How Can I List All the Attributes Used by the Computer Class in Active Directory?
Hey, Scripting Guy! How can I list all the attributes used by the Computer class in Active Directory?
— KP
Hey, KP. Thanks for your question. In response, yes, it is true that the Kirkland Fire, the Colt League baseball team coached by one of the Scripting Guys, won the city championship this past weekend, nicely bookending the regular-season championship which the team had already clinched. And, yes, the final score of the title game really was 13-0. Anything else we can help you with?
Oh, right: your scripting question. (For those of you unfamiliar with scripting, it’s something we do to pass the time between baseball games.) Obviously one of the Scripting Guys isn’t exactly focused on doing his job today (though we don’t know why today should be an exception) but fortunately this is an easy question to answer: after all, one of the really cool things about ADSI (the scripting technology used to access Active Directory) is that you can write an ADSI script that will tell you what you can script using ADSI. For example, this script will return the names of all the attributes (properties) used by the Computer class:
Set objSchema = GetObject(“LDAP://schema/computer”)Wscript.Echo “Mandatory attributes”
For Each strAttribute in objSchema.MandatoryProperties Wscript.Echo strAttribute Next
Wscript.Echo
Wscript.Echo “Optional attributes”
For Each strAttribute in objSchema.OptionalProperties Wscript.Echo strAttribute Next
The script begins by connecting to the schema for the local domain and then binding to the Computer class. (The schema, of course, is a master list that details all the classes and other objects that can be stored in Active Directory, along with all the properties and methods of those items.) When we do this, we get back an instance of the IADsClass object; as the name implies, IADsClass contains information about a particular Active Directory class. What if we wanted information about the User class? Then we would bind to that class instead:
Set objSchema = GetObject(“LDAP://schema/user”)
And if we wanted information about the organizationalUnit class we’d use this code:
Set objSchema = GetObject(“LDAP://schema/organizationalUnit”)
Yes, very cool.
Because IADsClass is a class, it has its own set of attributes, including these two: MandatoryProperties and OptionalProperties. MandatoryProperties represents the properties that each instance of the class (in this case, the Computer class) must have. When we run the script against Active Directory we get back the following list of mandatory properties:
cn instanceType nTSecurityDescriptor objectCategory objectClass objectSid sAMAccountName
Most of these properties are automatically assigned by Active Directory, but a couple of them – like the cn and the sAMAccountName are not. That means you have to assign these yourself when creating a new Computer object; if you leave out, say, the sAMAccountName, then your script will fail.
As you might expect, MandatoryProperties are stored as an array (because there can be – and will be – more than one mandatory property); therefore we use a For Each loop to cycle through all the properties and echo back each property name:
For Each strAttribute in objSchema.MandatoryProperties
Wscript.Echo strAttribute
Next
That’s pretty much it. We do the same sort of thing for OptionalProperties (properties that a Computer object can have but doesn’t have to have) and we’re done.
Incidentally, when you look through the list of optional properties for a computer you’ll see all sorts of oddball items. Pager? Home phone number? How many computers have their own pager or home phone number? Believe it or not, that’s perfectly normal: as it turns out, the Computer class is derived from the User class. That means the Computer class has all the properties of the User class plus a few other properties – such as operating system version – specific to computers. If you see some crazy attributes associated with a computer – initials? secretary? – well, don’t worry about them. After all, as optional properties you don’t have to do anything with them if you don’t want to.
Hope that helps, KP. Now, who wants to hear more about the Kirkland Fire? Anybody? Hello? Hello?
Light
Dark
0 comments