Recipe 6.30 Viewing a User's Managed Objects
6.30.1 Problem
You want to view the objects
owned by a user.
6.30.2 Solution
6.30.2.1 Using a graphical user interface
Open ADSI Edit. If an entry for the naming context you want to
browse is not already displayed, do the following: Right-click on ADSI Edit in the right pane and click Connect to. Fill in the information for the naming context, container, or OU you
want to add an object to. Click on the Advanced button if you need to
enter alternate credentials. In the left pane, browse to the naming context, container, or OU the
object you want to view. Once you've found the
object, right-click on it and select Properties. View the managedObjects attribute.
6.30.2.2 Using a command-line interface
> enumprop /ATTR:managedObjects "LDAP://<UserDN>"
6.30.2.3 Using VBScript
' This code displays the managed objects for a user
' ------ SCRIPT CONFIGURATION ------
strUserDN = "<UserDN>" ' e.g. cn=jsmith,cn=Users,dc=rallencorp,dc=com
' ------ END CONFIGURATION ---------
on error resume next
set objUser = GetObject("LDAP://" & strUserDN)
Wscript.Echo objUser.Get("cn") & "'s Managed Objects:"
colObjects = objUser.GetEx("managedObjects")
if Err.Number = -2147463155 then
Wscript.Echo " none"
else
for each strObjectDN in colObjects
Wscript.Echo " " & strObjectDN
next
end if
6.30.3 Discussion
The managedObjects attribute is linked to the
managedBy attribute that can be set on certain
objects in Active Directory like computers and groups. Setting the
managedBy attribute provides a quick and dirty way
to define who owns an object. If you do use it, you can use the
managedObjects attribute on
user objects to get the list of objects the user
has been configured in the managedBy attribute for.
|