Thursday, November 27, 2008

Writing User Account Properties

Configures general attributes for a user account.

Set objUser = GetObject _
  ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
 
objUser.Put "userPrincipalName", "MyerKen@fabrikam.com"
objUser.Put "sAMAccountName", "MyerKen01"
objUser.Put "userWorkstations", "wks1,wks2,wks3"
 
objUser.SetInfo

This is a VB Script, this can be used by saving the file in .vbs file
Labels:

Writing User Account Address Attributes

Configures address-related attributes for a user account.

Set objUser = GetObject _
   ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com") 
 
objUser.Put "streetAddress", "Building 43" & _
  VbCrLf & "One Microsoft Way"
objUser.Put "l", "Redmond"
objUser.Put "st", "Washington"
objUser.Put "postalCode", "98053"
objUser.Put "c", "US"
objUser.Put "postOfficeBox", "2222"
   
objUser.SetInfo

This is a VB Script, this can be used by saving the file in .vbs file
Labels:

Using Flags to Enable a User Account

Uses the userAccountControl to enable a user account.

Const ADS_UF_ACCOUNTDISABLE = 2
 
Set objUser = GetObject _
  ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
intUAC = objUser.Get("userAccountControl")
 
If intUAC AND ADS_UF_ACCOUNTDISABLE Then
  objUser.Put "userAccountControl", intUAC XOR ADS_UF_ACCOUNTDISABLE
  objUser.SetInfo
End If

This is a VB Script, this can be used by saving the file in .vbs file
Labels:

Using Flags to Determine Account Status

Uses the userAccountControl to determine whether a user account is enabled or disabled.

Const ADS_UF_ACCOUNTDISABLE = 2
 
Set objUser = GetObject _
    ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
intUAC = objUser.Get("userAccountControl")
 
If intUAC AND ADS_UF_ACCOUNTDISABLE Then
    Wscript.echo "The account is disabled"
Else 
    Wscript.echo "The account is enabled"
End If

This is a VB Script, this can be used by saving the file in .vbs file
Labels:

Unlocking an Active Directory User Account

Unlocks the MyerKen Active Directory user account.

Set objUser = GetObject _
    ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.IsAccountLocked = False
objUser.SetInfo

This is a VB Script, this can be used by saving the file in .vbs file
Labels:

Setting the Primary Group for a User

Sets the primary group for the MyerKen Active Directory user account to MgmtUniversal.

Const ADS_PROPERTY_APPEND = 3
 
Set objUser = GetObject _
    ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
 
Set objGroup = GetObject _
    ("LDAP://cn=MgmtUniversal,ou=Management,dc=NA,dc=fabrikam,dc=com")
objGroup.GetInfoEx Array("primaryGroupToken"), 0
intPrimaryGroupToken = objGroup.Get("primaryGroupToken")
 
objGroup.PutEx ADS_PROPERTY_APPEND, _
   "member", Array("cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objGroup.SetInfo
objUser.Put "primaryGroupID", intPrimaryGroupToken
 
objUser.SetInfo

This is a VB Script, this can be used by saving the file in .vbs file
Labels:

Setting an Account Expiration Date

Configures a user account to expire on 3/30/2003.

Set objUser = GetObject _
  ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.AccountExpirationDate = "03/30/2003"
objUser.SetInfo

This is a VB Script, this can be used by saving the file in .vbs file
Labels:

Setting a User’s Password

Configures a new password for a user.

Set objUser = GetObject _
 ("LDAP://cn=MyerKen,ou=management,dc=fabrikam,dc=com")
objUser.SetPassword "i5A2sj*!"

This is a VB Script, this can be used by saving the file in .vbs file
Labels:

Setting a Password So It Never Expires

Configures the domain password for a user account to ensure that the password will never expire. 

Const ADS_UF_DONT_EXPIRE_PASSWD = &h10000
 
Set objUser = GetObject _
    ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
intUAC = objUser.Get("userAccountControl")
 
If ADS_UF_DONT_EXPIRE_PASSWD AND intUAC Then
    Wscript.Echo "Already enabled"
Else
    objUser.Put "userAccountControl", intUAC XOR _
        ADS_UF_DONT_EXPIRE_PASSWD
    objUser.SetInfo
    WScript.Echo "Password never expires is now enabled"
End If

This is a VB Script, this can be used by saving the file in .vbs file
Labels:

Searching for a User Account in Active Directory

Subroutine that searches Active Directory to see if a user account with the name testew already exists.

CheckForUser("testew")
Sub CheckForUser(samAccountName)
    dtStart = TimeValue(Now())
    strUserName = samAccountName
    Set objConnection = CreateObject("ADODB.Connection")
    objConnection.Open "Provider=ADsDSOObject;"
 
    Set objCommand = CreateObject("ADODB.Command")
    objCommand.ActiveConnection = objConnection
 
    objCommand.CommandText = _
        "<LDAP://dc=fabrikam,dc=com>;(&(objectCategory=User)" & _
            "(samAccountName=" & strUserName & "));samAccountName;subtree"
   
    Set objRecordSet = objCommand.Execute
 
    If objRecordset.RecordCount = 0 Then
        WScript.Echo "sAMAccountName: " & strUserName & " does not exist."
    Else
        WScript.Echo strUserName & " exists."
    End If
 
    objConnection.Close
    WScript.Echo "Script completed in " & _
        Second(TimeValue(now()) - dtStart) & _
            " second or less."
End Sub

This is a VB Script, this can be used by saving the file in .vbs file
Labels:

Retrieving User Telephone Properties

Retrieves user account attributes found on the Telephones page of the user account object in Active Directory users and Computers.

On Error Resume Next
Set objUser = GetObject _
  ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.GetInfo
 
strHomePhone = objUser.Get("homePhone")
strPager = objUser.Get("pager")
strMobile = objUser.Get("mobile")
strIpPhone = objUser.Get("ipPhone")
strInfo = objUser.Get("info")
strFacsimileTelephoneNumber = _
  objUser.Get("facsimileTelephoneNumber")
 
strOtherHomePhone = objUser.GetEx("otherHomePhone")
strOtherPager = objUser.GetEx("otherPager")
strOtherMobile = objUser.GetEx("otherMobile")
strOtherIpPhone = objUser.GetEx("otherIpPhone")
strOtherFacsimileTelephoneNumber = _
  objUser.GetEx("otherFacsimileTelephoneNumber")
 
WScript.echo "homePhone: " & strHomePhone
WScript.echo "pager: " & strPager
WScript.echo "mobile: " & strMobile
WScript.echo "ipPhone: " & strIpPhone
WScript.echo "info: " & strInfo
WScript.echo "facsimileTelephoneNumber: " & _
 strFacsimileTelephoneNumber
 
For Each strValue in strOtherHomePhone
  WScript.echo "otherHomePhone: " & strValue
Next
For Each strValue in strOtherPager
  WScript.echo "otherPager: " & strValue
Next
For Each strValue in strOtherMobile
  WScript.echo "otherMobile: " & strValue
Next
For Each strValue in strOtherIpPhone
  WScript.echo "otherIpPhone: " & strValue
Next
For Each strValue in strOtherFacsimileTelephoneNumber
  WScript.echo "otherFacsimileTelephoneNumber: " & strValue
Next

This is a VB Script, this can be used by saving the file in .vbs file
Labels:

Retrieving User Profile Properties

Retrieves user account attributes found on the Profile page of the user account object in Active Directory users and Computers.

On Error Resume Next
Set objUser = GetObject _
  ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.GetInfo
 
strProfilePath = objUser.Get("profilePath")
strScriptPath = objUser.Get("scriptPath")
strHomeDirectory = objUser.Get("homeDirectory")
strHomeDrive = objUser.Get("homeDrive")
 
WScript.echo "profilePath: " & strProfilePath
WScript.echo "scriptPath: " & strScriptPath
WScript.echo "homeDirectory: " & strHomeDirectory
WScript.echo "homeDrive: " & strHomeDrive

This is a VB Script, this can be used by saving the file in .vbs file
Labels:

Retrieving User Account Properties

Retrieves user account attributes found on the General Properties page of the user account object in Active Directory users and Computers.

On Error Resume Next
Set objUser = GetObject _
  ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.GetInfo
 
strGivenName = objUser.Get("givenName")
strInitials = objUser.Get("initials")
strSn = objUser.Get("sn")
strDisplayName = objUser.Get("displayName")
strPhysicalDeliveryOfficeName = _
  objUser.Get("physicalDeliveryOfficeName")
strTelephoneNumber = objUser.Get("telephoneNumber")
strMail = objUser.Get("mail")
strWwwHomePage = objUser.Get("wWWHomePage")  
 
strDescription = objUser.GetEx("description")
strOtherTelephone = objUser.GetEx("otherTelephone")
strUrl = objUser.GetEx("url")
 
WScript.echo "givenName: " & strGivenName
WScript.echo "initials: " & strInitials
WScript.echo "sn: " & strSn
WScript.echo "displayName: " & strDisplayName
WScript.echo "physicalDeliveryOfficeName: " & _
 strPhysicalDeliveryOfficeName
WScript.echo "telephoneNumber: " & strTelephoneNumber
WScript.echo "mail: " & strMail
WScript.echo "wWWHomePage: " & strWwwHomePage
 
For Each strValue in strDescription
  WScript.echo "description: " & strValue
Next
For Each strValue in strOtherTelephone
  WScript.echo "otherTelephone: " & strValue
Next
For Each strValue in strUrl
  WScript.echo "url: " & strValue
Next

This is a VB Script, this can be used by saving the file in .vbs file
Labels:

Retrieving User Account Address Attributes

Retrieves user account attributes found on the Address page of the user account object in Active Directory users and Computers.

On Error Resume Next
 
Set objUser = GetObject _
  ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.GetInfo
 
strStreetAddress = objUser.Get("streetAddress")
strPostOfficeBox = objUser.Get("postOfficeBox")
strLocalityName = objUser.Get("l")
strStreetName = objUser.Get("st")
strPostalCode = objUser.Get("postalCode")
strCountryName = objUser.Get("c")
 
WScript.Echo "streetAddress: " & strStreetAddress
WScript.Echo "postOfficeBox: " & strPostOfficeBox
WScript.Echo "l: " & strLocalityName
WScript.Echo "st: " & strStreetName
WScript.Echo "postalCode: " & strPostalCode
WScript.Echo "c: " & strCountryName

This is a VB Script, this can be used by saving the file in .vbs file
Labels:

Retrieving User Account Account Properties

Retrieves user account attributes found on the Account page of the user account object in Active Directory Users and Computers.

On Error Resume Next
Set objUser = GetObject _
  ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
objUser.GetInfo
 
strUserPrincipalName = objUser.Get("userPrincipalName")
strSAMAccountName = objUser.Get("sAMAccountName")
strUserWorkstations = objUser.Get("userWorkstations")
 
Set objDomain = GetObject("LDAP://dc=fabrikam,dc=com")
objDomain.GetInfoEx Array("dc"), 0
strDC = objDomain.Get("dc")
 
WScript.echo "userPrincipalName: " & strUserPrincipalName
WScript.echo "sAMAccountName: " & strSAMAccountName
WScript.echo "UserWorkstations: " & strUserWorkstations
WScript.echo "dc: " & strDC

This is a VB Script, this can be used by saving the file in .vbs file
Labels:

Retrieving the Password Change Attribute

Identifies whether or not a user is allowed to change their password.

Const ADS_ACETYPE_ACCESS_DENIED_OBJECT = &H6
Const CHANGE_PASSWORD_GUID  = _
 "{ab721a53-1e2f-11d0-9819-00aa0040529b}"
Set objUser = GetObject _
  ("LDAP://cn=myerken,ou=management,dc=fabrikam,dc=com")
Set objSD = objUser.Get("nTSecurityDescriptor")
Set objDACL = objSD.DiscretionaryAcl
For Each Ace In objDACL
  If ((Ace.AceType = ADS_ACETYPE_ACCESS_DENIED_OBJECT) And _
      (LCase(Ace.ObjectType) = CHANGE_PASSWORD_GUID)) Then
    blnEnabled = True
  End If
Next
If blnEnabled Then
  WScript.Echo "ADS_UF_PASSWD_CANT_CHANGE is enabled"
Else
  WScript.Echo "ADS_UF_PASSWD_CANT_CHANGE is disabled"
End If

This is a VB Script, this can be used by saving the file in .vbs file
Labels:

Retrieving Telephone Settings for a User Account

Displays all the telephone attribute values for the MyerKen Active Directory user account.

On Error Resume Next
Set objUser = GetObject _
    ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
 
strHomePhone = objUser.Get("homePhone")
strPager = objUser.Get("pager")
strMobile = objUser.Get("mobile")
strIpPhone = objUser.Get("ipPhone")
strInfo = objUser.Get("info")
strFacsimileTelephoneNumber = objUser.Get("facsimileTelephoneNumber")
 
arrOtherHomePhone = objUser.GetEx("otherHomePhone")
arrOtherPager = objUser.GetEx("otherPager")
arrOtherMobile = objUser.GetEx("otherMobile")
arrOtherIpPhone = objUser.GetEx("otherIpPhone")
arrOtherFacsimileTelephoneNumber = _
    objUser.GetEx("otherFacsimileTelephoneNumber")
 
WScript.Echo "homePhone: " & strHomePhone
WScript.Echo "pager: " & strPager
WScript.Echo "mobile: " & strMobile
WScript.Echo "ipPhone: " & strIpPhone
WScript.Echo "info: " & strInfo
WScript.Echo "facsimileTelephoneNumber: " & strFacsimileTelephoneNumber
 
WScript.Echo "otherHomePhone:"
For Each strValue in arrOtherHomePhone
    WScript.Echo strValue
Next
 
WScript.Echo "otherPager:"
For Each strValue in arrOtherPager
    WScript.Echo strValue
Next
 
WScript.Echo "otherMobile:"
For Each strValue in arrOtherMobile
    WScript.Echo strValue
Next
 
WScript.Echo "otherIpPhone:"
For Each strValue in arrOtherIpPhone
    WScript.Echo strValue
Next
 
WScript.Echo "otherFacsimileTelephoneNumber:"
For Each strValue in arrOtherFacsimileTelephoneNumber
    WScript.Echo strValue
Next

This is a VB Script, this can be used by saving the file in .vbs file
Labels:

Retrieving Published Certificates for a User Account

Retrieves a list of all the published certificates assigned to the MyerKen user account.

On Error Resume Next
Const E_ADS_PROPERTY_NOT_FOUND  = &h8000500D
Const ForWriting = 2
Const WshRunning = 0
 
Set objUser = GetObject _
    ("GC://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
objUser.GetInfoEx Array("userCertificate"), 0
arrUserCertificates = objUser.GetEx("userCertificate")
 
If Err.Number = E_ADS_PROPERTY_NOT_FOUND Then
    WScript.Echo "No assigned certificates"
    WScript.Quit
Else
    Set objShell = CreateObject("WScript.Shell")
    Set objFSO = CreateObject("Scripting.FileSystemObject")
    strPath = "." 
    intFileCounter = 0
 
    For Each arrUserCertificate in arrUserCertificates
        strFileName = "file" & intFileCounter
        strFullName = objFSO.BuildPath(strPath, strFileName)
        Set objFile = objFSO.OpenTextFile(strFullName, ForWriting, True)
        
        For i = 1 To LenB(arrUserCertificate)
            ReDim Preserve arrUserCertificatesChar(i - 1)
            arrUserCertificatesChar(i-1) = Hex(AscB(MidB(arrUserCertificate, i, 3)))
        Next
                
        intCounter=0
        For Each HexVal in arrUserCertificatesChar
            intCounter=intCounter + 1
            If Len(HexVal) = 1 Then 
                objFile.Write(0 & HexVal & " ")
            Else
                objFile.Write(HexVal & " ")
            End If
        Next
        objFile.Close
        Set objFile = Nothing
  
        Set objExecCmd1 = objShell.Exec _
            ("certutil -decodeHex " & strFileName & " " & strFileName & ".cer")
        Do While objExecCmd1.Status = WshRunning
            WScript.Sleep 100
        Loop
        Set objExecCmd1 = Nothing
 
        Set objExecCmd2 = objShell.Exec("certutil " & strFileName & ".cer")
        Set objStdOut = objExecCmd2.StdOut
        Set objExecCmd2 = Nothing
      
        WScript.Echo VbCrLf & "Certificate " & intFileCounter + 1
        While Not objStdOut.AtEndOfStream
            strLine = objStdOut.ReadLine
            If InStr(strLine, "Issuer:") Then
                WScript.Echo Trim(strLine)
                WScript.Echo vbTab & Trim(objStdOut.ReadLine)
            End If
            If InStr(strLine, "Subject:") Then
                Wscript.Echo Trim(strLine)
                WScript.Echo vbTab & Trim(objStdOut.ReadLine)
            End If
            If InStr(strLine, "NotAfter:") Then
                strLine = Trim(strLine)
                WScript.Echo "Expires:"
                Wscript.Echo vbTab & Mid(strLine, 11)
            End If
        Wend
 
        objFSO.DeleteFile(strFullName)
        objFSO.DeleteFile(strPath & "\" & strFileName & ".cer") 
  
        intFileCounter = intFileCounter + 1
    Next
End If

This is a VB Script, this can be used by saving the file in .vbs file
Labels:

Retrieving Organization Information for a User Account

Retrieves organization information (including a list of all direct reports) for the MyerKen user account in Active Directory.

 

On Error Resume Next
Set objUser = GetObject _
    ("LDAP://cn=MyerKen,ou=Management,dc=NA,dc=fabrikam,dc=com")
 
strTitle = objUser.Get("title")
strDepartment = objUser.Get("department")
strCompany = objUser.Get("company")
strManager = objUser.Get("manager")
 
arrDirectReports = objUser.GetEx("directReports")
 
WScript.echo "Title: " & strTitle
WScript.echo "Department: " & strDepartment
WScript.echo "Company: " & strCompany
WScript.echo "Manager: " & strManager
 
WScript.echo "Direct Reports:"
For Each strValue in arrDirectReports
    WScript.echo strValue
Next

This is a VB Script, this can be used by saving the file in .vbs file
Labels:
Subscribe to: Posts (Atom)