Find Users E-Mail via SID using VBScript and Active Directory
-
18-09-2019 - |
Question
I am parsing log messages about changes to user accounts on a windows system. I want to notify the user about the changes so I need to retrieve their personal information (First,Last, E-Mail) from Active Directory.
I already found a way to retrieve the username but that is only via WMI and not ADSI:
Function FindUser(Message)
Dim objWMIService
Dim strAccountRegex
Dim objRegex
Dim objMatch
Dim strComputer
Dim objUser
Dim objShell
strAccountRegex = "(\%\{[A-Z,0-9,\-]*\})"
strComputer = "."
Wscript.StdOut.writeLine "Querying WMI to retrieve user-data"
Set objWMIService = GetObject("winmgmts:\\" & strComputer & "\root\cimv2")
Set objShell = WScript.CreateObject("WScript.Shell")
Set objRegex = new RegExp
objRegex.Pattern= strAccountRegex
for each objMatch in objRegex.Execute(Message)
REM Wscript.StdOut.writeLine "Found an Account ID: " & objMatch.value
Dim strSID
strSID=NormalizeSID(objMatch.value)
REM Wscript.Echo "SID after escaping: " & strSID
Set objUser = objWMIService.Get _
("Win32_SID.SID='" & strSID & "'")
next
FindUser=objUser.ReferencedDomainName & "\" & objUser.AccountName
End Function
It works fine, but I would like to do it via Active Directory instead of going via WMI. Can you help me?
Solution
OK. I found a way to do this via Active Directory. For compeleteness here is the code:
REM Converts the SID into a from, that can be processed by WMI
Function NormalizeSid(strSidToNormalize)
Dim regEx,strReplace
strReplace=""
' Create regular expression.
Set regEx = New RegExp
regEx.Global = True
regEx.Pattern = "(%|{|})"
regEx.IgnoreCase = True
' Make replacement.
NormalizeSid = regEx.Replace(strSidToNormalize, strReplace)
End Function
REM Searches for a SID the in the Message that was passed as argument
REM SID returned will be of the form %{S-1-5-21-3968247570-3627839482-368725868-1110}
REM NOTE: Neither WMI nor ADSI will accept this. Use NormalizeSid like in FindUser
Function FindSidInMessage(Message)
Dim strAccountRegex
Dim objRegex
Dim objMatch
Dim strSID
strAccountRegex = "(\%\{S\-[,0-9,\-]*\})"
Set objRegex = new RegExp
objRegex.Pattern= strAccountRegex
for each objMatch in objRegex.Execute(Message)
REM Wscript.StdOut.writeLine "Found an Account ID: " & objMatch.value
strSID=objMatch.value
next
FindSidInMessage=strSID
End Function
REM Searches Directory for the User matching the SID passed as parameter
Function FindUser(userSID)
Dim normalizedSID
Dim objUser
normalizedSID=NormalizeSid(userSID)
Wscript.Echo "SID after escaping: " & normalizedSID
Wscript.StdOut.writeLine "Querying AD to retrieve user-data"
Set objUser = GetObject("LDAP://<SID="& normalizedSID & ">")
FindUser=objUser.EmailAddress
End Function
Hope this will be useful to others.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow