Hey, Scripting Guy! Question

Hey, Scripting Guy! How can I list all the users in an NT 4.0 domain, along with their description and logon script path?

-- HH

SpacerHey, Scripting Guy! AnswerScript Center

Hey, HH. Ah, yes NT 4.0. Windows NT 4.0 reminds us of dandelions: it doesn’t matter whether you like dandelions or not, there’s simply no way to get rid of them. The same is true of NT 4.0. Regardless of what people think of NT 4.0, there’s simply no way to get rid of it: it’s surprising how many organizations still rely (and often rely heavily) on this version of Windows.

But that’s OK: we happen to be firm believers in the adage that if it ain’t broke then don’t fix it. (Editor’s Note: The opinions expressed here are not necessarily the opinions of the Microsoft Corporation or anyone else affiliated with Microsoft - especially anyone in the sales and marketing departments.) Besides, while NT 4.0 might be getting up there in years, as long as you’ve installed Service Pack 3 or later it’s fully-scriptable. In fact, you can use a script similar to this to return information about all the users in an NT 4.0 domain:

Set objDomain = GetObject("WinNT://fabrikam")
objDomain.Filter = Array("User")

For Each objUser in objDomain
    Wscript.Echo "User name: " & objUser.Name 
    Wscript.Echo "Description: " & objUser.Description 
    Wscript.Echo "Logon script path: " & objUser.LoginScript 

As you might expect, we begin by binding to the fabrikam domain, a process that requires just one line of code:

Set objDomain = GetObject("WinNT://fabrikam ")

Two things to watch out for here. First, because we’re dealing with NT 4.0, we need to use the WinNT provider; the LDAP provider is only for Active Directory. Second, this is one of those rare occasions when case (uppercase vs. lowercase, that is) matters: it has to be WinNT, not WINNT, winnt, or any other variation.

Note. This script can also be used as-is to retrieve information about local user accounts. Just replace the domain name (fabrikam) with the name of the computer.

No, really, that’s all you have to do. Honest.

After making the connection we then apply a Filter to limit the returned data to user accounts. That, too requires just a single line of code:

objDomain.Filter = Array("User")

At that point we’re practically done: all we have to do is set up a For Each loop to loop through the collection of user accounts. For each account in the collection we then echo back the values of the Name, Description, and LoginScript properties. Game, set, and match.

Of course, now that we’ve whet your appetite for scripting against NT 4.0 domains you might be wondering what other user account values you can retrieve. Here’s a “bonus” script that connects to a user account and echoes back all the attributes of that account and their values:

On Error Resume Next
strDomain = "fabrikam"
Set objUser = GetObject("WinNT://" & strDomain & "/kenmyer")
Set objClass = GetObject(objUser.Schema)
WScript.Echo "Mandatory properties for " & objUser.Name & ":"
For Each property in objClass.MandatoryProperties
    WScript.Echo property, objUser.Get(property)
WScript.Echo "Optional properties for " & objUser.Name & ":"
For Each property in objClass.OptionalProperties
    WScript.Echo property, objUser.Get(property)

Not bad for a piece of software that’s nearly 1,000 years old, is it?

Note. Granted, we might poke a little fun at NT 4.0. However, after calculating the average number of candles required for a Scripting Guy birthday cake, well, let’s just say we’re not so sure you should ruthlessly discard things just because they’re getting a little old ….