Remote Access Permission

[Lance]

Is there an easy way to find all the users designated
as "Allow Access" in the Remote Access Permission property
of Windows 2000 Server (Active Directory)? We don't have
any group polices yet regarding this property and I want
to know all the users to currently have access.

Thanks!

 

[Matjaz Ladava [MVP]]

Run this query

Set objConnection = CreateObject("ADODB.Connection")
objConnection.Open "Provider=ADsDSOObject;"
Set objCommand = CreateObject("ADODB.Command")
objCommand.ActiveConnection = objConnection
Set objDSE = GetObject("LDAP://rootDSE")
objCommand.CommandText = "<LDAP://" & objDSE.Get("defaultNamingContext") &
">;(&(ObjectCategory=Person)(ObjectClass=user))" & _
";distinguishedname,msNPAllowdialin;subtree"
Set objRecordSet = objCommand.Execute

While Not objRecordset.EOF
if objRecordSet.Fields("msNPAllowDialin") = True then
WScript.Echo objRecordset.Fields("distinguishedname")
end if
objRecordset.MoveNext
Wend

objConnection.Close

This is of course, if you do not control dialin trough Remote access
policies.

--
Regards

Matjaz Ladava, MCSE (NT4 & 2000), Windows MVP
(e-mail address removed)
http://ladava.com

 

[Peter Busque]

Do a search in your domain, choose custom search. Click
on the advanced tab and paste this code in:

(&(objectCategory=person)(msNPAllowDialin=TRUE))