Search code examples
vbscriptactive-directorydomainservices

Find if users from one domain exist in another

I'm trying to learn some sys-admin type stuff on the side, and am very new at this. My question seems simple, but I can't seem to find a way to do this. Here's the scenario:

  • I have setup 2 Windows Server 2012 machines under Hyper-V on my laptop
  • I setup new forests on both and promoted each one to a DC. Lets say one domain is called mydomain.com, and the other is called yourdomain.com. There is a 2 way trust between both domains, and I have validated that trust.
  • I have added some dummy users in mydomain.com and yourdomain.com, some with the same names and some with different ones

Now, what I want to do is to check which users in mydomain.com exist in yourdomain.com as well. For instance, I have a user called "fred.flintstone" in mydomain.com, and I want to check if he exists in yourdomain.com as well.

I am limited to using VBScript/Perl/Python/Batchfile and/or the DS tools (like dsquery,dsget etc), unfortunately powershell is out (for now)

Any pointers on how to script this would be welcome.

Thanks in advance

PS: The goal of this exercise is eventually to check all the groups in mydomain.com, and check to see if those groups exist in yourdomain.com as well. If they exists, then move the users from mydomain.com into yourdomain.com in the corresponding groups, and if they don't exist, then create the group in yourdomain.com and create the corresponding user.

Solution

  • I managed to write the VBScript which does what I wanted, so I will share it here. The script probably needs a very good cleanup, but for now it does the job so I'm hoping it can help other people too.

    ' Get OU

strOU1 = "OU=here,DC=mydomain,DC=com"
strOU2 = "OU=there,DC=yourdomain,DC=com"

Dim samid
Dim ldap_command

' Create connection to AD
'
Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"

' Create command
'
Set objCommand1 = CreateObject("ADODB.Command")
objCommand1.ActiveConnection = objConnection
objCommand1.Properties("Page Size") = 1000

' Execute command to get all users in OU
'
objCommand1.CommandText = _
  "<LDAP://" & strOU1 & ">;" & _
  "(&(objectclass=user)(objectcategory=person));" & _
  "adspath,distinguishedname,sAMAccountName;subtree"

Set objRecordSet = objCommand1.Execute

' Show info for each user in OU
'
Do Until objRecordSet.EOF

  ' Show required info for a user
  '  
   samid = objRecordSet.Fields("sAMAccountName").Value
   WScript.Echo "Processing " & objRecordSet.Fields("sAMAccountName").Value
   Set objCommand2 = CreateObject("ADODB.Command")
   ldap_command = _
   "<LDAP://" & strOU2 & ">;" & _
   "(&(objectclass=user)(objectcategory=person)" & _
   "(sAMAccountName=" & samid & "));" & _
   "adspath,distinguishedname,sAMAccountName;subtree"

   objCommand2.CommandText = ldap_command

   objCommand2.ActiveConnection = objConnection 
   objCommand2.Properties("Chase referrals") = &H40  

   Set objRecordSet2 = objCommand2.Execute

   If objRecordSet2.RecordCount = 0 Then
      Wscript.Echo "The sAMAccountName is not in use."
   Else
      Wscript.Echo "This ID is in use"
   End If

  ' Move to the next user
  '
   objRecordSet.MoveNext

Loop