15.24. Script: Displaying the Structure of a Forest

Do you know the structure of your Active Directory forest? You could use a tool such as ADSI Edit and expand all of the OUs and containers in each domain, but if you have a lot of OUs, this would be very time consuming.

With a pretty simple script, you can enumerate all the domains, OUs, and containers in a forest. And you don't need any type of privileged rights to do it. Here is the script:

' This code prints out the forest tree hierarchy ' BEGIN SECTION 1 set objRootDSE = GetObject("LDAP://RootDSE") strBase = "<LDAP://cn=Partitions," & _ objRootDSE.Get("ConfigurationNamingContext") & ">;" strFilter = "(&(objectcategory=crossRef)(systemFlags=3));" strAttrs = "name,trustParent,nCName,dnsRoot,distinguishedName;" strScope = "onelevel" set objConn = CreateObject("ADODB.Connection") objConn.Provider = "ADsDSOObject" objConn.Open "Active Directory Provider" set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope) objRS.MoveFirst ' END SECTION 1 ' BEGIN SECTION 2 set dicSubDomainTrue = CreateObject("Scripting.Dictionary") set dicDomainHierarchy = CreateObject("Scripting.Dictionary") set dicDomainRoot = CreateObject("Scripting.Dictionary") ' END SECTION 2 ' BEGIN SECTION 3 while not objRS.EOF dicDomainRoot.Add objRS.Fields("name").Value, objRS.Fields("nCName").Value if objRS.Fields("trustParent").Value <> "" then dicSubDomainTrue.Add objRS.Fields("name").Value, 0 set objDomainParent = GetObject("LDAP://" & _ objRS.Fields("trustParent").Value) ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.