Hi there, I need a vbscript which will query active directory for computers and output the following criteria:

Name | Operating System | Service Pack | Distinguished Name | Enabled or Disabled? | Last Logon Date / Time

I have found the following script which gets me some of the required info but I cant get it to find the enabled / disabled or last logon bit, can anyone help? Here is what I have so far:

Const ADS_SCOPE_SUBTREE = 2
strDomain = "LDAP://DC=CONTOSO,DC=COM"
Set oFSO = CreateObject("Scripting.FileSystemObject")
Set objConnection = CreateObject("ADODB.Connection")
Set objCommand =   CreateObject("ADODB.Command")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCOmmand.ActiveConnection = objConnection
objCommand.CommandText = "Select name,aDSPath,operatingSystem,operatingSystemServicePack,distinguishedName from '" & strDomain & "' Where objectClass='computer'"
objCommand.Properties("Page Size") = 1000
objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE
Set objRecordSet = objCommand.Execute
objRecordSet.MoveFirst
If oFSO.FileExists("c:\users\john\documents\temp\computer_list.csv") Then oFSO.DeleteFile("c:\users\john\documents\temp\computer_list.csv")
Set oFile = oFSO.OpenTextFile("c:\users\john\documents\temp\computer_list.csv",2,True)
On Error Resume Next
Do Until objRecordSet.EOF
 data = ""
 data = data & objRecordSet.Fields("name").Value & ","
 data = data & objRecordSet.Fields("operatingSystem").Value & ","
 data = data & objRecordSet.Fields("operatingSystemServicePack").Value & ","
 data = data & Left(objRecordSet.Fields("distinguishedName").Value, InStr(objRecordSet.Fields("distinguishedName").Value,",")-1) & ","
 Set oComputer = GetObject(objRecordSet.Fields("aDSPath").Value)
 data = data & oComputer.Get("description") & ","
 oFile.WriteLine data
 objRecordSet.MoveNext
Loop
On Error GoTo 0
oFile.Close
WScript.Echo("Finished")

Thanks in advance

• Edited by jonnyp1381 12 hours 56 minutes ago

Well, posting a script that you don't know how it works and then asking others to extend it for you isn't really the purpose of this forum.

First of all, I would recommend writing your script in PowerShell and use the AD cmdlets instead. With the AD cmdlets, you can use Get-ADComputer and select the properties you want. For example:

Hi there, apologies for posting here and thanks for the script - unfortunately the script has to be in vb as our environment is very locked down and powershell scripts have been disabled by gpo and can only access via vb

Thanks again

First, the above isn't even a script. Just copy and paste the lines in a PowerShell window and press Enter. (You need to load the ActiveDirectory module first, of course, which will be automatic in PowerShell 3.0 and newer.)

Second, there's an old expression that "beggars can't be choosers."

The purpose of this forum is to answer scripting questions, not to customize scripts on demand.

Look in repository for scripts that will bet what you are asking for. 

When you say lastlogon what are you asking for?  Are you asking who?

Enabled is a flag in the control work and has to be decoded.  Look in repository for examples.

I already provided the PowerShell command (above) that does what the original poster wants. It's not a script. All the OP has to do is run the command.

I have had this issue with admins claiming PS was restricted by GP when, in fact, it isn't. Scripts are set to signed always but we can still paste the code at a prompt and it works.

The last logon of a user is not the timestamp in the computer object.

The last logon of a user is not the timestamp in the computer object.

Correct. I am assuming that's what the OP was looking for.

If not, then the OP will need to clarify.

The last logon of a user is not the timestamp in the computer object.

Correct. I am assuming that's what the OP was looking for.

If not, then the OP will need to cl

PowerShell does not equal command prompt.

(As an aside, I would point out that disabling the command prompt provides no security whatsoever.)

It is not an issue of people not wanting to help. It is an issue of fairness. If you want free help, you need to ask a good question instead of expecting for someone to write the code for you. The forum is designed as to answer scripting questions, not to act as a free code-writing or code-customization service.

For last logged on user, that is not as simple as you might think. Last logon of a user is not stored as a part of a computer object in AD.

Totally understand and will know for future - This was my first post here - normally I do manage to work through and figure things out for myself its just I am really against the clock, the logon time is not the important bit so I can do without that if it makes things easier?

Regards