1. 首页
  2. 问答
  3. 使用VBScript和Active Directory通过SID查找用户电子邮件

使用VBScript和Active Directory通过SID查找用户电子邮件

2010-03-09 65 views
0

我正在解析有关Windows系统上用户帐户更改的日志消息。 我想通知用户有关更改,因此我需要从Active Directory检索其个人 信息(First,Last,E-Mail)。使用VBScript和Active Directory通过SID查找用户电子邮件

我已经找到了一种方法来获取用户名,但是,这只是通过WMI,而不是ADSI:

Function FindUser(Message) 
    Dim objWMIService 
    Dim strAccountRegex 
    Dim objRegex 
    Dim objMatch 
    Dim strComputer 
    Dim objUser 
    Dim objShell 


    strAccountRegex = "(\%\{[A-Z,0-9,\-]*\})" 
    strComputer = "." 

    Wscript.StdOut.writeLine "Querying WMI to retrieve user-data" 

    Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") 
    Set objShell = WScript.CreateObject("WScript.Shell") 
    Set objRegex = new RegExp 
    objRegex.Pattern= strAccountRegex 
    for each objMatch in objRegex.Execute(Message) 
      REM Wscript.StdOut.writeLine "Found an Account ID: " & objMatch.value 
      Dim strSID 
      strSID=NormalizeSID(objMatch.value) 
      REM Wscript.Echo "SID after escaping: " & strSID 
      Set objUser = objWMIService.Get _ 
      ("Win32_SID.SID='" & strSID & "'") 
    next 
    FindUser=objUser.ReferencedDomainName & "\" & objUser.AccountName 
End Function

它工作正常,但我想通过Active Directory,而不是通过WMI打算这样做。 你能帮我吗?

来源

2010-03-09 er4z0r

回答

0

好的。我找到了一种通过Active Directory执行此操作的方法。 对于compeleteness这里是代码:

REM Converts the SID into a from, that can be processed by WMI 
Function NormalizeSid(strSidToNormalize) 
    Dim regEx,strReplace 
    strReplace="" 
    ' Create regular expression. 
    Set regEx = New RegExp 
    regEx.Global = True 
    regEx.Pattern = "(%|{|})" 
    regEx.IgnoreCase = True 

    ' Make replacement. 
    NormalizeSid = regEx.Replace(strSidToNormalize, strReplace) 
End Function 

REM Searches for a SID the in the Message that was passed as argument 
REM SID returned will be of the form %{S-1-5-21-3968247570-3627839482-368725868-1110} 
REM NOTE: Neither WMI nor ADSI will accept this. Use NormalizeSid like in FindUser 
Function FindSidInMessage(Message) 
    Dim strAccountRegex 
    Dim objRegex 
    Dim objMatch 
    Dim strSID 

    strAccountRegex = "(\%\{S\-[,0-9,\-]*\})" 
    Set objRegex = new RegExp 
    objRegex.Pattern= strAccountRegex 

    for each objMatch in objRegex.Execute(Message) 
      REM Wscript.StdOut.writeLine "Found an Account ID: " & objMatch.value 
      strSID=objMatch.value 
    next 

    FindSidInMessage=strSID 
End Function 

REM Searches Directory for the User matching the SID passed as parameter 
Function FindUser(userSID) 
    Dim normalizedSID 
    Dim objUser 

    normalizedSID=NormalizeSid(userSID) 
    Wscript.Echo "SID after escaping: " & normalizedSID 

    Wscript.StdOut.writeLine "Querying AD to retrieve user-data" 
    Set objUser = GetObject("LDAP://<SID="& normalizedSID & ">") 
    FindUser=objUser.EmailAddress 
End Function

希望这将是有用的人。

来源

2010-03-09 13:39:14 er4z0r

+0

我如何得到这个工作?我需要导出Eventlog吗?如果是这样,我怎么让脚本运行通过出口。对不起,我不是程序员。我只是试图将事件中的SID与其用户进行匹配。 – 2010-10-06 08:43:05

+0

我使用这个: http://www.sql-und-xml.de/freeware-tools/index.html#evt-Watch 不幸的是,它是由德国开发人员编写的,但使用谷歌翻译可能是幸运的; - ) – er4z0r 2010-10-22 08:26:08

相关问题

 相关问题