elements
strFilter = "(&(objectCategory=person)(objectClass=user)(msNPAllowDialin=TRUE))"
'List all attributes you will require
strAttributes = "distinguishedName"
'compose query
strQuery = strBase & ";" & strFilter & ";" & strAttributes & ";subtree"
objCommand.CommandText = strQuery
objCommand.Properties("Page Size") = 99999
objCommand.Properties("Timeout") = 300
objCommand.Properties("Cache Results") = False
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
Do Until objRecordSet.EOF
    strDN = objRecordSet.Fields("distinguishedName")
    Wscript.Echo <div class="Contentquote"><center>" & strDN & </center></div>"
    objRecordSet.MoveNext
Loop
' Clean up.
objConnection.Close
Set objConnection = Nothing
Set objCommand = Nothing
Set objRootDSE = Nothing
Set objRecordSet = Nothing