The purpose of this script is to pull a registry key from all of our client machines to determine whether it has statically configured DNS servers or not. The challenge I am targeting is that some of our machines are joined to our Active Directory domain and can be authenticated against using my domain user account, however, about half of them are still not and I need to use a local user account on those machines to authenticate with. I approached this challenge, instead of using error handling, by using a Scripting.Dictionary object in which the keys contain the computer names ("Workstation" objects) from eDirectory/ZENworks, and the value contains the same machine name ("computer" objects) in Active Directory IF, and only IF the machine account exists in Active Directory. If Active Directory does not have a corresponding machine account, the value for the key will remain (string) "NULL". By iterating over the Scripting.Dictionary object, I can easily determine whether I should use domain authentication or local authentication based on whether the value for each key contains the same computer name or "NULL". Of course, I'm sure there will be some exceptions that need to be handled via error handling, but at least I'm not using error handling as my primary method of testing authentication. Here is the main logic of the script without the nitty gritty registry stuff:
'Dictionary will hold name of computer from eDirectory AND Active Directory (if applicable). Use this to test for local or domain authentication!
dim computers, cycle
set computers = CreateObject("Scripting.Dictionary")
'Dynamically obtain root of Active Directory domain partition
set rootdse = GetObject("LDAP://RootDSE")
dirRoot = rootdse.Get("defaultNamingContext")
main()
function main()
'Populate computer names from eDirectory
searchDir "o=[YourRootNetwareOrg]
'Populate computer names from Active Directory
searchDir dirRoot, ""
pckeys = computers.keys()
for each key in pckeys
wscript.echo key & " :: " & computers(key)
next
end function
'Server is OPTIONAL parameter. If connecting to Active Directory from a domain account, just use double quotes.
'Please put a slash after the name/IP if you specify one.
function searchDir(dn, server)
set root = GetObject("LDAP://" & server & dn)
for each dirobj in root
select case dirobj.class
searchDir dirobj.name & "," & dn, server
case "organizationalUnit"
searchDir dirobj.distinguishedName, ""
case "container"
searchDir dirobj.distinguishedName, ""
case "computer"
'Need to use Right function to cut of "cn=" from the computer's name
pcname = right(dirobj.name,len(dirobj.name)-3)
if computers.exists(pcname) then computers.item(pcname) = pcname
case "Workstation"
'Need to use Right function to cut of "cn=" from the computer's name
computers.add right(dirobj.name,len(dirobj.name)-3),"NULL"
end select
next
end function
Now that you have this much, you can write another function that iterates over the Dictionary object and perform some random operation based on whether or not each computer has a corresponding computer object in Active Directory, or, any directory really. Due to the differences in directories though, you might have to tweak the object classes that the select case statement is testing for. If you have any questions, please feel free to e-mail me!
Trevor Sullivan
¶ 11:47 AM
