We have an application that is inherently back-end (i.e. it runs on a server and users never interact with it directly). The application interacts with file servers only via UNC shares (does not interact with SQL server or anything like that).
Our marketing folks want to sell this application based on the "number of users at the site" (or some other measure of the size of the customer), and have tasked me with figuring out a way to enforce this in our licensing system.
I know that Microsoft servers have CALs, and I'm wondering if there might be a way to query the domain controller to determine the CALs (so far, Googling has not turned up anything about this, though).
Does anyone have any clever or creative solutions for how to approach this?
Like Harry said, any solution you use will likely be dodgy because the number of users that you count will probably not reflect the number of users in reality. That being said, the best solution I can think of would be to count the number of enabled user objects within the Active Directory domain. This can be accomplished by using scripting languages or built-in commands:
PowerShell
(get-aduser -Filter {enabled -eq $true}).count
DSQuery
dsquery * -filter "(&(objectCategory=person)(objectClass=user)(!userAccountControl:1.2.840.113556.1.4.803:=2))" -limit 0 | find /v /c ""
VBScript
Const Ads_Scope_SubTree = 2
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand = CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand.ActiveConnection = objConnection
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = Ads_Scope_SubTree
objCommand.CommandText = _
"Select Name From 'LDAP://DC = [Your Domain], DC = Com' Where objectCategory = 'Person'"
Set objRecordSet = objCommand.Execute
MsgBox "Total Number Of Users Found : " & objRecordSet.RecordCount
If you want to see what this looks like on steroids, please see https://blog.travisflix.com/export-active-directory-users/.