I've seen many companies that have someone maintain a document that acts a phone directory for the company (be it Word/Excel/PDF/web page). I always think that this is a slight waste of time, as we already have to maintain a user database (Usually Active Directory), which has attributes for office phone numbers, mobile numbers, fax numbers, email addresses, job titles, and even favourite drink.

If these are all populated and kept updated with information changes, we can easily automatically generate an 'always-current' phone directory with a little bit of scripting.

The first thing you'll want to decide upon, is exactly what data/attributes you'd like to list in the directory. In my example, I'll be listing givenName, sn, title, mail, telephonenumber, mobile and sAMAccountName. We can use any attributes from an Active Directory user object – You can view these by starting the 'Active Directory Users & Computers' MMC, ensuring 'Advanced Features' is enabled on the view menu, then opening the properties windows for a user, and moving to the attribute editor tab – You will then be able to see each attribute, and its value.

Active Directory user attributes

Active Directory user attributes

The next step is to find a web server on your network running IIS (It is possible to do it via Apache/PHP on Linux connecting via LDAP, but this example is using Classic ASP and VBScript.)

We will need to ensure that the role feature of 'ASP' is installed on your server – otherwise IIS will give us a MIME error instead of loading our page.

ASP role feature

ASP role feature

Create a new file in your web server’s root folder (Usually C:\Inetpub\wwwroot), called directory.asp, with the following content:

<%@ Language=VBScript  %>
<% response.Buffer = True %>
<title>Company directory</title>
<h1>Company Directory</h1>
' Define the AD OU that contains our users
usersOU = "LDAP://OU=Users,DC=Domain,DC=local"
' Make AD connection and run query
Set objCon = Server.CreateObject("ADODB.Connection")
objCon.provider ="ADsDSOObject"
objCon.Properties("User ID") = "DOMAIN\user"
objCon.Properties("Password") = "Pa$5w0rD!"
objCon.Properties("Encrypt Password") = TRUE
objCon.open "Active Directory Provider"
Set objCom = CreateObject("ADODB.Command")
Set objCom.ActiveConnection = objCon
objCom.CommandText ="select givenName,sn,title,mail,telephonenumber,mobile,sAMAccountName FROM '"+ usersOU +"' where sAMAccountname='*' ORDER by sAMAccountname"
Set objRS = objCom.Execute
' Loop over returned recordset and output HTML
Response.Write "<table>" + vbCrLf
Do While Not objRS.EOF Or objRS.BOF
	Response.Write "  <tr>"
	Response.Write "<td>" + objRS("givenName") + "</td>"
	Response.Write "<td>" + objRS("sn") + "</td>"
	Response.Write "<td>" + objRS("title") + "</td>"
	Response.Write "<td>" + objRS("mail") + "</td>"
	Response.Write "<td>" + objRS("telephonenumber") + "</td>"
	Response.Write "<td>" + objRS("mobile") + "</td>"
	Response.Write "<td>" + objRS("sAMAccountName") + "</td>"
	Response.Write "</tr>" + vbCrLf
Response.Write "</table>"
' Clean up
Set objRS = Nothing
Set objCon = Nothing
Set objCom = Nothing

There are a few parts in the above code that will need editing to suit your environment, these being the OU containing your users on line 10, then a username and password with read access to AD on lines 14 & 15.

You can also change the attributes I have decided to use – this will need doing in two places, firstly on the Active Directory query on line 25, then again in the HTML output section in lines 33-39.

The HTML I have used is very basic, but if you've got some artistic flare or have some web designers in your company, I'm sure you'll be able to create something that not only functions well, but looks great too!

I've used Classic ASP for my example, as we can do everything quickly in one file without worrying about Visual Studio. However, if you're comfortable with Visual Studio and ASP.NET, you can achieve the same result using the System.DirectoryServices classes.

  1. Dotan 10 years ago

    What a great script! I had it up and running in 5 minutes. Since we have users in several different OUs and we have some user objects that we do not wish to present in the directory, I copied the main section a couple of times and updated the base DN appropriately.

    My silly question is: How do I add another title between my sections (to represent the different office locations)? I tried copying the Company Directory line but it breaks the script.

  2. Rana Banerjee 10 years ago

    It did not work for me. I get the following error

    Source Error:

    Line 8: <%
    Line 9: ' Define the AD OU that contains our users
    Line 10: usersOU = "LDAP://OU=Users,DC=Domain,DC=local"
    Line 11: ' Make AD connection and run query
    Line 12: Set objCon = Server.CreateObject("ADODB.Connection")

    Source File: C:\inetpub\wwwroot\directory.aspx Line: 10

    PLZ help

  3. Dotan 10 years ago

    Rana – I am no scripting expert but I am noticing 2 things: Your Line 10 is the same as the base script that Geoff posted. You need to update that with the correct Base DN from your Active Directory installation. Geoff lists the steps how to do that. Very easy. Second thing that I see (might not be a problem) is that you saved your file as an ASPX (ASP .NET) instead of .ASP. If it does not break the script, you will, as a start, need to make sure that your IIS server has the ASP.NET feature enabled. I hope that helps.

  4. Niall 10 years ago

    Hi there..

    Pardon my ignorance … but I’ve created the asp file under wwwroot, but how do I get this to run? Do I just open it up in IE? When I do that it just opens up a blank page with the Directory heading … ASP is installed and file i’ve change the AD details to my AD naming

  5. Niall 10 years ago

    Hi there..

    Pardon my ignorance … but I’ve created the asp file under wwwroot, but how do I get this to run? Do I just open it up in IE? When I do that it just opens up a blank page with the Directory heading … ASP is installed and file i’ve change the AD details to my AD naming

  6. Dotan 10 years ago

    Niall – Since you got the directory heading that means that your IIS is running and that you are accessing the page just fine. Check the Base DN and credentials lines.

    usersOU = “LDAP://OU=Users,DC=Domain,DC=local”
    objCon.Properties(“User ID”) = “DOMAIN\user”
    objCon.Properties(“Password”) = “Pa$5w0rD!”

  7. Brian 10 years ago

    This is great! One quick question – if a field does not contain data, how can we get it to leave the cell blank? Currently, it is shifting all the data over one cell.

  8. niall 10 years ago

    Hi Dotan, thanks for the reply…

    for the username and password I’m using an internal domain admin account. For the Users .. I’ve got it pointing to LDAP://OU=Users,DC=abcd,DC=ad (‘ad’ being the last bit of our domain name)

    is this right?

  9. Dotan 10 years ago

    Looks good to me. The best way to find the correct DN for the OU is to get it from Active Directory’s Attribute Editor tab:
    1. Open Active Directory Users and Computers
    2. Check Advanced Features in the View menu
    3. Open Properties of the OU that you wish to use
    4. Switch to Attribute Editor tab
    5. Double click the Value of distinguishedName (likely the first line)
    6. CTRL + C and paste into the script

    From there, you just want to make sure that your credentials are correct.

    If all goes well, the report will be populated with info.

  10. NIall 10 years ago

    Thanks for that ..still not working .. curious ..

    I just realised anyway that I’ve got all our users split up with an OU per department .. so this script doesnt accommodate this as it assumes all users are in the Users OU.

    I’d imagine there’s some LDAP wizardry that can be done to get all users in all OU’s .. but that’s beyond my ability …

    Shame .. nice little script for a very handy feature ..

    Thanks anyway …

  11. Rana 10 years ago

    Hi Dotan, Many thanks for your reply, I tried different Ldap queries. but all came up with the same error. this possibly could be due the file extension too. I will change the extension to asp and try again…

  12. Nev 10 years ago

    Brian, I encountered the same problem. For some reason the Response.Write command doesn’t write anything (including the tags) if the field does not have any data. The only way I could work out to get around this was the split the lines up. e.g. this line..
    Response.Write “” + objRS(“mobile”) + “”
    .. split into three lines instead..
    Response.Write “”
    Response.Write objRS(“mobile”)
    Response.Write “”

  13. Nev 10 years ago

    My above comment had the tags stripped out of it. The first Response.Write line should have the opening td tag inside the quotes, and the last Response.Write line should have the closing td tag.

  14. Mike 10 years ago

    I am a little green on this stuff. I thought I followed your instructions carefully. I created the directory.asp file and edited line 10, 14 & 15. I put the file in the folder on the server. What steps do I do now to bring this up to see if it works?


  15. Edi 10 years ago

    I’m able to get the script to work, but it’s dispalying not only the “Users” but “Computers” as well.
    I assume that it has something to do with Line 10 of the script.
    Line 10: usersOU = “LDAP://OU=Users,DC=Domain,DC=local”

    Please advise on how to display only the “Users”

  16. Edi 10 years ago


    Nevermind. I managed to get it. Just add the parent OU before the child OU.
    Ex: Line 10: usersOU = “LDAP://OU=Users,OU=XXX,DC=Domain,DC=local”

  17. Mark 10 years ago

    Anyone managed to convert this or something similar into aspx asp.net) format? I’ve been struggling for days now as I’m more old school classic asp.

  18. Kiefer D. 9 years ago

    I get this error when compiling. No many web sources to reference for it.
    Server Error in ‘/’ Application.
    Compilation Error
    Description: An error occurred during the compilation of a resource required to service this request. Please review the following specific error details and modify your source code appropriately.

    Compiler Error Message: BC30451: ‘usersOU’ is not declared. It may be inaccessible due to its protection level.

    Source Error:

    Line 10:
    Line 11:
    Line 12: usersOU = “LDAP://OU=Users,DC=WELCH,DC=local”

  19. Todd S 8 years ago

    I found the same problem as Niall, it’s a useless script if you actually divide users into organizations units, as AD was designed to do, because you can’t specify multiple organizational units. Who keeps all their users confined to the “Users” OU anymore? Not even good practice for most policy implementation.

  20. HeyAdmin 8 years ago

    What do we do about numbers that aren’t associated with an actual user. Like fax numbers, 800 numbers, helpdesk, etc.

  21. Sean 5 years ago

    Anyone know why half my phone numbers would come back as hyper-links?

Leave a reply to Brian Click here to cancel the reply

Please enclose code in pre tags

Your email address will not be published. Required fields are marked *


© 4sysops 2006 - 2023


Please ask IT administration questions in the forums. Any other messages are welcome.


Log in with your credentials


Forgot your details?

Create Account