How can I use a script to check whether an Active Directory (AD) user or group exists?

A. The script below, which you can download heretakes as parameters a SAM account name, an object type (e.g., user or group), and a distinguished name (DN) to start searching for the object.

    
'Check that all arguments required have been passed.  If Wscript.Arguments.Count strObjectName = Wscript.Arguments(0)  strObjectType = Wscript.Arguments(1)  strRootSearch = Wscript.Arguments(2)    
Set objConnection = CreateObject("ADODB.Connection")  objConnection.Open "Provider=ADsDSOObject;"    
Set objCommand = CreateObject("ADODB.Command")  objCommand.ActiveConnection = objConnection    
objCommand.CommandText = _      ";(&(objectCategory=" & strObjectType & ")" & _      "(samAccountName=" & strObjectName & "));samAccountName,distinguishedName;subtree"    
Set objRecordSet = objCommand.Execute    
If objRecordset.RecordCount = 0 Then      WScript.Echo "sAMAccountName: " & strObjectName & " does not exist."      intReturnValue=0  Else      WScript.Echo strObjectName & " exists."      objRecordSet.MoveFirst      Wscript.Echo "Distinguished Name: " & objRecordSet.Fields("distinguishedName").Value      intReturnValue=1  End If    
objConnection.Close    

To use the script, just pass the name, type, and root to search, as the following two executions and output show:

  D:projectsVBScripts>cscript searchad.vbs john user dc=savilltech,dc=com    
john exists.  Distinguished Name: CN=John Savill,CN=Users,DC=savilltech,DC=com    
D:projectsVBScripts>cscript searchad.vbs johnnope user dc=savilltech,dc=com    
sAMAccountName: johnnope does not exist.  

The script also sets the %errorlevel% to 1 if the object is found or to 0 if it isn't found. You can then use the result in follow on scripts or logic. To view the results, use the command "echo %errorlevel%" after running the script.

Likewise, you could change the script to search by Common Name (CN) instead of samAccountName (or anything else that suits your needs) in the CommandText string. Additionally, if you entered a wildcard for the search and the script returns that the object exists, you could make a loop in case more than one match is found. The following code shows how to modify the script from the CommandText line down:

    
objCommand.CommandText = _      "<LDAP://" & strRootSearch & ">;(&(objectCategory=" & strObjectType & ")" & _      "(cn=" & strObjectName & "));sAMAccountName,cn,distinguishedName;subtree"    
Set objRecordSet = objCommand.Execute    
If objRecordset.RecordCount = 0 Then      WScript.Echo "sAMAccountName: " & strObjectName & " does not exist."      intReturnValue=0  Else      WScript.Echo strObjectName & " matched"      Do Until objRecordSet.EOF          Wscript.Echo "Name: " & objRecordSet.Fields("sAMAccountName").Value & " Distinguished Name: " & objRecordSet.Fields("distinguishedName").Value          objRecordSet.MoveNext      Loop      intReturnValue=1  End If    
objConnection.Close    
wscript.quit(intReturnValue)  

The following execution and output shows this in action:

  D:projectsVBScripts>cscript searchad.vbs b* user "ou=Justice League,dc=savilltech,dc=com"  

b* matched
Name: barry Distinguished Name: CN=Barry Allen,OU=Justice League,DC=savilltech,DC=com
Name: bruce Distinguished Name: CN=Bruce Wayne,OU=Justice League,DC=savilltech,DC=com

  D:projectsVBScripts>echo %errorlevel%