Recipe 8.10 Finding Computers with a Particular OS
8.10.1 Problem
You want to find computers that have a certain OS
version, release, or service pack in
a domain.
8.10.2 Solution
8.10.2.1 Using a graphical user interface
Open LDP. From the menu, select Connection
Connect. For Server, enter the name of a domain controller (or leave blank to
do a serverless bind). For Port, enter 389. Click OK. From the menu, select Connection Bind. Enter credentials of a user to perform the search. Click OK. From the Menu, select Browse Search. For Base Dn, enter the base of where you want your search to begin. For Filter, enter a filter that contains the OS attribute you want to
search on. For example, a query for all computers that are running
Windows XP would be the following: (&(objectclass=computer)(objectcategory=computer)(operatingSystem=Windows XP
Professional)) Select the appropriate Scope based on how deep you want to search. Click the Options button if you want to customize the list of
attributes returned for each matching object. Click Run and the
results will be displayed in the right pane.
8.10.2.2 Using a command-line interface
> dsquery * <DomainDN> -scope subtree -attr "*" -filter "(&(objectclass=[RETURN]
computer)(objectcategory=computer)(operatingSystem=Windows Server 2003))"
8.10.2.3 Using VBScript
' This code searches for computer objects that have Service Pack 1 installed.
' ------ SCRIPT CONFIGURATION ------
strBase = "<LDAP://" & "<DomainDN>" & ">;"
' ------ END CONFIGURATION ---------
strFilter = "(&(objectclass=computer)(objectcategory=computer)" & _
"(operatingSystemServicePack=Service Pack 1));"
strAttrs = "cn,operatingSystem,operatingSystemVersion," & _
" operatingSystemServicePack;"
strScope = "subtree"
set objConn = CreateObject("ADODB.Connection")
objConn.Provider = "ADsDSOObject"
objConn.Open "Active Directory Provider"
Set objRS = objConn.Execute(strBase & strFilter & strAttrs & strScope)
objRS.MoveFirst
while Not objRS.EOF
Wscript.Echo objRS.Fields(0).Value
Wscript.Echo objRS.Fields(1).Value
Wscript.Echo objRS.Fields(2).Value
Wscript.Echo objRS.Fields(3).Value
Wscript.Echo objRS.Fields(4).Value
WScript.Echo
objRS.MoveNext
wend
8.10.3 Discussion
When a computer joins an Active Directory domain, the operating
system attributes are updated for the computer
object. There are four of these attributes, which can be used in
queries to find computers that match certain OS-specific criteria,
like service pack level. These attributes include the following:
- operatingSystem
-
Descriptive name of the installed Operating System (e.g., Windows
Server 2003, Windows 2000 Server, and Windows XP Professional)
- operatingSystemVersion
-
Numerical representation of the operating system (e.g., 5.0 (2195)
and 5.2 (3757))
- operatingSystemServicePack
-
Current service pack level if one is installed (e.g., Service Pack 2
and Service Pack 3)
|
This recipe only applies to Windows-based machines. Other types of
machines (e.g., Unix) that have accounts in Active Directory do not
automatically update their OS attributes.
|
|
|