Security Basics mailing list archives

RE: Export list of usernames WinNT and Win2K servers

From: "Nick Hasselbeck" <nickh () etech-group com>
Date: Mon, 13 Dec 2004 12:38:38 -0500


... And if you're in an AD environment, you can use WMI to retrieve a
list of usernames, by querying LDAP.  Below is a short vb script I use
to pull workstation names from an OU.  All you should have to do is
change the LDAP path to point it to the OU with your usernames.      

---------
On Error resume next
Dim fso, f1, tf
Const FilePath = "c:\scripts\OU\working\computers.txt"
Const LdapPath =
"LDAP://ou=SBSComputers,ou=Computers,ou=MyBusiness,dc=ad, dc=local"
' Note that the above dc reference should point to your domain name, and
'second to the domain suffix (e.g. .local, .com, etc)

Set fso = CreateObject("Scripting.FileSystemObject")
Set f1 = fso.CreateTextFile(FilePath, True)
Set colItems = GetObject (LdapPath)

colItems.Filter = Array("Computer")

For each objItem in colItems
        Wscript.Echo Mid(ObjItem.Name, 4)
        f1.WriteLine Mid(ObjItem.Name, 4)
Next
-----------


-----Original Message-----
From: H Carvey [mailto:keydet89 () yahoo com] 
Sent: Friday, December 10, 2004 7:36 AM
To: security-basics () securityfocus com
Subject: Re: Export list of usernames WinNT and Win2K servers

In-Reply-To: <20041209210614.6B94BB34E7 () dior amnh org>

In Linux/Unix you can less the passwd file and get a list of all the

users

their usernames etc and have it be a regular text file.  I would like

to

know if there is some way to get something similar for Windows servers.




I'm sure most folks are expecting my response to be something that has
to do with Perl, but I'll spare you that at this point and recommend
that you look here:



http://www.systemtools.com/free_frame.htm



Specifically, NetUser and DumpSec would be of interest to you.  I
mentioned the use of NetUser in chapter 5 of my book, "Windows Forensics
and Incident Recovery".



H. Carvey

"Windows Forensics and Incident Recovery"

http://www.windows-ir.com

http://windowsir.blogspot.com



PS:  ...and yes, in Perl, I'd use the Win32::Lanman module to dump a
list of user names...unless all of the NT systems have the WMI classes
installed...

Current thread:

Export list of usernames WinNT and Win2K servers Raoul Armfield (Dec 09)
- Re: Export list of usernames WinNT and Win2K servers Ansgar -59cobalt- Wiechers (Dec 10)
- Re: Export list of usernames WinNT and Win2K servers GuidoZ (Dec 10)
- Re: Export list of usernames WinNT and Win2K servers Chris Meidinger (Dec 10)
- <Possible follow-ups>
- Re: Export list of usernames WinNT and Win2K servers miguel . dilaj (Dec 10)
- Re: Export list of usernames WinNT and Win2K servers H Carvey (Dec 10)
- RE: Export list of usernames WinNT and Win2K servers Germano, Tomas (Dec 13)
- RE: Export list of usernames WinNT and Win2K servers Nick Hasselbeck (Dec 13)