Listing All Users they have the dial in permission in AD (RAS VPN ACCESS)
HI, Is there any way to show the all users in AD they have dial in permission for RRAS. (Allow Access) Plese HelpBest Regards, SA
December 1st, 2011 1:24am

use the below script. save the file as find_users_with_dialin+permission_for_RRAS.vbs Once script completes it will output a file called rras_vpn_users.txt in same folder as script. '*************************************************** 'This script will pull all users that have Dial-in 'access from Active Directory and the OU the account 'is in and writes the values out to the file RRAS_VPN_Users.txt '*************************************************** Option Explicit On Error Resume Next Const ADS_SCOPE_SUBTREE = 2 Dim objConnection, objCommand, objRootDSE Dim objRecordSet, ou Dim namingContext, fso, outFile Set objConnection = CreateObject("ADODB.Connection") Set objCommand = CreateObject("ADODB.Command") objConnection.Provider = "ADsDSOObject" objConnection.Open "Active Directory Provider" Set objCommand.ActiveConnection = objConnection set objRootDSE = getobject("LDAP://RootDSE") namingContext = objRootDSE.Get("defaultNamingContext") set objRootDSE = nothing Set fso = CreateObject("Scripting.FileSystemObject") Set outFile = fso.CreateTextFile("RRAS_VPN_Users.txt", True) objCommand.Properties("Page Size") = 1000 objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE objCommand.CommandText = _ "SELECT Name FROM 'LDAP://" & namingContext & _ "' WHERE objectCategory='user' " & _ "AND msNPAllowDialin = TRUE" Set objRecordSet = objCommand.Execute objRecordSet.MoveFirst Do Until objRecordSet.EOF ' Call function to find OU from computer name ou = getOUByUserName(objRecordSet.Fields("Name").Value) outFile.WriteLine(objRecordSet.Fields("Name").Value & _ ",'" & ou & "'") objRecordSet.MoveNext Loop outFile.Close WScript.Echo "Complete" WScript.Quit function getOUByUserName(byval UserName) ' *** Function to find ou/container of user object *** DIM namingContext, ldapFilter, ou DIM cn, cmd, rs DIM objRootDSE set objRootDSE = getobject("LDAP://RootDSE") namingContext = objRootDSE.Get("defaultNamingContext") set objRootDSE = nothing ldapFilter = "<LDAP://" & namingContext & _ ">;(&(objectCategory=User)(name=" & userName & "))" & _ ";distinguishedName;subtree" set cn = createobject("ADODB.Connection") set cmd = createobject("ADODB.Command") cn.open "Provider=ADsDSOObject;" cmd.activeconnection = cn cmd.commandtext = ldapFilter set rs = cmd.execute if rs.eof <> true and rs.bof <> true then ou = rs(0) ou = mid(ou,instr(ou,",")+1,len(ou)-instr(ou,",")) getOUByuserName = ou end if rs.close cn.close end function Regards, ~P MCSE, MCITP, MCTS, MCP, CCNA
Free Windows Admin Tool Kit Click here and download it now
December 1st, 2011 2:58am

You can also use dsquery (at the command prompt of a DC): dsquery * -Filter "(&(objectCatgegory=person)(objectClass=user)(msNPAllowDialin=TRUE))" The string TRUE must be in all caps (the only time anything is case sensitive in LDAP syntax filters). The same LDAP syntax filter can also be used with other utilities, like the PowerShell Get-ADUser (with AD modules): Get-ADUser -LDAPFilter "(&(objectCategory=person)(objectClass=user)(msNPAllowDialin=TRUE))" The filter can also be used with Joe Richards' free adfind utility. Richard Mueller - MVP Directory Services
December 1st, 2011 10:42am

use the below script. save the file as find_users_with_dialin+permission_for_RRAS.vbs Once script completes it will output a file called rras_vpn_users.txt in same folder as script. '*************************************************** 'This script will pull all users that have Dial-in 'access from Active Directory and the OU the account 'is in and writes the values out to the file RRAS_VPN_Users.txt '*************************************************** Option Explicit On Error Resume Next Const ADS_SCOPE_SUBTREE = 2 Dim objConnection, objCommand, objRootDSE Dim objRecordSet, ou Dim namingContext, fso, outFile Set objConnection = CreateObject("ADODB.Connection") Set objCommand = CreateObject("ADODB.Command") objConnection.Provider = "ADsDSOObject" objConnection.Open "Active Directory Provider" Set objCommand.ActiveConnection = objConnection set objRootDSE = getobject("LDAP://RootDSE") namingContext = objRootDSE.Get("defaultNamingContext") set objRootDSE = nothing Set fso = CreateObject("Scripting.FileSystemObject") Set outFile = fso.CreateTextFile("RRAS_VPN_Users.txt", True) objCommand.Properties("Page Size") = 1000 objCommand.Properties("Searchscope") = ADS_SCOPE_SUBTREE objCommand.CommandText = _ "SELECT Name FROM 'LDAP://" & namingContext & _ "' WHERE objectCategory='user' " & _ "AND msNPAllowDialin = TRUE" Set objRecordSet = objCommand.Execute objRecordSet.MoveFirst Do Until objRecordSet.EOF ' Call function to find OU from computer name ou = getOUByUserName(objRecordSet.Fields("Name").Value) outFile.WriteLine(objRecordSet.Fields("Name").Value & _ ",'" & ou & "'") objRecordSet.MoveNext Loop outFile.Close WScript.Echo "Complete" WScript.Quit function getOUByUserName(byval UserName) ' *** Function to find ou/container of user object *** DIM namingContext, ldapFilter, ou DIM cn, cmd, rs DIM objRootDSE set objRootDSE = getobject("LDAP://RootDSE") namingContext = objRootDSE.Get("defaultNamingContext") set objRootDSE = nothing ldapFilter = "<LDAP://" & namingContext & _ ">;(&(objectCategory=User)(name=" & userName & "))" & _ ";distinguishedName;subtree" set cn = createobject("ADODB.Connection") set cmd = createobject("ADODB.Command") cn.open "Provider=ADsDSOObject;" cmd.activeconnection = cn cmd.commandtext = ldapFilter set rs = cmd.execute if rs.eof <> true and rs.bof <> true then ou = rs(0) ou = mid(ou,instr(ou,",")+1,len(ou)-instr(ou,",")) getOUByuserName = ou end if rs.close cn.close end function Regards, ~P MCSE, MCITP, MCTS, MCP, CCNA
Free Windows Admin Tool Kit Click here and download it now
December 1st, 2011 10:44am

Thnx a lot this script is working for me . and if you can please share one more script that list all users they have password never expires tick mart in AD. we created some of the users with this option now i need to find out those users Best Regards, SA
December 3rd, 2011 8:01am

Please start a new question for that request. Regards, ~P MCSE, MCITP, MCTS, MCP, CCNA
Free Windows Admin Tool Kit Click here and download it now
December 3rd, 2011 8:26am

What about control access through Remote Access Policy? Is there any script to show user with this attribute enabled?
March 13th, 2012 3:44pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics