- How to add holidays to the Exchange calendar with PowerShell - Wed, Apr 23 2014
- How to change the domain name in Exchange Server 2010 - Tue, Apr 8 2014
- How to enable Unsolicited Remote Assistance in Windows 7 / 8 - Tue, Oct 1 2013
If these are all populated and kept updated with information changes, we can easily automatically generate an 'always-current' phone directory with a little bit of scripting.
The first thing you'll want to decide upon, is exactly what data/attributes you'd like to list in the directory. In my example, I'll be listing givenName, sn, title, mail, telephonenumber, mobile and sAMAccountName. We can use any attributes from an Active Directory user object – You can view these by starting the 'Active Directory Users & Computers' MMC, ensuring 'Advanced Features' is enabled on the view menu, then opening the properties windows for a user, and moving to the attribute editor tab – You will then be able to see each attribute, and its value.
Active Directory user attributes
The next step is to find a web server on your network running IIS (It is possible to do it via Apache/PHP on Linux connecting via LDAP, but this example is using Classic ASP and VBScript.)
We will need to ensure that the role feature of 'ASP' is installed on your server – otherwise IIS will give us a MIME error instead of loading our page.
ASP role feature
Create a new file in your web server’s root folder (Usually C:\Inetpub\wwwroot), called directory.asp, with the following content:
<%@ Language=VBScript %>
<% response.Buffer = True %>
<html><head>
<title>Company directory</title>
</head>
<body>
<h1>Company Directory</h1>
<%
' Define the AD OU that contains our users
usersOU = "LDAP://OU=Users,DC=Domain,DC=local"
' Make AD connection and run query
Set objCon = Server.CreateObject("ADODB.Connection")
objCon.provider ="ADsDSOObject"
objCon.Properties("User ID") = "DOMAIN\user"
objCon.Properties("Password") = "Pa$5w0rD!"
objCon.Properties("Encrypt Password") = TRUE
objCon.open "Active Directory Provider"
Set objCom = CreateObject("ADODB.Command")
Set objCom.ActiveConnection = objCon
objCom.CommandText ="select givenName,sn,title,mail,telephonenumber,mobile,sAMAccountName FROM '"+ usersOU +"' where sAMAccountname='*' ORDER by sAMAccountname"
Set objRS = objCom.Execute
' Loop over returned recordset and output HTML
Response.Write "<table>" + vbCrLf
Do While Not objRS.EOF Or objRS.BOF
Response.Write " <tr>"
Response.Write "<td>" + objRS("givenName") + "</td>"
Response.Write "<td>" + objRS("sn") + "</td>"
Response.Write "<td>" + objRS("title") + "</td>"
Response.Write "<td>" + objRS("mail") + "</td>"
Response.Write "<td>" + objRS("telephonenumber") + "</td>"
Response.Write "<td>" + objRS("mobile") + "</td>"
Response.Write "<td>" + objRS("sAMAccountName") + "</td>"
Response.Write "</tr>" + vbCrLf
objRS.MoveNext
Response.Flush
Loop
Response.Write "</table>"
' Clean up
objRS.Close
objCon.Close
Set objRS = Nothing
Set objCon = Nothing
Set objCom = Nothing
%>
</body>
</html>There are a few parts in the above code that will need editing to suit your environment, these being the OU containing your users on line 10, then a username and password with read access to AD on lines 14 & 15.
You can also change the attributes I have decided to use – this will need doing in two places, firstly on the Active Directory query on line 25, then again in the HTML output section in lines 33-39.
The HTML I have used is very basic, but if you've got some artistic flare or have some web designers in your company, I'm sure you'll be able to create something that not only functions well, but looks great too!
I've used Classic ASP for my example, as we can do everything quickly in one file without worrying about Visual Studio. However, if you're comfortable with Visual Studio and ASP.NET, you can achieve the same result using the System.DirectoryServices classes.
What a great script! I had it up and running in 5 minutes. Since we have users in several different OUs and we have some user objects that we do not wish to present in the directory, I copied the main section a couple of times and updated the base DN appropriately.
My silly question is: How do I add another title between my sections (to represent the different office locations)? I tried copying the Company Directory line but it breaks the script.
It did not work for me. I get the following error
Source Error:
Line 8: <%
Line 9: ' Define the AD OU that contains our users
Line 10: usersOU = "LDAP://OU=Users,DC=Domain,DC=local"
Line 11: ' Make AD connection and run query
Line 12: Set objCon = Server.CreateObject("ADODB.Connection")
Source File: C:\inetpub\wwwroot\directory.aspx Line: 10
PLZ help
Rana – I am no scripting expert but I am noticing 2 things: Your Line 10 is the same as the base script that Geoff posted. You need to update that with the correct Base DN from your Active Directory installation. Geoff lists the steps how to do that. Very easy. Second thing that I see (might not be a problem) is that you saved your file as an ASPX (ASP .NET) instead of .ASP. If it does not break the script, you will, as a start, need to make sure that your IIS server has the ASP.NET feature enabled. I hope that helps.
Hi there..
Pardon my ignorance … but I’ve created the asp file under wwwroot, but how do I get this to run? Do I just open it up in IE? When I do that it just opens up a blank page with the Directory heading … ASP is installed and file i’ve change the AD details to my AD naming
Hi there..
Pardon my ignorance … but I’ve created the asp file under wwwroot, but how do I get this to run? Do I just open it up in IE? When I do that it just opens up a blank page with the Directory heading … ASP is installed and file i’ve change the AD details to my AD naming
Niall – Since you got the directory heading that means that your IIS is running and that you are accessing the page just fine. Check the Base DN and credentials lines.
usersOU = “LDAP://OU=Users,DC=Domain,DC=local”
objCon.Properties(“User ID”) = “DOMAIN\user”
objCon.Properties(“Password”) = “Pa$5w0rD!”
This is great! One quick question – if a field does not contain data, how can we get it to leave the cell blank? Currently, it is shifting all the data over one cell.
Hi Dotan, thanks for the reply…
for the username and password I’m using an internal domain admin account. For the Users .. I’ve got it pointing to LDAP://OU=Users,DC=abcd,DC=ad (‘ad’ being the last bit of our domain name)
is this right?
Looks good to me. The best way to find the correct DN for the OU is to get it from Active Directory’s Attribute Editor tab:
1. Open Active Directory Users and Computers
2. Check Advanced Features in the View menu
3. Open Properties of the OU that you wish to use
4. Switch to Attribute Editor tab
5. Double click the Value of distinguishedName (likely the first line)
6. CTRL + C and paste into the script
From there, you just want to make sure that your credentials are correct.
If all goes well, the report will be populated with info.
Thanks for that ..still not working .. curious ..
I just realised anyway that I’ve got all our users split up with an OU per department .. so this script doesnt accommodate this as it assumes all users are in the Users OU.
I’d imagine there’s some LDAP wizardry that can be done to get all users in all OU’s .. but that’s beyond my ability …
Shame .. nice little script for a very handy feature ..
Thanks anyway …
Hi Dotan, Many thanks for your reply, I tried different Ldap queries. but all came up with the same error. this possibly could be due the file extension too. I will change the extension to asp and try again…
Brian, I encountered the same problem. For some reason the Response.Write command doesn’t write anything (including the tags) if the field does not have any data. The only way I could work out to get around this was the split the lines up. e.g. this line..
Response.Write “” + objRS(“mobile”) + “”
.. split into three lines instead..
Response.Write “”
Response.Write objRS(“mobile”)
Response.Write “”
My above comment had the tags stripped out of it. The first Response.Write line should have the opening td tag inside the quotes, and the last Response.Write line should have the closing td tag.
Hi,
I am a little green on this stuff. I thought I followed your instructions carefully. I created the directory.asp file and edited line 10, 14 & 15. I put the file in the folder on the server. What steps do I do now to bring this up to see if it works?
Thanks
Hi,
I’m able to get the script to work, but it’s dispalying not only the “Users” but “Computers” as well.
I assume that it has something to do with Line 10 of the script.
Line 10: usersOU = “LDAP://OU=Users,DC=Domain,DC=local”
Please advise on how to display only the “Users”
Hi,
Nevermind. I managed to get it. Just add the parent OU before the child OU.
Ex: Line 10: usersOU = “LDAP://OU=Users,OU=XXX,DC=Domain,DC=local”
Anyone managed to convert this or something similar into aspx asp.net) format? I’ve been struggling for days now as I’m more old school classic asp.
I get this error when compiling. No many web sources to reference for it.
Server Error in ‘/’ Application.
Compilation Error
Description: An error occurred during the compilation of a resource required to service this request. Please review the following specific error details and modify your source code appropriately.
Compiler Error Message: BC30451: ‘usersOU’ is not declared. It may be inaccessible due to its protection level.
Source Error:
Line 10:
Line 11:
Line 12: usersOU = “LDAP://OU=Users,DC=WELCH,DC=local”
I found the same problem as Niall, it’s a useless script if you actually divide users into organizations units, as AD was designed to do, because you can’t specify multiple organizational units. Who keeps all their users confined to the “Users” OU anymore? Not even good practice for most policy implementation.
What do we do about numbers that aren’t associated with an actual user. Like fax numbers, 800 numbers, helpdesk, etc.
Anyone know why half my phone numbers would come back as hyper-links?