Script to check for new users or computers and email output

Posted by John Sorensen on June 29th, 2009

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165

'==========================================================================
'
'
' NAME: ADAddedUsersNComputers.vbs
'
' AUTHOR: John Sorensen
' DATE : 2/2/2009
'
' This script Checks AD for any additions made to Users or Computers
' in the past 24 hours. The time interval to check can be changed below.
'
'*****************************************************************************

'Please modify these four settings
strSMTPServer = "your_mail_server.domain.com"
strEmailFrom = "Script Output <script@domain.com>"
strEmailTo = "John Sorensen <you@domain.com>"

strTimeInUTC = CompareDateUTCConvert("h",-24) 'This is the same syntax as dateAdd(). The example will get new users/computers added in the past 24 hours.

'Unless you want to change the domain to check or the format of the emailed info, nothing below really needs to be modified.
On Error Resume Next
numPersonCount = 0
numComputerCount = 0

Set objAdRootDSE = GetObject("LDAP://RootDSE")
Set objRS = CreateObject("adodb.recordset")
varConfigNC = objAdRootDSE.Get("defaultNamingContext")
strConnstring = "Provider=ADsDSOObject"
strWQL = "SELECT ADsPath FROM 'LDAP://" & varConfigNC & "' WHERE createTimeStamp > '" & strTimeInUTC & "' and (objectCategory = 'Person' or objectCategory = 'Computer')"

objRS.Open strWQL, strConnstring
Do until objRS.eof
Set objADUserOrComputer = GetObject(objRS.Fields.Item(0))
strObjectCategory = ParseDN(objADUserOrComputer.objectCategory)

Select Case strObjectCategory
Case "Person"
numPersonCount = numPersonCount + 1
If Len(objADUserOrComputer.displayName) > 0 Then strUserMsg = strUserMsg & vbCrLf & "displayName = " & objADUserOrComputer.displayName
strUserMsg = strUserMsg & vbCrLf & "distinguishedName = " & objADUserOrComputer.distinguishedName
strUserMsg = strUserMsg & vbCrLf & "sAMAccountName = " & objADUserOrComputer.sAMAccountName
strUserMsg = strUserMsg & vbCrLf & "sAMAccountType = " & SAMAccountTypetoName(objADUserOrComputer.sAMAccountType)
strUserMsg = strUserMsg & vbCrLf & "whenChanged = " & objADUserOrComputer.whenChanged
strUserMsg = strUserMsg & vbCrLf & "whenCreated = " & objADUserOrComputer.whenCreated
strUserGroups = ParseMemberOf(objADUserOrComputer.memberOf,objADUserOrComputer.PrimaryGroupID)
strUserMsg = strUserMsg & vbCrLf & "Member Of: " & strUserGroups
If Len(objADUserOrComputer.userPrincipalName) > 0 Then strUserMsg = strUserMsg & vbCrLf & "userPrincipalName = " & objADUserOrComputer.userPrincipalName
strUserMsg = strUserMsg & vbCrLf
Case "Computer"
numComputerCount = numComputerCount + 1
strCompMsg = strCompMsg & vbCrLf & "dNSHostName = " & objADUserOrComputer.dNSHostName
strCompMsg = strCompMsg & vbCrLf & "isCriticalSystemObject = " & objADUserOrComputer.isCriticalSystemObject
strCompMsg = strCompMsg & vbCrLf & "operatingSystem = " & objADUserOrComputer.operatingSystem
strCompMsg = strCompMsg & vbCrLf & "operatingSystemServicePack = " & objADUserOrComputer.operatingSystemServicePack
strCompMsg = strCompMsg & vbCrLf & "operatingSystemVersion = " & objADUserOrComputer.operatingSystemVersion
If InStr(objADUserOrComputer.rIDSetReferences,"Domain Controller") > 0 Then strCompMsg = strCompMsg & vbCrLf & "Domain Controller = Yes"
If Len(objADUserOrComputer.description) > 0 Then strCompMsg = strCompMsg & vbCrLf & "description = " & objADUserOrComputer.description
If Len(objADUserOrComputer.machineRole) > 0 Then strCompMsg = strCompMsg & vbCrLf & "machineRole = " & objADUserOrComputer.machineRole
If Len(objADUserOrComputer.physicalLocationObject) > 0 Then strCompMsg = strCompMsg & vbCrLf & "physicalLocationObject = " & ParseDN(objADUserOrComputer.physicalLocationObject)
strCompMsg = strCompMsg & vbCrLf
End Select
objRS.movenext
Set objADUserOrComputer = Nothing
Loop
objRS.close
Set objRS = Nothing
Set objAdRootDSE = Nothing

If Len(strUserMsg) > 0 Then strEmailMessage = strEmailMessage & "--------- USERS ---------" & vbCrLf & strUserMsg & vbCrLf
If Len(strCompMsg) > 0 Then strEmailMessage = strEmailMessage & "--------- COMPUTERS ---------" & vbCrLf & strCompMsg
If Len(strUserMsg) = 0 And Len(strCompMsg) = 0 Then strEmailMessage = "No users or computers have been added in the last 24 hours."

Set objCDO = CreateObject("CDO.Message")
objCDO.Subject = "Users Added: " & numPersonCount & ". Computers Added: " & numComputerCount & "."
objCDO.From = strEmailFrom
objCDO.To = strEmailTo
objCDO.TextBody = strEmailMessage
objCDO.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/sendusing") = 2 'cdoSendUsingPort (1 = local, 3 = Exchange)
objCDO.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserver") = strSMTPServer
objCDO.Configuration.Fields.Item("http://schemas.microsoft.com/cdo/configuration/smtpserverport") = 25
objCDO.Configuration.Fields.Update
objCDO.Send
set objCDO = Nothing

Function CompareDateUTCConvert(dateAddInterval,compareNumber)
'Wow, this is a lil complex. So createTimestamp is in UTC format.
'So first we grab your machine's time bias and then apply it.
'Next, we adjust the date to the one you specified above (now()-24hours by default)
'Finally, we parse the final date to UTC format ie. 20070207032200.0Z

Set objSWbemServices = GetObject("winmgmts:") '& "{impersonationLevel=impersonate}!\.\root\cimv2")
Set colTimeZone = objSWbemServices.ExecQuery("SELECT * FROM Win32_TimeZone")
For Each objTimeZone in colTimeZone
strBias = objTimeZone.Bias
Next
Set colTimeZone = Nothing
Set objSWbemServices = Nothing
strCompareDate = dateAdd(dateAddInterval,compareNumber,now())
strUTCCompare = DateAdd("n",strBias*(-1),strCompareDate)
CurrentUTC = Year(strUTCCompare) & Right("0" & Month(strUTCCompare),2) & Right("0" & Day(strUTCCompare),2)
CurrentUTC = CurrentUTC & Right("0" & Hour(strUTCCompare),2) & Right("0" & Minute(strUTCCompare),2) & Right("0" & Second(strUTCCompare),2) & ".0Z"
CompareDateUTCConvert = CurrentUTC
End Function

Function ParseDN(strDN)
'Take a DN and extract what we want then make it pretty.
arrDN = split(strDN,",") 'CN=Example-Thing,CN=Whatever,CN=Etc
strDN = right(arrDN(0),len(arrDN(0))-3) 'CN=Example-Thing -> Example-Thing
strDN = replace(strDN,"-"," ") 'Example Thing
ParseDN = strDN
End Function

Function ParseMemberOf(memberof,primarygroupid)
'This shows what groups a person belongs to.
'The output of memberof changes depending on
'how many groups the user is a member of, etc.
Select Case TypeName(memberof)
Case "String" ParseMemberOf = ParseDN(memberof)
Case "Empty" ParseMemberOf = PrimaryGroupIDtoName(primarygroupid,varConfigNC)
Case "Variant()"
For each groupDN in memberof
strUserGroups = strUserGroups & vbCrLf & ParseDN(groupDN)
Next
ParseMemberOf = strUserGroups
Case Else ParseMemberOf = "Unknown"
End Select
End Function

Function SAMAccountTypetoName(theType)
'Just makin it more useful...
Select Case theType
Case 268435456 SAMAccountTypetoName = "Group Object"
Case 268435457 SAMAccountTypetoName = "Non-Security Group Object"
Case 536870912 SAMAccountTypetoName = "Alias Object"
Case 536870913 SAMAccountTypetoName = "Non-Security Alias Object"
Case 805306368 SAMAccountTypetoName = "Normal User Account"
Case 805306369 SAMAccountTypetoName = "Machine Account"
Case 805306370 SAMAccountTypetoName = "Trust Account"
Case 1073741824 SAMAccountTypetoName = "App Basic Group"
Case 1073741825 SAMAccountTypetoName = "App Query Group"
Case 2147483647 SAMAccountTypetoName = "Account Type Max"
Case Else SAMAccountTypetoName = "Unknown"
End Select
End Function

Function PrimaryGroupIDtoName(PGID,varConfigNC)
'Ugh.. the alternative to this function can be found here:
'http://support.microsoft.com/kb/297951
'both are kinda nasty.
Set objRSPGID = CreateObject("adodb.recordset")
Connstring = "Provider=ADsDSOObject"
strSQL = "<ldap://" & varConfigNC & ">;(objectCategory=group);distinguishedName,primaryGroupToken,name;subtree"
objRSPGID.Open strSQL, Connstring
If not objRSPGID.eof and not objRSPGID.bof Then
Do until objRSPGID.eof Or Len(strGroupName) > 0
If PGID = objRSPGID("primaryGroupToken") Then strGroupName = objRSPGID("name")
objRSPGID.movenext
Loop
End If
objRSPGID.close
Set objRSPGID = Nothing
If Len(strGroupName) = 0 Then strGroupName = "Unknown"
PrimaryGroupIDtoName = strGroupName
End Function