' Export a group from the connector space.
' Try to bind to each member in AD to confirm they exist.
' Use for troubleshooting dn-attributes-failure and cd-missing-object errors.
'
' Written by Carol Wapshere, 2008, www.wapshere.com
'
Option Explicit
Const MA_NAME = "AD_Groups"
Const CSEXPORT = "C:\Program Files\Microsoft Identity Integration Server\Bin\csexport.exe"
Const DC = dc.mydomain.com
Const ForReading = 1
Const ForWriting = 2
Const ForAppending = 8
Const UNICODE = -1
Dim strGroupDN, strXMLFileName, strXML, strUserDN, strCmd
Dim objFS, objXMLFile, objShell, objUser, objExec
Dim iStart
strXMLFileName = MA_NAME & ".xml"
If WScript.Arguments.Count <> 1 Then
 Usage
End If
strGroupDN = WScript.Arguments.Item(0)
wscript.echo ""
Set objFS = CreateObject("Scripting.FileSystemObject")
If objFS.FileExists(strXMLFileName) Then objFS.DeleteFile(strXMLFileName)
strCmd = CSEXPORT & " " & MA_NAME & " /f:d=" & chr(34) & strGroupDN & chr(34)
wscript.echo strcmd
Set objShell = CreateObject("WScript.Shell")
Set objExec = objShell.Exec(strCmd)
wscript.echo ""
wscript.echo "Exporting connector space object"
wscript.sleep 1000
Set objXMLFile = objFS.GetFile(strXMLFileName)
Do While objXMLFile.Size = 0
 wscript.echo "."
 wscript.sleep 1000
Loop
Set objXMLFile = objFS.OpenTextFile(strXMLFileName,ForReading,False,UNICODE)
strXML = objXMLFile.ReadAll
Do While InStr(strXML, "<dn>") > 0
 iStart = InStr(strXML, "<dn>") + Len("<dn>")
 strXML = Mid(strXML, iStart)
 strUserDN = Left(strXML, InStr(strXML, "</dn>") - 1)
 'wscript.echo strUserDN
ÂÂ
 'Try to bind to the User DN
 Set objUser = Nothing
 On Error Resume Next
   Set objUser = GetObject("LDAP://" & DC & "/" & strUserDN)
 On Error Goto 0
 If objUser is Nothing Then
   wscript.echo "User not found: " & strUserDN
 End If
Loop
ÂÂ
Sub Usage
 wscript.echo "Check groups members from the connector space of MA AD_Groups"
 wscript.echo "to confirm they exist in AD."
 wscript.echo ""
 Wscript.echo "Usage: cscript dn-missing.vbs groupDN"
 wscript.echo ""
 Wscript.Quit
End Sub