' Export a group from the connector space.
' Try to bind to each member in AD to confirm they exist.
' Use for troubleshooting dn-attributes-failure and cd-missing-object errors.
'
' Written by Carol Wapshere, 2008, www.wapshere.com
'
Option Explicit
Const MA_NAME = "AD_Groups"
Const CSEXPORT = "C:\Program Files\Microsoft Identity Integration Server\Bin\csexport.exe"
Const DC = dc.mydomain.com
Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8
Const UNICODE = -1
Dim strGroupDN, strXMLFileName, strXML, strUserDN, strCmd
Dim objFS, objXMLFile, objShell, objUser, objExec
Dim iStart
strXMLFileName = MA_NAME & ".xml"
If WScript.Arguments.Count <> 1 Then
Usage
End If
strGroupDN = WScript.Arguments.Item(0)
wscript.echo ""
Set objFS = CreateObject("Scripting.FileSystemObject")
If objFS.FileExists(strXMLFileName) Then objFS.DeleteFile(strXMLFileName)
strCmd = CSEXPORT & " " & MA_NAME & " /f:d=" & chr(34) & strGroupDN & chr(34)
wscript.echo strcmd
Set objShell = CreateObject("WScript.Shell")
Set objExec = objShell.Exec(strCmd)
wscript.echo ""
wscript.echo "Exporting connector space object"
wscript.sleep 1000
Set objXMLFile = objFS.GetFile(strXMLFileName)
Do While objXMLFile.Size = 0
wscript.echo "."
wscript.sleep 1000
Loop
Set objXMLFile = objFS.OpenTextFile(strXMLFileName,ForReading,False,UNICODE)
strXML = objXMLFile.ReadAll
Do While InStr(strXML, "<dn>") > 0
iStart = InStr(strXML, "<dn>") + Len("<dn>")
strXML = Mid(strXML, iStart)
strUserDN = Left(strXML, InStr(strXML, "</dn>") - 1)
'wscript.echo strUserDN
'Try to bind to the User DN
Set objUser = Nothing
On Error Resume Next
Set objUser = GetObject("LDAP://" & DC & "/" & strUserDN)
On Error Goto 0
If objUser is Nothing Then
wscript.echo "User not found: " & strUserDN
End If
Loop
Sub Usage
wscript.echo "Check groups members from the connector space of MA AD_Groups"
wscript.echo "to confirm they exist in AD."
wscript.echo ""
Wscript.echo "Usage: cscript dn-missing.vbs groupDN"
wscript.echo ""
Wscript.Quit
End Sub
