Excel active directory query

Достаточно часто системному администратору Windows приходится делать различные выгрузки по информации о пользователях домена Active Directory. Представим, что у нас есть список учетных записей (имена пользователя в формате samAccountName), и нам, например, необходимо получить информацию о том, в какой организации эти пользователи работают и их Canonical Name (CN). Ранее для получения такой информации мне приходилось писать небольшой скрипт на vbs, который последовательно перебирает все записи в Excel и возвращает обратно требуемую информацию из Active Directory. Такой механизм полностью работоспособен, но не очень удобен, поэтому я решил воспользоваться мощью языка Visual Basic from Application и выполнять запросы к Active Directory прямо из Excel (из макроса), т.к. такая методика была бы достаточно универсальной и в принципе все эти скрипты можно со спокойной совестью передавать менее подкованным бухгалтерам и экономистам!

Я создал новый макрос в книге Excel, и создал функцию с именем GetADInfo, которая на входе получает имя поля, по которому осуществляется поиск (в моем случае это имя пользователя, которое хранится в атрибуте Active Directory – samAccountName), значение этого поля (значение ячейки с именем пользователя) и имя артибута AD, значение которого функция должна вернуть.

Как же все это работает? В моем примере в ячейке A2 содержится имя пользователя домена, и я хочу для этого пользователя узнать компанию, в которой он числится (поле AD “Company”) и его каноническое имя (поле AD «distinguishedName»), в этом случае формулы для ячеек соответственно будут выглядеть следующим образом:

Ячейка B2 (наименование организации):

=GetADInfo("samAccountName";A2; "Company")

Ячейка C2 (CN):

=GetADInfo("samAccountName";A2; "distinguishedName")

Код макроса на VBA для получения данных из AD следующий:

Function GetADInfo(ByVal SearchField, ByVal SearchString, ByVal ReturnField) ' Указываем имя домена ("dc=domain, dc=local") Dim adoCommand, strDomain, objConnection strDomain = "dc=winitpro,dc=ru"  

Set objConnection = CreateObject("ADODB.Connection") objConnection.Open "Provider=ADsDSOObject;" ' Подключаемся Set adoCommand = CreateObject("ADODB.Command") adoCommand.ActiveConnection = objConnection ' Рекурсивный поиск по AD, начиная с корня домена adoCommand.CommandText = _ "<LDAP://" & strDomain & ">;(&(objectCategory=" & "User" & ")" & _ "(" & SearchField & "=" & SearchString & "));" & SearchField & "," & ReturnField & ";subtree" ' создаем набор записей RecordSet  Dim objRecordSet Set objRecordSet = adoCommand.Execute If objRecordSet.RecordCount = 0 Then GetADInfo = "not found" ' ничего не найдено Else GetADInfo = objRecordSet.Fields(ReturnField) ' возвращаемое значение End If ' Закрываем подключение objConnection.Close ' Очищаем переменные Set objRecordSet = Nothing  Set objCommand = Nothing Set objConnection = Nothing End Function

Чтобы данная функция заработала, необходимо подключить ряд библиотек в VBA. В редакторе VBA выбираем меню Tools->References и в появившемся окне отмечаем следующие библиотеки:

• Visual Basic For Application
• Microsoft Excel 14.0 Object Library
• OLE Automation
• Microsoft Office 14.0 Object Library
• Microsoft ActiveX Data Objects 2.8 Library (или около того)
• Microsoft Scripting Runtime
• Microsoft VBScript Regular Expressions 5.5

После того, как вы активируете следующие компоненты, сохраните макрос VBAи книгу Excel, и в результате в соответствующих полях Excel появится информация из Active Directory. Прелесть данного скрипта состоит в том, что он достаточно универсальный и с небольшими модификациями он поможет динамически получать практически любую информацию из Active Directory прямо в книге прямо в книге Excel!

Using Excel 2016 to query Active Directory (AD) directly is my personal favorite Get & Transform feature. Excel 2010 and Excel 2013 users can download the free Microsoft Power Query plug-in for Excel.

After years of creating Visual Basic and PowerShell scripts, I finally found a way to coach IT users to get AD data themselves. Excel stores all steps performed to extract, transform, and load the information as an M query within the workbook. You can also select an option to refresh the data when opening it or on a schedule.

See two examples below showing Get & Transform features and what you can do with the information.

Example 1: Extract user information

In the first example we extract the first name, last name, user ID, telephone number, division, city, last logon, and employment date. Furthermore, we set only enabled users from two cities as criteria. We also set the employment date as equal to the creation date of the user account.

To avoid high memory consumption and long durations, we split all the steps into smaller pieces.

Selecting only columns that contain requested information

Open a new Excel workbook and navigate to the Data ribbon. In the New Query drop-down menu, point to From Other Sources and select From Active Directory.

In the next window, confirm or change the current logged-on domain by clicking OK.

In the Navigator window, type in user to specify the concrete object class and proceed by clicking Edit.

Within the Query Editor, first select displayName, user, organizationalPerson, person, top, and securityPrincipal. Then click on Remove Other Columns.

Finish the first query by giving it a name (such as qry_AD_Usr_Raw) and clicking Close & Load.

Expand columns to choose individual attributes

To proceed with the data based on the first query, qry_AD_Usr_Raw, create a Reference to it.

In the Query Editor, start with the user column and clear the defaults by unchecking (Select All Columns) and Use the original column name as prefix.

Proceed by selecting the attributes givenName, lastLogonTimestamp, and userAccountControl.

Proceed by filtering other columns as follows:

• L and company from organizationalPerson
• sn and telephoneNumber from person
• whencreated from top
• SamAccountName from securityPrincipal

Finalize the second query by giving it a proper name (such as qry_AD_Usr_Expand) and clicking Close & Load.

Filtering columns to show only attributes matching certain criteria

Based on qry_AD_user_Expand, create a reference. Within the Query Editor, start by limiting it to enabled users (User Account Control = 512).

In case city names are not consistently in proper case, ensure this by fixing the Format of the l column.

Use the check boxes to limit the cities to those of your interest, such as Suzhou and Shanghai.

If Excel does not interpret the logonTimeStamp correctly, fix it by changing it to the correct data type (Date/Time).

You can arrange columns in a different order simply by dragging and dropping them.

As we don’t need the displayName and userAccountControl columns, Remove them from the query.

Sort the city in Ascending order by clicking the option in the l column.

Omit records with empty telephone numbers by unchecking (null) values.

Last, change the query name to qry_AD_Usr_ActiveChina, and load the result back into the workbook.

Make the result more user-friendly

Depending on the audience, you may need to make the results a bit easier to understand. To do so, create a reference for qry_AD_Usr_ActiveChina.

Perform the following transformations:

• Rename the columns by double-clicking givenName to First Name, sn to Last Name, l to City, company to Division, lastLogonTimestamp to Last Logon, and whenCreated to Employment Date.
• Change the Employment Date data type from Date/Time/Timezone to Date.
• Rename the query to qry_AD_Usr_ActiveChina_Friendly and click on Close & Load.

On Excel’s Design ribbon, choose the table styles to change from the defaults.

As the last step, configure automatic data refreshing so it automatically updates information upon opening the workbook.

Example 2: Extract computer information

In the second example, we extract computer object information. Queried attributes are cn, operatingSystem, operatingSystemServicePack, operatingSystemVersion, and whenCreated.

Set a filter to include only server operating systems (OSes).

Server names here derive from a name convention where the third to fifth characters stand for a site code.

For example: XZLINVM123 (LIN is the site code).

The query result aggregated in a pivot table will show the number of servers created each year aligned with the three-character site code they belong to.

Excel pivot table aggregating OS versions and computer object creation date

A diagram as a second aggregation will show the distribution of OS versions in use.

Selecting only columns that contain requested information

Open a new Excel workbook and navigate to the Data ribbon. In the New Query drop-down menu, point to From Other Sources and select From Active Directory.

In the next window, confirm or change the current logged-on domain by clicking OK.

Type or select the computer class in the Navigator window and continue by clicking Edit.

Keep the columns displayName, computer, and top. Rename the query (e.g., qry_AD_computer_raw) and confirm by clicking Close & Load.

Create a reference based on qry_AD_computer_raw.

Expand columns to choose individual attributes

In the Query Editor, expand the computer column. First uncheck (Select All Columns) and Use original column name as prefix.

Stay in the computer column and select the attributes cn, operatingSystem, operatingSystemServicePack, and operatingSystemVersion. Confirm by clicking OK.

In the top column, limit the selection to the whenCreated attribute.

Rename the query to qry_AD_computer_filtered and click on Close & Load.

Create a new query referencing qry_AD_computer_filtered.

Filtering columns to show only attributes matching certain criteria

Back in the Query Editor, filter the operatingSystem column so it shows only server OSes. Use the Text Filter Contains… for this.

Type Server in the text box and confirm by clicking OK.

Transform the existing column and remove the unneeded one

Stay in the current query and choose the Transform ribbon. Select the whenCreated column and pick Year in the Date drop-down menu.

Remove the displayName column.

Adding new columns to extend current possibilities

Change to the Add Column ribbon and click on Custom Column. Type in Site as a new column name.

Double-click on the cn column and confirm by clicking OK.

Change to the Transform ribbon, select the Site column, and choose Range in the Extract drop-down menu.

Choose 2 for Starting Index and 3 for Number of Characters. Confirm by clicking OK.

Rename the query to qry_AD_computer_Servers and click on Close & Load.

Aggregate information with a pivot table

In Excel, change to the Insert ribbon, place the cursor in the table, and click on Pivot Table.

Confirm the default settings in the Create PivotTable dialog.

In the pivot table field selector window, drag operatingSystem and Site into Rows, cn into Values, and whenCreated into the Columns section.

On the Design ribbon, click on Subtotals and choose Do Not Show Subtotals.

To improve visibility, pick one of the PivotTable Styles and check Banded Rows and Banded Columns.

Aggregate information with a pivot chart

In Excel, change to the Insert ribbon, place the cursor in the table, and click on PivotChart.

Confirm the default settings in the Create PivotChart dialog.

Pull cn into Values and operatingSystem into Axis.

Change the chart type by selecting it and clicking on Change Chart Type in the Design ribbon.

Choose Pie (for example) and Confirm the window.