目前整個域內的帳號有近50萬，10個子域，一個跟域，想導出賬號出來不是件容易的事，并且LDAP查詢策略的限制，只能一個OU一個OU的去導，因此寫了這樣的一個程序，便利GC的所有OU，逐層去讀取帳戶

Set rootDSE = GetObject("http://www.cnblogs.com/buyimozi/admin/ldap://rootDSE/")
BaseDN = rootDSE.Get("defaultNamingContext")
DC= replace(BaseDN,"DC=",",")
DC= replace(DC,",,",".")
DC=right(DC,len(DC)-1)

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Provider = "ADsDSOObject"
objConnection.Open "Active Directory Provider"
Set objCommand = CreateObject("ADODB.Command")
Set objCommand.ActiveConnection = objConnection
Set objCommand1 = CreateObject("ADODB.Command")
Set objCommand1.ActiveConnection = objConnection
on error resume next
wscript.echo "Begin:"

objCommand.CommandText = "<GC:// "& DC & "/"??? & BaseDN & ">;(&(|(objectclass=organizationalUnit)(objectclass=Container)(objectclass=domain)));name,distinguishedName,ADsPath;onelevel"
?Set objRecordSetTop = objCommand.Execute
?If Err.number<>0 Then
?MsgBox "沒有找到ou"? & TARGET_OU
?End If

?If objRecordSetTop.RecordCount>0 Then'頂層OU
?Do Until objRecordSetTop.EOF
??objectname=objRecordSetTop.Fields("name")
??distinguishedName=objRecordSetTop.Fields("distinguishedName")
??ADsPath= objRecordSetTop.Fields("ADsPath")???
???????searchChildOU? distinguishedName? ??
??objRecordSetTop.MoveNext
?Loop
Else
?wscript.echo "<GC:// "& DC & "/"??? & BaseDN? & " IS NULL"
End If
?
wscript.echo "總計輸出賬號為:" & i

Function searchChildOU(OUdistinguishedName)
OUdistinguishedName=replace(OUdistinguishedName,"/","\/")'將“/”做轉換
?objCommand.CommandText = "<GC://" & DC & "/" &?? OUdistinguishedName? & ">;(&(|(objectclass=organizationalUnit)(objectclass=Container)));cn,distinguishedName,ADsPath;onelevel"
?outputInformation? "GC://" & DC & "/" & OUdistinguishedName,outputFilePath? '導出當前OU下的賬戶
??? Set objRecordSet = objCommand.Execute
?If objRecordSet.RecordCount>0 Then
??Do Until objRecordSet.EOF
???searchChildOU? objRecordSet.Fields("distinguishedName")'此處用到遞歸查找OU的方法
???objRecordSet.MoveNext
??loop
?End If
End Function
Function outputInformation(adspath,outputFilePath)
'根據OU的adspath導出該OU下的所有賬號信息
Set OU = GetObject(adspath)
OUdistinguishedName=OU.distinguishedName
OUdistinguishedName=replace(OUdistinguishedName,"/","\/")
Wscript.Echo??? "導出:" & OUdistinguishedName????
????Set adoCommand = CreateObject("ADODB.Command")
??????????????????????????????? Set adoConnection = CreateObject("ADODB.Connection")
??????????????????????????????? adoConnection.Provider = "ADsDSOObject"
??????????????????????????????? adoConnection.Open "Active Directory Provider"
??????????????????????????????? adoCommand.ActiveConnection = adoConnection
??????????????????????????????? strBase = "<GC://" & DC & "/" &?? OUdistinguishedName? & ">"
??????????????????????????????? strFilter = "(&(objectCategory=person)(objectClass=user))"
??????????????????????????????? strAttributes = "distinguishedName,ADsPath,lastLogonTimeStamp" & ";onelevel"
??????????????????????????????? strQuery = strBase & ";" & strFilter & ";" & strAttributes
??????????????????????????????? adoCommand.CommandText = strQuery
??????????????????????????????? adoCommand.Properties("Page Size") = 10000000
??????????????????????????????? adoCommand.Properties("Timeout") = 60
??????????????????????????????? adoCommand.Properties("Cache Results") = False
??????????????????????????????? Set adoRecordset = adoCommand.Execute
??????????????????????????????? Do Until adoRecordset.EOF
?????????????????????????????????? On Error Resume Next
??????????????????????????????????? adspath=adoRecordset.Fields("adspath")
??????????????????????????????????? ShowMSG? adspath
?????????????????????????????????adoRecordset.MoveNext
??????? i=i+1
??????????????????????????????? Loop
End function

轉載于:https://www.cnblogs.com/buyimozi/archive/2009/09/02/1558920.html

總結

以上是生活随笔為你收集整理的查询GC得到森林里主域和子域的帐号的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。