ActiveDirectoryのユーザー情報を取得するVBScript

ADユーザー情報を取得するVBScript

興味のある方は少ないと思いますが、ActiveDirectoryからユーザー情報を取得するVBScriptを作成したので、備忘録として記事にしておきます。
Scriptを実行する事により、以下の情報を取得する事ができます。
取得後、EXCELシートに情報を格納します。
ログオン名
アカウント表示名
アカウントの有効/無効状態
アカウントのロック状態
最終ログオン日時
最終パスワード変更日時
パスワード無期限かどうか
アカウントの説明
所属グループ
以下がScriptの内容です。
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'   PG          :   ActiveDirectoryの調査
'   Author      :   2018/04/09 www.adlink-kk.ne.jp
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
 
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'   定数(ActiveDirectory)
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Const ADS_SCOPE_SUBTREE                                 = 5
Const ADS_SCOPE_ONELEVEL                                = 1
Const ADS_UF_SCRIPT                                     = 1
Const ADS_UF_ACCOUNTDISABLE                             = 2
Const ADS_UF_HOMEDIR_REQUIRED                           = 8
Const ADS_UF_LOCKOUT                                    = 16
Const ADS_UF_PASSWD_NOTREQD                             = 32
Const ADS_UF_PASSWD_CANT_CHANGE                         = 64
Const ADS_UF_ENCRYPTED_TEXT_PASSWORD_ALLOWED            = 128
Const ADS_UF_TEMP_DUPLICATE_ACCOUNT                     = 256
Const ADS_UF_NORMAL_ACCOUNT                             = 512
Const ADS_UF_INTERDOMAIN_TRUST_ACCOUNT                  = 2048
Const ADS_UF_WORKSTATION_TRUST_ACCOUNT                  = 4096
Const ADS_UF_SERVER_TRUST_ACCOUNT                       = 8192
Const ADS_UF_DONT_EXPIRE_PASSWD                         = 65536
Const ADS_UF_MNS_LOGON_ACCOUNT                          = 131072
Const ADS_UF_SMARTCARD_REQUIRED                         = 262144
Const ADS_UF_TRUSTED_FOR_DELEGATION                     = 524288
Const ADS_UF_NOT_DELEGATED                              = 1048576
Const ADS_UF_USE_DES_KEY_ONLY                           = 2097152
Const ADS_UF_DONT_REQUIRE_PREAUTH                       = 4194304
Const ADS_UF_PASSWORD_EXPIRED                           = 8388608
Const ADS_UF_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION     = 16777216
Const E_ADS_PROPERTY_NOT_FOUND                          = &h8000500D
Const ONE_HUNDRED_NANOSECOND                            = 0.0000001
Const SECONDS_IN_DAY                                    = 86400
 
 
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'   定数
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Const i                                                 = 11
Const EXCEL_TEMLATE_FILE                                = "userInfo.xls"
Const EXCEL_DRIVER                                      = "Driver={Microsoft Excel Driver (*.xls)};DBQ=BookName;ReadOnly=False;"
Const ADS_PATH                                          = "LDAP://DC=example,DC=com"    '環境にあわせて変更
 
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'   変数(ActiveDirectory)
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Private cnn                                             'ADODB.Connection（ActiveDirectory）
Private cmd                                             'ADODB.Command（ActiveDirectory）
Private rs                                              'ADODB.Recordset（ActiveDirectory）
Private con                                             'ADODB.Connection（ExcelBook）
Private maxPwdDays                                      'Password有効期限（PasswordPolisy）
 
 
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'   変数(ユーザー情報)
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Private userInfo()  'ユーザー情報格納配列（○項目をExcelBookへ出力）
'userInfo(0)    :Adspath
'userInfo(1)    :アカウント名
'userInfo(2)    :アカウント表示名                   ○
'userInfo(3)    :ログオン名
'userInfo(4)    :ログオン名(Windows2000)             ○
'userInfo(5)    :アカウント有効/無効                 ○
'userInfo(6)    :アカウントロック                   ○
'userInfo(7)    :最終ログオン日時                   ○
'userInfo(8)    :最終パスワード変更日時                    ○
'userInfo(9)    :パスワード無期限                   ○
'userInfo(10)   :説明                         ○
'userInfo(11)   :所属グループ                     ○
 
 
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'   処理
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Init()
Main()
Term()
 
 
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'   ActiveDirectoryに接続
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub Init()
    On Error Resume Next
 
    Set cnn = CreateObject("ADODB.Connection")
    cnn.Provider = "ADsDSOObject"
    cnn.Open "Active Directory Provider"
 
    'PasswordPolisyからPassword有効期限を取得
    Set objDomain = GetObject("ADS_PATH")
    Set objMaxPwdAge = objDomain.Get("maxPwdAge")
    maxPwdNano = abs(objMaxPwdAge.HighPart * (2 ^ 32) + objMaxPwdAge.LowPart)
    maxPwdSecs = maxPwdNano * ONE_HUNDRED_NANOSECOND
    maxPwdDays = CInt(maxPwdSecs / SECONDS_IN_DAY)
 
    If Err Then
        Call Term()
        WScript.Echo "ActiveDirectoryに接続できませんでした！"
    End If
End Sub
 
 
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'   ユーザー情報を取得
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub Main()
    On Error Resume Next
 
    'EXCELBOOKコピー＞接続
    Set fso = CreateObject("Scripting.FileSystemObject")
    Set book = fso.GetFile(fso.BuildPath(fso.GetParentFolderName(WScript.ScriptFullName), EXCEL_TEMLATE_FILE))
    newbook = Replace(DateSerial(Year(Now),Month(Now),Day(Now)),"/","") & "_" & EXCEL_TEMLATE_FILE
    newbook = fso.BuildPath(fso.GetParentFolderName(WScript.ScriptFullName), newbook)
    book.Copy newbook
    Set book = Nothing
    Set fso = Nothing
    Set con = CreateObject("ADODB.Connection")
    con.Open Replace(EXCEL_DRIVER,"BookName",newbook)
     
    'ユーザー情報抽出
    Set cmd = CreateObject("ADODB.Command")
    Set cmd.ActiveConnection = cnn
    cmd.Properties("Page Size") = 1000
    cmd.Properties("Timeout") = 30
    cmd.Properties("Searchscope") = ADS_SCOPE_SUBTREE   '5階層迄検索
    cmd.Properties("Cache Results") = False
    cmd.CommandText = "SELECT AdsPath FROM '" & ADS_PATH & "' WHERE objectCategory='user'"
    Set rs = cmd.Execute
    rs.MoveFirst
    Do Until rs.EOF
        Redim userInfo(i)
        getUserInfo(GetObject(rs.Fields("AdsPath").Value))
        setExcelBook()
        rs.MoveNext
    Loop
    rs.Close
    cnn.Close
    con.Close
 
    If Err Then
        Call Term()
        WScript.Echo "ADスキーマ取得に失敗しました！"
    End If
End Sub
 
 
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'   ActiveDirectoryから切断
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Sub Term()
    Set rs  = Nothing
    Set cmd = Nothing
    Set cnn = Nothing
    Set con = Nothing
    WScript.Quit
End Sub
 
 
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'   ユーザー情報を配列に格納する
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Private Sub getUserInfo(ByRef objUser)
    On Error Resume Next
 
    userInfo(0) = objUser.AdsPath
    userInfo(1) = objUser.Name
    userInfo(2) = objUser.displayName
    userInfo(3) = objUser.userPrincipalName
    userInfo(4) = objUser.sAMAccountName
    If objUser.AccountDisabled = True Then
        userInfo(5) = "無効"
    Else
        userInfo(5) = "有効"
    End If
    If objUser.IsAccountLocked = True Then
        userInfo(6) = "ロック有"
    Else
        userInfo(6) = "ロック無"
    End If
    Set objLastLogon = objUser.Get("lastLogon")
    userInfo(7) = objLastLogon.HighPart * (2 ^ 32) + objLastLogon.LowPart
    userInfo(7) = userInfo(7) / (60 * 10000000)
    userInfo(7) = userInfo(7) / 1440
    userInfo(7) = userInfo(7) + #1/1/1601#
    userInfo(7) = userInfo(7) + #9:00:00 AM#
    On Error Resume Next
    userInfo(8) = objUser.passwordLastChanged
    If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
        userInfo(8) = "変更履歴なし"
        Err.Clear
    Else
        passday = DateDiff("d",userInfo(8),Now())   'パスワード変更後の経過日数
    End If
    On Error GoTo 0
    If Not objUser.userAccountControl AND ADS_UF_DONT_EXPIRE_PASSWD Then
        userInfo(9) = "期限あり"
    Else
        userInfo(9) = "期限なし"
    End If
    userInfo(10) = objUser.Description
    On Error Resume Next
    userInfo(11) = vbNullString
    If Not IsNull(objUser.GetEx("memberOf")) Then
        If Not Err Then
            For Each groupAdsPath in objUser.GetEx("memberOf")
                Set objGroup = GetObject("LDAP://" & groupAdsPath)
                If userInfo(11) <> vbnullstring Then
                    userInfo(11) = userInfo(11) & "・" & objGroup.CN
                Else
                    userInfo(11) = objGroup.CN
                End If
            Next
        End If
    End If
    Err.Clear
    On Error GoTo 0
 
    If Err Then
        Call Term()
        WScript.Echo "ユーザー情報取得に失敗しました！"
    Else
        WScript.Echo userInfo(4) & "　の情報を取得しました。"
    End If
End Sub
 
 
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
'   EXCELにユーザー情報を挿入する
'''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
Private Sub setExcelBook()
    On Error Resume Next
 
    sql = vbNullString
    sql = sql & "INSERT INTO [userInfo$]("
    sql = sql & "ログオン名,"
    sql = sql & "アカウント表示名,"
    sql = sql & "アカウント有効・無効,"
    sql = sql & "アカウントロック,"
    sql = sql & "最終ログオン日時,"
    sql = sql & "最終パスワード変更日時,"
    sql = sql & "パスワード無期限,"
    sql = sql & "説明,"
    sql = sql & "所属グループ) "
    sql = sql & "VALUES('"
    sql = sql & userInfo(4) & "','"
    sql = sql & userInfo(2) & "','"
    sql = sql & userInfo(5) & "','"
    sql = sql & userInfo(6) & "','"
    sql = sql & userInfo(7) & "','"
    sql = sql & userInfo(8) & "','"
    sql = sql & userInfo(9) & "','"
    sql = sql & userInfo(10) & "','"
    sql = sql & userInfo(11) & "')"
    con.Execute sql
 
    If Err Then
        WScript.Echo userInfo(4) & "　のEXCEL出力に失敗しました！"
    End If
End Sub